Php

Loading Ad Javascript with PHP

I serve ads on the Drudge Retort using Blogads, a great ad broker that occasionally has trouble serving the ads. When this happens, pages on the Retort load more slowly because they can't fetch a Javascript program and CSS stylesheet required by Blogads. I decided to fix this problem by writing Cache Remote File, a PHP script that performs three functions: Save a cached copy of a remote file Display the cached copy for 10 minutes before requesting the file again Display the cached copy when the ... (read more)

2008/03/01

Weblog Pinger Extended with MySQL Database

I've added a MySQL database to Weblog-Pinger, my weblog update notification class library for PHP, so that it can track ping attempts and keep from hitting the same server too often. Some notification services reject pings sent too frequently. When I was the king of pings for six months in 2005, Weblogs.Com rejected pings sent more frequently than once per half-hour. If you try to ping Ping-O-Matic too often today, you get the error message "Pinging too fast. Slow down cowboy. Please ping no ... (read more)

2007/09/19

Defending WordPress MU from Splog Abuse

Over the weekend most of my new WordPress MU weblog servers were hit by splogs -- spam blogs created by bots and filled with links to commercial sites. I added a WordPress hacker's unofficial patch that requires users to fill out a captcha to create a new blog. The patch modifies wp-signup.php and adds a new file, wp-valid.php that generates the captcha graphic using code from the Quick Captcha PHP script. The first two active blogs to spring up on these servers are Political Fretwork and the ... (read more)

2007/02/21

Detecting Weblog Spam with Comment Flak

Because I don't want to add captchas to Workbench, this weblog has been drowning in comment spam. Since I began accepting comments in September 2002, I've received 13,000 legitimate comments and 172,000 spam. I'm trying a new technique this week that makes spam easy to detect by putting a bunch of bogus text areas on a weblog form, hiding them with Cascading Style Sheets, and checking them for input when the comment is submitted. I call these fields comment flak. Spammers typically put their ... (read more)

2006/10/25

Adding Atom 1.0 Support to RSS Sites

I switched to Atom 1.0 on Workbench two months ago, a move that hasn't been as smooth as I'd like because of one popular aggregator that doesn't support the format. This site is created using Wordzilla, a LAMP-based weblog publishing tool that I've developed over the last year. Writing code to generate Atom feeds in PHP was extremely simple, since most of the code used to generate RSS feeds could be applied to the task. Atom uses a different format for date-time values than RSS, so I had to ... (read more)

2006/05/27

Settlement Reached with Dave Winer

I've reached an agreement with Dave Winer regarding the Share Your OPML web application. I destroyed his original code and user data along with everything that was built from it and gave up my claim to a one-third stake in feeds.scripting.com. He gave up the claim that he's owed $5,000. I originally hoped one of us would buy the other out and launch the application, but we found a much stronger basis for agreement in a mutual desire to stop working together as quickly as possible. If Share Your ... (read more)

2006/05/02

Tracking Click Pings with PHP/MySQL

Earlier this week, Mozilla Firefox developer Darin Fisher announced that test builds of the browser include support for click pings, an experimental new HTML feature that makes it easier for web sites to track clicks on outgoing links: I'm sure this may raise some eye-brows among privacy conscious folks, but please know that this change is being considered with the utmost regard for user privacy. The point of this feature is to enable link tracking mechanisms commonly employed on the web to get ... (read more)

2006/01/20

Spammer Messes with My Headers

A few weeks ago, I mistakenly believed that I had closed a PHP mail form vulnerability that let spammers use my web server to send mail. Another batch of penis enlargement and phentermine pitches were sent through my server last night, which I discovered when "rejected bulk e-mail" bounces found their way to me. A spammer exploited a mail script I had written that coded the recipient address like this: $recipient = "info@ekzemplo.com"; I thought the script was secure because users couldn't ... (read more)

2005/12/07

UserLand Frees Up Manila Servers

UserLand Software is discontinuing free Manila hosting, as I discovered last week when one of their users sought refuge on Buzzword.Com. Edit This Page shut free service on Dec. 1 and ManilaSites will do the same Dec. 31. I can offer free hosting on Buzzword, but webloggers who are committed to publishing with Manila should be advised that I'm migrating the server to new software by May 1, 2006. A better long-term option for those folks is to subscribe to Weblogger.Com or UserLand. (As an ... (read more)

2005/12/05

Closing a PHP Mail Form Vulnerability

I wrote a PHP script that accepts e-mail from web site visitors using a feedback form. The script works with different sites, routing mail to the right inbox with a hidden field on the form: The who field doesn't specify an e-mail address, because that would be easy pickings for spammers. They crawl the web looking for e-mail scripts that can be configured to send e-mail to any recipient they specify. Instead, my script was written to send mail only to accounts on my server: $recipient = ... (read more)

2005/11/19

Read More Entries

Microsoft Bob icon

Rogers Cadenhead

Social Media

Mastodon

Mastodon

Subscriptions

Workbench RSS feed RSS Feed

Blogroll

Projects

Statistics

Line drawing of cowboy on horse

This blog has been published since Nov. 7, 1999 (a span of 8,927 days).

Thank you for visiting Workbench.

Drawing of an owl with glasses reading a book