After the last hack on Will and Beyond, I have given in, and abandoned my own code. It was a sad decision, giving up all of the hard work it took to create the code, but learning the PHP was fun, so it wasn’t a waste by any means. Obviously I’m not a real programmer, and I don’t have the time or ambition to learn much on coding security.
My “security” consisted of just verifying someone had a certain cookie in order to get into the backend I created, which people have fun toying with from time to time. Every now and then, someone would poke in there, but luckily I was able to go into my host’s panel and restore the database. I could have done it again, but they’ve won, it wasn’t worth my time anymore.
Luckily, I stored all of my posts and such in a database I made, and I was able to figure out how to get that into a format to import into WordPress, so here we are. This is just a standard theme for now; at some point in time I’ll probably play with it a bit, but it will do for now.
Anyone who is subscribed via RSS is probably getting a barrage of all of the new posts now that they’re in WordPress. Sorry, but couldn’t think of a way around that.
WordPress works quite well
But it doesn’t feel like mine…
Damn hackers, you win
I hope you’re having fun. Not to disappoint you, but you’re not the first. I’m aware this site is easily hackable, I’ve written all of the code by hand, and I’m no expert in security. I really know next to nothing about how to hack-proof the site.
I’m also not going to try; I play with the code for this site when I have the free time and feel compelled to. Those two things rarely coincide; graduate school seems to take up quite a bit of time. You’re welcome to keep messing with Will and Beyond, and for a while, I’ll keep putting forth efforts to restore it. At some point, one of us will get bored and give up. Hopefully, it will be you, as I enjoy having this, but if you really feel this devoted, you’ll probably win out.
That’s it, toodles for now. For everyone else, you’ve probably seen the couple posts left recently, if not, here are the screenshots:
Hugs and kisses,
Kind of amusing
A little bit frustrating
But who will bore first?
It’s been a while since I actually touched any of the Will and Beyond code. A bit over two years maybe? I’ve probably done some stuff here and there, but nothing I’ve mentioned in a post, so who knows. I never think to take a screenshot before I do stuff, but luckily there’s the Internet Archive Wayback Machine. Here’s what it was on January 4th, 2010:
Here’s that same page now; can you spot all the differences? There are other various changes I made elsewhere, but the bulk of it is visible there.
I’d put up some older shots from previous versions, but they don’t look right, some issue with rendering the CSS; hopefully it wasn’t an issue displaying it back then too. I glanced at my current changes with Browsershots and it seems to render pretty well.
CSS is fun
Firebug makes this so easy
Prettier now, yes?
I saw that Emily had her status as: “i love that someone found my blog by searching for “irish breakfast tacos.” are those a real thing? i’m imagining refried beans in a beer pancake.” This inspired me to glance at my stats and see if there were any entertaining ones. With no further ado:
23 cheese ramen
21 melting pennies
14 egg ramen
13 coffee flowchart
8 curry ramen
7 asian porn
5 futon ikea
4 flow chart of milk
4 chili ramen
3 weiner dog
3 pissed at the beach
3 i want coffee
2 monkeys are awsome
2 monkeys are awesome
2 nathan’s frog legs
2 mouse tumor
1 lists of weird food combos
1 barack obama combo breaker
1 some guy falcon punching george bush
1 will boucher
1 chemists are new drug dealers
1 cake vs pie bracket
1 what fuck is the plot of 2001 space odyssey
1 five guys challenge
1 wallpaper climbing adventture
This is definitely just a selection of the more random entertaining ones. My favorites are in bold. I can figure out where most of those came from, but as far as I know I don’t host much asian porn.
Also, a few results from people clearly trying to use Google to hack my site: (grr…)
1 site:willandbeyond.com php?
1 willandbeyond.com shell
1 hacked by n!ghtm4re
Monkeys are awesome.
I want to meet this searcher
Most comment spam I get is just for porn and pharmaceuticals, but sometimes there are entertaining bits of text attached with them to try and fool my spam filter.
Some spammers are weird
That makes it entertaining
Those crazy Russians
I mentioned before that I would be switching over to Flickr for my photos. So far, in my photo-focused posts, I’ve just been posting highlight photos, then linking over to the appropriate Flickr set. It works, but it’s not a perfect solution.
After some tweaking, it is now implemented here on Will and Beyond! Scroll down to the bottom of the following posts and you’ll see the new galleries:
Also, you can only see this by clicking on links to actual posts, not just by browing through the front page, or with RSS.
If you compare this to the demo on Ennui Design, you’ll notice some differences. Some are very subtle, but the major changes are the use of medium thumbnails instead of small, and as a result only two images are displayed at once. It’s not perfect; it doesn’t handle vertical images that well, but it definitely does the job.
I’m including my “Oddballs” Flickr set, pictures that don’t have a set, below so you can see how it works without having to click on one of those other pages.
Coding this was fun
Not coded much recently
So yay for Flickr
I still haven’t dealt with the comment problem I’m having. I’ll get to that this week hopefully. In the meantime, I’ve just been dealing with everything manually.
In about 84 hours, Will and Beyond received 688 comments. One of them was actually not spam, and I caught that one. What types of comments are these? Here’s a Wordle of their content:
Look at all the spam
Anything ‘stand out’ to you?
Wow, I’m so mature
Some of you might have noticed that commenting on my posts has been a little screwy recently; allow me to explain.
Prior, my system worked well; it works as follows. A comment is posted by someone, and it appears instantly. It then appears on my control panel, and I can flag it to keep or delete. Once I manually approve the comment, that’s when any notifications go through. Or, I can add a spam string to my list of filters. When I do this, I add a string such as one of the following:
- email invitation virus
- find cheap hotel
- free blonde video clip
- free gay asian porn
(Hmm I wonder how many visitors will arrive due to those search terms appearing on this page…)
Then, all comments which haven’t been flagged as approved, as well as all comments posted in the future are scanned against my list of spam strings. If a comment finds a match it’s automatically deleted.
At some point, something went wrong, and all posts were being marked as spam and were being deleted. I’ve temporarily disabled spam filtering, but this requires going through hundreds of spam comments a day, checking if any real comments have been posted. This is tedious, and usually disappointing, since not many comments are really posted.
As a result, I need to revamp the system. My plan to improve the system involves three steps:
1) I’ll rewrite the code which checks for string matches. I’m not sure what went wrong, but I’ll take another stab at it.
2) Instead of having comments be deleted, I’ll have them flagged as spam; they won’t appear on the site, but they’ll still be in my database ’til I approve their deletion.
3) Once I approve a comment, the email address of that commenter will be logged, and any future comments posted with that email address will be approved, and won’t be subject to the spam filter.
I’ll get to that sometime, maybe this week, maybe not. If anyone has any other suggestions for developing this system, let me know. And nobody dare suggest using captchas; I hate Captchas.
PHP is fun
But comment spam is not fun
Let the fight begin