Looking for a replacement to your current spam filtering system ? then i’d suggest you to try Defensio Spam Filtering Solution (free of course unless you get more than 50K comments per month)

Okay … i assume that you’ve installed another spam filtering system like Akismet, or Akismet in conjunction with Spam Karma that behave exactly like Defensio (a centralized spam filtering solution except for Spam Karma of course), so what’s the point to switch into another spam filtering solution if you ask me ?

The answer is easy, Defensio has better management interface so you can easily distinguish spam comments and innocent comments that is caught by your spam filtering solution, so you can restore those comment easily if there are innocent comments get caught by Defensio. And like most (if not everyone) knows that there are no spam filtering solution that gives you 100% accurate result (heck even GMail spam filtering mark message sent from WP mailing list as spam) so in the end it’s up to the users itself to mark the message manually, and in this case Defensio gives you a good user interface so you can manage your spam list

(you can sort by spaminess, post date or comment date)

But what if i already use another spam filtering solution that has good management interface (Spam Karma for example) ? well than the answer is depend on your decision, but if it’s for me … i prefer a centralized solution / remotely hosted solution that doesn’t take up any unnecessary server resources especially in this case

Other than that, Defensio also gives you two rss feeds (one for spam comment that get caught by Defensio, and the other one is for innocent comment) that you can check via your favorite rss reader … but since that is private, i can’t show you on how it look like

That’s all about their positive points, and now here comes their negative point :

• I sometime get a small number (usually between 1 – 6) of comments in my moderation area that Defensio can’t process (most of them were spam), although i’m not sure on why this is happening but after reading their post i can assume that probably their server was down or something. But thanks God because of the process button … i can process all of them easily …
• You’ll need to train it first (which is true especially on your very first day of using Defensio) in order to get optimal result … or at least that is based on my experience

And that’s it basically about their negative point, but as a side note, when i first activated their plugin i get an error message saying that Defensio can’t be activated because they use short open tags at one of the file, although this can be fixed easily but i’m not sure if casual users who use shared hosting and using strict php configuration (that is defined by their host) can fixed this (for most people first impression does matter) ;)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 5 comments

0x87485B96 | Tags : Webmaster Tools, Wordpress

For the past few days i’ve seen various support topics at Wordpress.org support forums and it’s all thanks to the new release of Wordpress 2.3 that introduces new database schema changes (and that’s why most of the questions asked is related to the database error message)

While personally i do not have any problems when upgrading Wordpress, but i thought it’d be best to share these tips especially to those who want the easiest way to upgrade their wordpress installation even when you’re going to upgrade to another major version (such as from 2.0 to 2.1, 2.2 to 2.3, etc)

And here are the tips :

1. Know how to backup and restore your wordpress database by yourself and don’t depend to someone else to do it for you. Because if you know how backup and restoring your wordpress database you can always revert to your previous installation just in case the upgrade process failed. You can read Lorelle’s post about this process

2. The less plugins you’ve installed, the more easier for you to upgrade. While this is not really a big deal to those who know what they’re doing (read: tech savvy users), but for most people it’d be best for you to install plugin that you think best for you and you feel necessary to install that plugin. A good example of this is, i think most people know that back then Wordpress (before 2.3) doesn’t have the Tag features built-in into the Wordpress core, and in order to get that features most people use a plugin in order to satisfy their need to use tags on their blog … and the next thing that could happen to your blog is just like what Everton from Connected Internet just experienced on his test blog (but i’m sure that he can handle that problem later)

The most worrying aspect of my test WordPress 2.3 upgrade, was that my categories disappeared from my sidebar. Has anybody else had any upgrade problems? I think I’m definitely going to stay on 2.2 for a while, at least until the tagging functionality improves.

3. Use only simple themes, that doesn’t need to be upgraded even when you’re going to upgrade your wordpress installation. A good example of this is the Wordpress K2 Theme (i don’t mean any offense though). While K2 is a good theme, but i often read that many people keep having problem with it, from performance problems, or they just simply having issue when they just upgrade their Wordpress installation to another major upgrade

4. Always keep KISS Principle in mind ;)

Basically if you keep things simple, you don’t need to worry about anything when upgrading your Wordpress, so point #4 is the most important thing of all

Note : The above point is of course can be considered as not a big deal especially to the tech savvy users

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 2 comments

0x87485B96 | Tags : Guide, Wordpress

This is the very first time i need to use a temporary server maintenance page, previously when i upgrade wordpress (even to major release such as this one) … there’s no need for me to redirect this site visitors to a temporary page saying that this server is under maintenance, but this time the situation is different

And that’s because i do not want my visitors to see lots of beautiful MySQL error message when viewing every page of this site (i’m quite sure you feel the same way too) because of the recent database schema changes in Wordpress 2.3, but … how to do that ? if you ask me …

The answer is simple, as long as you have access to edit your .htaccess file (some web hosting company doesn’t allow you to edit the .htaccess file, and that’s why i said so) :)

And here are the complete instruction :

1. Create a new html page saying that this site under maintenance or anything you like :) , and save it as maintenance.html (this is just an example, feel free to use another filename)

2. Edit your .htaccess file in your root public_html directory

and add these lines :

RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.0
RewriteCond %{REQUEST_URI} !/maintenance.html$ [NC]
RewriteRule .* /maintenance.html [R,L]

Note : Replace 123\.456\.789\.0 with your own ip address

And here are the description about what the above line does :

1. The first RewriteCond is used so that you can still access your site, by detecting your ip address
2. The second RewriteCond is used so that every request to maintenance.html file will not be redirected, this is used to prevent infinite redirect loop
3. The third RewriteCond is used so that others that is trying to access your site in any page will be redirected automatically to your maintenance.html page using temporary redirect so that search engine robot will check again later

3. Now you just need to upload the above file into your public_html directory and continue the upgrade process

But what if you’ve finished upgrading your wordpress, and you want your visitors will able to view your site again ?

Simple … you just need to remove the above .htaccess rules, and to make sure that your site visitors will be automatically redirected to your main page, you can add below line to your .htaccess file

Redirect 301 /maintenance.html http://www.yourdomain.com

And you’re done :)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 2 comments

0x87485B96 | Tags : Apache, Guide, Wordpress

I just don’t understand … how come i’m as the owner of this blog / website get marked as spam whenever i tried to reply to the comment(s) posted by this site visitors …

Another case is … when i'm trying to test posting a comment to my own local server which is obviously can’t be accessed by anyone, by simply using Test as nickname, with test@test.com as it’s email address and http://test.com as the url address .. it’s still being marked as spam ! and with 192.168.3.1 as it’s ip address !

At first i thought that the ip address that i'm currently using (i'm on dynamic ip address) already marked as spammers ip by akismet, but if local ip address gets marked as spam, i’m sure there’s something more to it (like user agent detection, referer, etc)

I know that you can mark yourself as not spam, so that Akismet can learn to fix it’s mistake … but perhaps it’d be better if Akismet check if the user already logged-in or has administrative privilege and automatically bypassing the spam checking mechanism for that user

Perhaps … it’s just me … but after getting marked as spam and need to unmark myself for about 4 – 5 times today, and that’s not including yesterday … i feel kinda bored about it … beside when i gets marked as spam, i didn’t put any links on my comment

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 6 comments

0x87485B96 | Tags : Opinion, Personal, Wordpress

I guess most of you already heard that Wordpress is going to have another major release which is Wordpress 2.3, and so that’s why yesterday i’ve decided to try out the Release Candidate 1 of Wordpress 2.3 / Wordpress 2.3 RC1 that’s just released yesterday (19 September 2007) .. because i want a smooth transition when upgrading into Wordpress 2.3 when the final version gets released to the public … and it’s all thanks to the new database schema changes

The first thing i noticed when opening my local test server is … i get various MySQL related error message which is basically saying that some table can’t be found (obviously) because of the recent database schema changes. And of course the next step would be running the upgrade script in order to fix that error message (simple isn’t it ?) … and everything seems to be okay again, i didn’t see any mysql error message get displayed on my test server … which is quite strange (at least for me)

Based from what i’ve read so far from Spencerp.net, Wordpress 2.3 are going to drop some of tables that’s used previously like post2cat, link2cat as example. Beside i confirmed this myself because after upgrading to 2.3 RC1 i didn’t see those tables listed in the database. And from what i’ve read that any plugins that use those tables are going to fail, and in my case i’m using one plugin that’s using post2cat and that’s the Wordpress Category Tagging plugin and listed as incompatible with Wordpress 2.3 from the Wordpress 2.3 Plugin Compatibility page

But … in my case … i didn’t see any problem or whatsoever, because it works just fine :(

Well … i guess it’d be better for me to wait for the Final version of Wordpress 2.3

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Journal, Wordpress

I just found out this nice plugin yesterday that is made by Neosmart. Basically what this plugin do is cloning the Wordpress Object Cache function with the only differences if the actual Wordpress object cache store it’s data as file on the harddisk, this plugin make it’s possible to store the object cache data in the memory

The plugin itself comes in two flavours, the first flavour is to those who’s using XCache as their opcode caching solution, while the second flavour is to those who’s using eAccelerator as their PHP Opcode caching solution

And if you read the above paragraph carefully, you’ll see that this plugin need XCache or eAccelerator in order for it to works, which mean that if your site hosted on shared hosting that doesn’t allow you to install PHP Opcode cache program, you can only use the normal wordpress object cache (i’m using this before when hosted at Hostgator shared hosting)

The installation process itself is really easy, you just need to upload the object-cache.php file in your wp-content directory, adjust your php configuration and then restart your webserver process and you’re done

But how do you know if this plugin really works ?

The simple way to do this is by installing the Wordpress Cache Inspect Plugin, and then go back to your homepage (in logged in status), and you’ll see some random numbers under the loaded data

So … if you’re looking to optimize your wordpress blog even more, you should try this plugin … or you can also read my previous guide on speeding up your wordpress blog via the normal way

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 3 comments

0x87485B96 | Tags : PHP, Wordpress

Wordpress 2.2.3 has been released, and like it’s previous release, this new wordpress 2.2.3 contain security and bug fixes for the previous wordpress 2.2.2

Here’s some excerpt from the Official Wordpress Dev Blog

2.2.3 is a security and bug-fix release for the 2.2 series. Since this is a security release, we suggest you upgrade immediately. Two of the fixes are high priority.

You can see the bugs fixed for this release from here, and to those who’s prefer to upgrade only changed files from Wordpress 2.2.3, you can see the changed file list from here

Or if you just want to get the changed files in zip version, you can get it from Viper007Bond site

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Open Source, Wordpress

It’s been a while since the last time i wrote tips or whatever you called it :P … so i decided to write some tips on how to hardening your wordpress installation. As as you already guessed, this tips might be useful if you’re using Wordpress as your platform (blog, etc)

But first as a reminder, this is not a perfect way to secure your wordpress installation (because of various reasons / factors), but at least it’s going to harden your wordpress installation

And as a note, this is tested only on Apache Web server, and you’re allowed to override the configurations using .htaccess file and lastly … you need to have mod rewrite installed and activated (don’t worry if you can use Custom Permalinks that mean you’ve mod rewrite enabled on your hosting / server)

Okay without further ado … here are the tips :

1. Disable Directory Indexing

By disabling directory indexing, you can prevent people seeing through your directory structure

Step to Disable it :

Create or edit .htaccess file on your public_html directory and add this into your htaccess :

Options -Indexes

2. Removing Wordpress version number

Some people think that hiding your wordpress version number is not necessary, so feel free if you want to implement it or not

Step to Remove it :

Remove this line from the header.php file of your currently used theme :

<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" />

also if you’re feeling a little bit adventurous, you can also remove the generator line from wp-includes/feed-*.php. Because by default wordpress is going to show your wordpress version number from your blog feed

3. Protecting WP-Admin Directory

In this example i’m going to tell you how to protect your wp-admin directory by checking your IP Address (it can be used even on dynamic ip address)

Step to Protect it :

3.1 If you’re using Static IP Address

Create new .htaccess file inside your wp-admin directory and add these lines into the newly created .htaccess file


<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.0
RewriteRule .* http://www.domain.com/ [R,L]
</IfModule>


3.2 If you’re using Dynamic IP Address

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^123\.456\.
RewriteRule .* http://www.domain.com/ [R,L]
</IfModule>

What the above configuration does, is checking your IP Address first to see if you’re allowed to any file inside the wp-admin directory or not and if you’re not allowed to view it, you’ll be redirected automatically to specified address (you can use any address) by using 302 Found Header (Temporarily Moved)

As a side note, if you want the easiest way to password protect your wp-admin directory you can use this plugin by askapache or if you prefer to do it using the manual way … you can check blogsecurity website

4. Protecting wp-login.php and wp-register.php or any file you choose

Now you’ve protected your admin directory … but there’s one more step to do, especially if you’re the only person on your blog and also disabling user registration.

So this time we’re going to protect wp-login.php and wp-register.php, and here are the step to protect it :

Step to do it :

– Open the .htaccess file on the root of your public_html directory and choose which method that you like

4.1 Deny Access to wp-login.php by showing forbidden message


<Files wp-login.php>
Order deny,allow
Deny from All
Allow from 123.456.789.0
</Files>


4.2 Deny Access to wp-login.php by redirecting it to the specified address :


<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_URI} wp-login.php
RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.0
RewriteRule .* http://www.domain.com/ [R,L]
</IfModule>


As a note, you can also use Dynamic IP Address just like on Protecting WP-Admin Directory Method

That’s it … you’re done … hope this small wordpress tips can be useful for you

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 8 comments

0x87485B96 | Tags : Apache, Guide, Linux, Wordpress

Another Wordpress Upgrade time to those who’s using Wordpress as their blogging platform or using Wordpress platform for something else

This new release mainly fix security related issue and several bugs. Of course when it comes to security release it’d be best for you to upgrade your Wordpress powered platform as soon as possible

And here’s some link, just in case you’re interested on looking what has been fixed with this new release :

• Bugs fixed for Wordpress 2.2 Series => Click Here
• Bugs fixed for Wordpress 2.0 Series => Click Here

So it's better to upgrade it asap ;)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Open Source, PHP, Wordpress

Yep … wordpress 2.2.1 finally available for download, and this time it fixes several important issue related to security and of course a lot of bug fixes (can be seen from here)

Well … if bug fixes is still not enough for you to perform the upgrade on your wordpress installation immediately, then you should try to read this (it’s really serious especially if you have user registration enabled) also this issue :

• Remote shell injection in PHPMailer
• Unescaped attribute in default theme

so the conclusion is … upgrade your wordpress blog immediately especially to those who’s using wordpress 2.2 series ;)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 3 comments

0x87485B96 | Tags : Open Source, PHP, Software, Wordpress

Wordpress 2.2 has been released today, and like most of you already know that everytime Wordpress released a new version especially major version that means there’re various changes into it such as new features, bugfixes and so on …

And here’s what new in Wordpress 2.2 :

• Improved comment editing
• Widgets (no longer a plugin but available under Presentation tab)
• Deactivate Plugins automatically (activate automatically not in yet)
• New Blogger Import
• Fewer clicks and better user experience for upgrades
• Improved login accessibility
• Improved UI when deleting Drafts
• Improved clarity regarding "Spam it:" and "Delete it:" in comment notification e-mails

Just like before, i downloaded the tarball release into my computer and tested it right away locally to make sure the currently used plugins, theme, etc are compatible with the new release before deployed it into my site. After tested it for a while and did not see any problem (no error, no incompatible plugins, etc), i decided to apply small changes i have made previously to this new release and then begin another test to make sure it is still okay … and so on

And the final result is … well … you can see it by yourself when you see this post

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Blog, Journal, Website, Wordpress

Time for another wordpress upgrade, because right now there’s another update to the Wordpress 2.1.x series and 2.0.x series. And this update file contains security update from several publicly known XSS vulnerabilities and one major XMLRPC issue. Here’s what Matt said about this releases :

These releases include fixes for several publicly known minor XSS issues, one major XML-RPC issue, and a proactive full sweep of the WordPress codebase to protect against future problems

And the conclusion is you’d better upgrade your wordpress installation as soon as possible to prevent issue on your wordpress installation

As an addition i’ve upgraded several blogs managed by myself to the latest wordpress version available for download without problem at all :)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 2 comments

0x87485B96 | Tags : Internet, Network and Security, PHP, Software, Wordpress

It’s been a while since the first time i used the Google translation service to automatically translate this blog into other language. But now .. after upgrading into Wordpress 2.1.3 RC-1 .. i find that the famous Global Translation plugin from Nothing2Hide is no longer worked as it should because it always want to automatically translate the blog base url using the Google translation tool

Other than that before upgrading into the Wordpress 2.1.3 the translation tool also did not work because it always gives me 403 forbidden error message from Google (yup .. google ban automatic use of their translation service via scripting, etc especially if you have lots of pages and are frequently accessed .. and Googlebot or other search engine bot access also counted)

But if you’re sure that you do not have a lot of pages on your site, then you do not have to worry about your server ip address getting banned from the Google Translation service because of it

As a side note, i also used the Google Automatic URL removal to remove the indexed translation page as soon as possible .. so there won’t be any visitors getting lots of 404 error messages when they came from search engine (but so far there’s no one came to this site from the translated address of this blog)

Now the only thing left for me is .. well .. fill the top bar previously used by the translation images into something else :D

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Google, Journal, Personal, Website, Wordpress

It seems there’s another update for Wordpress 2.1.x users, unfortunately this time is a serious upgrade. Because the Wordpress 2.1.1 files has been tampered by unknown person. Here’s the story :

This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.

It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution. – Full Story

As always .. if there’s a wordpress update. I always check the Mark Jaquith site first to see if he is already released the small upgrade pack files for wordpress or not (this is really handy to those who’s using slow connection like myself for an example) .. but this time .. he’s not releasing the small upgrade pack :P (by the look of this post) ..

Anyway if you’re using Wordpress 2.1.1 whether you get it from the first release of 2.1.1 or not .. you should upgrade your wordpress installation into 2.1.2 because it’s already contain another fix for the recent XSS vulnerabilities on WP 2.1.1 (Ticket #3789) and some other fix as well (Ticket #3759)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | One comment

0x87485B96 | Tags : Internet, Network and Security, PHP, Website, Wordpress

I found this from SecFocus website regarding the XSS problem on Wordpress 2.1.1 (0day) yesterday .. and this new xss exploit works on version 2.1.1 .. (i’ve already tested it on my local server) – Link (SecFocus) / Link 2 (Secunia) and here’s what it said :

Samenspender has discovered a vulnerability in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "post" parameter in wp-admin/post.php (when "action" is set to "delete") is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires that the target user is logged in as administrator.

The vulnerability is confirmed in version 2.1.1. Other versions may also be affected.

And today, i read another possible script injection attack on wordpress <= 2.1.1 based blogging platform discovered by Stefan Friedli – Link

The only solution i’ve found so far to prevent / reduce the damage of this attack is by protecting your wordpress admin directory using .htaccess or you can also use mod_security if it’s installed on your webserver

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 3 comments

0x87485B96 | Tags : Apache, Network and Security, PHP, Website, Wordpress