Author Archives: Mark Headrick

Making Block-Spam-By-Math work better for you

Leave a reply

This is a follow-up to the post I made a couple days ago about upgrading to WordPress 3.0 and looking for a new spam protection plugin that asked to solve a math problem. The one I chose was Block-Spam-By-Math because it seemed to work out of the box. Well, since then, I’ve learned that the plugin, as is, is not all it’s cracked up to be. I was still receiving numerous spam comments (which Akismet did catch). Due to the content of the comments, I could tell that these were automated or done by bots most likely and not humans. I, of course, understand that no plugin like this is going to stop an actual human hired to or set upon spamming blogs and galleries.

After examining how this plugin worked, it became rather obvious that it was pretty much useless. The plugin always performs addition and the two numbers to be added are there in the form with very recognizable field names and, well, it does have “X + Y” within the form text. A bot that knows how this plugin works and the field names it uses could easily parse the form’s contents to get the two numbers, add them together, and then supply the answer using an obviously known POST variable name. In fact, because the plugin adds the numbers that are submitted to it by the form, the bots can simply supply their own arguments for the plugin to use. All it has to do is use the correct POST field names. Since this is an established plugin on the WordPress site, I’m sure the blog spammers have learned to expect this plugin to be in use on WordPress blogs and have written their code to effectively get around it.

The solution that I wanted to use, which I do with my guest book on my main website, is to store the answer and/or the arguments on the server, such as in a session variable because these values are only known to the scripts running on the server; however, the way the plugin is written (or WordPress itself), the function that sets up the form is some how executed more than once when viewing a post thereby causing the values to change from what is presented on the form itself. Maybe it’s related to this theme’s possibility of having nested comments. This may explain why they perform the math on the values sent in by the form itself. So, what I did was to simply change the field names that it used to some random things I thought of to throw the bot’s parsing or string searching and posting functions off.

This has appeared to do the trick as I can now see spam attacks in my latest visitors log at my webhost resulting in 403 errors that this plugin generates on a failed response. This also proves that these attacks are coming from bots and not humans putting in the answers.

To make this change yourself, edit the /wp-content/plugins/block-spam-by-math/block-spam-by-math.php file and look for function add_hidden_fields() and function check_hidden_fields() and simply change the corresponding name and $_POST[] variables it uses:

function add_hidden_fields() {
   $mathvalue0 = rand(2, 15);
   $mathvalue1 = rand(2, 15);
   echo '<div><b>IMPORTANT!</b> To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-) ';
   echo "What is $mathvalue0 + $mathvalue1 ?";
   echo '<input type="text" name="changeme2" value="" />';
   echo '</div>';
   echo '<div style="display:none">Please leave these two fields as-is: ';
   echo "<input type='text' name='changeme0' value='$mathvalue0' />";
   echo "<input type='text' name='changeme1' value='$mathvalue1' />";
   echo '</div>';
}

// Check for hidden fields and wp_die() in case of error
function check_hidden_fields() {
   // Get values from POST data
   $val0 = '';
   $val1 = '';
   $val2 = '';
   if ( isset( $_POST['changeme0'] ) ) {
      $val0 = $_POST['changeme0'];
   }
   if ( isset( $_POST['changeme1'] ) ) {
      $val1 = $_POST['changeme1'];
   }
   if ( isset( $_POST['changeme2'] ) ) {
      $val2 = $_POST['changeme2'];
   }

   // Check values
   if ( ( $val0 == '' ) || ( $val1 == '' ) || ( intval($val2) != (intval($val0) + ntval($val1)) ) ) {
      // Die and return error 403 Forbidden
      wp_die( 'Bye Bye, SPAMBOT!', '403 Forbidden', array( 'response' => 403 ) );
   }
}

In the code above you want to change the changemeX items. The original code and my new code has something other than what is shown here. To be even sneakier you could change them once a week or however often and there’s no need for them to be the same thing with 0, 1, and 2 after them. They just have to match each other in the functions. As I’m sitting here typing this, I just had another idea to try. 😉 Anyway, hopefully this well help cut down some of the automated comment spam attacks.

Blog has been upgraded to WordPress v3.0!

Leave a reply

I have upgraded my blog to WordPress v3.0 which was just released a couple days ago. As I always do, I backed-up all my files and database before proceeding. I have a local copy of my blog on the PC so I upgraded it first. I did the auto upgrade option again which seemed to have worked well. Even so, once again I had to edit the /wp-includes/vars.php file to force $is_apache to true (see below) since the SERVER_SOFTWARE variable comes back as WebServerX instead of Apache.

// Server detection

/**
 * Whether the server software is Apache or something else
 * @global bool $is_apache
 */
//$is_apache = ((strpos($_SERVER['SERVER_SOFTWARE'], 'Apache') !== false) || (strpos($_SERVER['SERVER_SOFTWARE'], 'LiteSpeed') !== false)) ? true : false;
$is_apache = true;
/**
 * Whether the server software is IIS or something else
 * @global bool $is_IIS
 */
$is_IIS = (strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') !== false) ? true : false;

I also had to edit the /wp-login.php file and add session_start(); at the beginning for the Register Plus plug-in to work properly as PHP sessions are not automatically started at my webhost (I could make them auto-start if I wanted but I’d rather have control of it via my scripts):

session_start();
/**
 * WordPress User Page

Now I could have stopped here; however, I wanted to use the new default WordPress theme, Twenty Ten which had a wider footprint and additional functionality beyond the previous default theme. I also figured it would be the most stable and up-to-date theme to work with the new WordPress version.  I made of a copy of the theme and placed it into its own directory, giving it my own name.

Since this was a new theme, I had to modify some of the PHP files to add my custom code. All I really had to do was add a JavaScript code snippet to the /mytheme/header.php file that some of my archived pages use to show and hide parts of their content. I also had to add a piece of code to the /mytheme/comments.php file for the Math Comment Spam Protection plugin to function; however, this theme’s coding of the comment form was much different and from what I could tell would have to do a lot of hacking around with the code to get it to work. So, I decided to look for something else. I came across the Block-Spam-By-Math plugin. This one worked with the new theme and I didn’t have to add any additional code anywhere to make it work! During this time frame where I did not have a functioning Math protection plugin, Akismet caught around 55 spam comments! This was in less than a day and a half. Since adding in the new plugin, Akismet has only seen one new spam comment. This just proves how many spam comments a plugin like this will stop.

Update: August 24, 2010: The Math Comment Spam Protection is now compatible with WordPress 3.0.1 and have switched my blog back to using it.

At this stage all I’m really doing is playing around with CSS styles to get the blog to appear how I want. This is where things like Firebug for Firefox come in real handy by telling me where an element is getting its style from. It will tell you about the element’s inheritance, which file(s) contain the CSS, and the line numbers within those files. By the way, I found the CSS Tutorials at W3Schools to be rather helpful in testing out various font-size and line-height combinations which this theme seems to use heavily. I may change its use of fixed pixel sized line-heights in favor of relative values so that they scale properly with changes in font size, we’ll see. 🙂

Before I close and while there’s still 30 minutes left in the day, I just wanted to wish my dad and all the other dads out there a Happy Father’s Day!! 😀

My Continuing Thoughts About Time

Leave a reply

After watching the Into The Universe With Stephen Hawking special on Discovery (first aired on 4/25/2010) about Time Travel, it got me to thinking about time again with some additional understanding. If you haven’t you might want to read my previous post on this.

In my previous post I talked about a guy traveling around the Earth in a really fast space ship. This is the same as the show’s example of people going around the Earth in a really fast train where time slows down for them. What I realized is that while we would indeed continue to see them going around the Earth, we would see them going around for 50 years or whatever. However, to the guy in the space ship or the people in the train, they would have only been going around for a week. They would have only eaten seven bowls of cereal for breakfast and so on. They have therefore traveled into the future.. or, more precisely, our future at much faster rate than we did.

I would suspect that if there was a camera inside the train showing what the crew was doing, it would appear to us that they were not moving or doing anything. One of them blinking would take a day to complete (I’m guessing here but you get the idea).

Once again the show proved that what Superman did would have actually caused him to travel into the future, not the past. It seems that while you might be able to travel into the future at a much faster rate, you still can’t go back in time. Stephen Hawking’s experiment to leave a message for some scientist of the future to meet him at such and such place at such and such time to prove time travel to the past is possible demonstrates that it never became possible because no one showed up. However, there is a kind of way that you can travel into the past or at least observe what the past was like.

When you look into space, you are seeing how things used to be, not how they are due to the amount of time it takes light to travel through space. When you look at the sun, you see how the sun appeared and where it was physically 8 minutes ago, roughly. If you got into a space ship and traveled 1,000 light years away and looked back at the Earth with a telescope, you would see what was happening on Earth 1,000 years ago because it would have taken 1,000 years for the light coming from Earth to reach your telescope. Well, for this to work you would have to calculate where the Earth was physically located within space 1,000 years ago and go to a spot 1,000 light years away from that point to see the photons and whatever other electromagnetic energy left the Earth at that time.

Well, before my brain explodes or something, I’m going to go ahead and post this. I need to put some clothes in the dryer anyway LOL. 🙂

Getting My Samsung LN52A650 HDTV Serviced

23 Replies

A few days ago my TV started having power-on problems. I would turn the power on and it would cycle itself on and off several times before finally coming on. Each day the process seemed to take longer and longer. Each cycle consisted of a relay click, the startup/shutdown sound, no image being displayed and would then repeat this process. The second to last cycle I would see an image briefly before it powered down again to return and stay on. The problem only seemed to happen if I turned the TV off for a period of time. Once the TV came on it seemed to otherwise work fine except for the clock loosing it’s setting each morning.

The TV was outside of the 1-year Samsung warranty. At the time I did purchase a 2-year extended warranty from Circuit City which is now being handled by Assurant Solutions. I still have 1 year left on the extended warranty so I wasn’t overly concerned. I did some searching on the net and found: How Do I Use My Circuit City Extended Warranty Now?

I decided to call Samsung first and I’m glad I did. As it turned out, my TV’s model, serial number, and symptoms happened to match certain criteria where they gave me a 1 time free of charge capacitor replacement repair.  I got the impression that my TV must have been part of a “bad batch”.

Later that day, someone from Professional TV, Inc out of Oklahoma City contacted me to set up an appointment to come by the next morning (April 29, 2010) to work on the TV. The tech arrived as promised and commenced to repair the TV after showing him what it was doing. He agreed it was due to failed capacitors. After helping him take the TV down and laying it on the floor on top of a floor pad, he took the back and stand off and removed the circuit board with the failed components.  Following is an image of the TV with the back removed, after the circuit board had been removed:

Samsung LN52A650 Repair

He then used a soldering iron to desolder the two bad capacitors that had failed with bulging caps and holes on top slowly leaking their contents. He also replaced two other capacitors that usually failed in these circumstances to be safe. All replacements had higher voltage specs. Here’s a pic of the two failed capacitors:

Bad Capacitors from Samsung LN52A650

He then replaced the circuit board and plugged the TV back in while it was still on the floor to make sure it would power up which it did. Yay! After cleaning the dust that had accumulated in the TV and replacing the back cover, we placed the TV back on the stand and reconnected it to my home theater system. He also dusted off my stand while he was at it. Everything worked fine and has continued to since! 🙂

So in the end, the complete process was painless, took less than 24 hours to have a working TV again, was free of charge, and everyone I spoke with was professional and understandable.  I commend Samsung for ultimately standing behind their product even though it was outside the manufacturer’s warranty.  I should also note that they offered the 1 time free repair to me after getting my information, rather than me asking or demanding it from them. This does give me the confidence to purchase future products from them.

I have searched the internet concerning this issue and realize that not everyone else has had the same experience. All I can say is that this was my experience with my TV.

Modified Navigation Links to not Show Daily Tweets.

Leave a reply

Update: October 7, 2015: In case anyone finds this post, thought I should mention that I quit using that Advanced Category Excluder plugin. Read my Excluding Categories from Different Parts of WordPress post for how I currently do it. Also, here’s the actual code to exclude the categories I wanted from the links:

<?php
$mrh_exclude = '61, 74';
?>
...
  <span class="nav-previous"><?php previous_post_link( '%link', '<span class="meta-nav">' . _x( '&larr;', 'Previous post link', 'twentytwelve' ) . '</span> %title', false, $mrh_exclude ); ?></span>
  <span class="nav-next"><?php next_post_link( '%link', '%title <span class="meta-nav">' . _x( '&rarr;', 'Next post link', 'twentytwelve' ) . '</span>', false, $mrh_exclude ); ?></span>

I’ve modified the code in my blog’s theme to exclude the Daily Tweets category (aka Twitter Digest) from the Previous and Next post navigation links when viewing a single post. This will make it behave more like my blog’s home page and feed where that category is also excluded via the Advanced Category Excluder plug-in. So, to view the posts in that category, you will need to click on the Daily Tweets category on the right-hand side of the blog under the Categories section.

I decided to do it this way rather than using the plug-in to exclude the category from “single posts” as that would prevent the ability view the post individually (it causes a 404 error to be generated).

Now, the Daily Tweets will not get in the way of browsing the normal posts on my blog. 🙂