The xmlrpc.php file of my WordPress blog recently got hit by a single bot some 5000 times over a half hour period recently. I temporarily disabled all visitors and then limited it to just blocking the specific IP via Apache conf (htaccess).
problem posts page 7
I woke up in the middle of the night last night fighting a strong feeling of sickness. I think it was just a stomach bug.
Continue reading post "#3325"I bought a short domain name in part so I could have a short email address that was easy to share. Unfortunately, I’m finding it to sometimes confuse people or require more effort than expected to spell out.
Continue reading post "#3314"The installation of a new version of nodejs via MacPorts took nearly two hours.
Continue reading post "#3312"I guess npm doesn’t find a version of a package that matches the current environment when doing npm install whatever.
I successfully switched my regular Firefox profiles back from Developer Edition to regular edition by waiting for the version to update.
Continue reading post "#3305"Recaptcha and prototype.js conflict
One of Cogneato’s clients noticed that Recaptcha wasn’t working on their site. The checkbox wouldn’t check at all. I noticed that there was an error like “Unexpected token in JSON at position 0” in the browser’s console log. Since this was one of our really old sites, I figured it might have some sort of inadequate polyfill for JSON.parse(). I saw that the site was using Prototype.js, so I looked through the script to see if it was overriding that method, but it wasn’t. That did put me on the right track, though, to find the Stackoverflow answer that solved it for me.
Prototype was overriding the now browser standard reduce() method of Array.prototype with its own, incompatible functionality. The solution was simply to remove that method from the “prototype.js” file. We weren’t using the special Prototype functionality anywhere, so this didn’t cause a problem. If we were, we’d probably have to duck punch the browser’s functionality to handle both method signatures.
Seems like domain registrars strip off “www.” from the beginning of domains when searching, even when trying it as a second level domain.
Continue reading post "#3294"Fallback webfont and emoji
in
WWW
font
performance
problem
web
Recently I found that browsers will download a fallback webfont (@font-face) to try to find an emoji or other missing character. I was looking at the perf characteristics of my site when I noticed that the browser was downloading a webfont that wasn’t being used at all. After some digging, I found that the browser was going down through the full font stack to try to find an emoji I had added to that page, downloading the webfont on the way.
This is probably not a common setup, but I have a webfont in my font stack down stack from some similar common system fonts, as a fallback just in case. It uses a nice system font unless it can’t find it, in which case it uses the webfont, unless it can’t use that, in which case it uses a less desirable system font or the generic font class.
Continue reading post "Fallback webfont and emoji"Fighting form spam
Cogneato has dozens of sites with openly submittable forms on them, and they have no doubt all had some level of problems with spam submissions. Bots, and perhaps people, like to share their links or services, try to hack sites, or whatever other nefarious or annoying purposes they may have through forms, which require some sort of server side processing, and will possibly result in human processing as well, such as with sent emails, database data, or comments on a website.
Spammers have gotten more sophisticated over time, and over the last year or two, have really started to hit Cogneato’s sites hard and get past the protections we had in place. We’ve had to add protections on forms that didn’t have them before, and use more techniques to attempt to detect spam. We’ve recently added a set of checks of the submitted form data and the submitter IP address that produces a score of “spaminess” that we can then use to block the submission if the score is above a threshold. That score script is the primary purpose of this post, but I will cover the other techniques we use as well.
Continue reading post "Fighting form spam"