Tag Archive: godaddy

Akismet and Jetpack Issues, Stop Spammers and CloudFlare Save the Day

My Web Host Penalised Me Yet Helped Speed Up My Site

Introduction

shared web hosting

shared web hosting

This site used to be hosted on Site5, in Texas.  I had a shared web host account, about the cheapest there is on Site5 though by no means the cheapest around (I’ve had experience of really cheap hosts….).  It worked alright, site management was good.  Then, I got hit by spammers.  Twice.  Big time.

Each time, this slowed the site down, made life hell for other shared accounts, especially when I introduced WordPress plugins to counter this.

Naturally, Site5 advised me to stop the hits or they’d pull my account (they’d already temporarily disabled it).  They advised me to cut the plugins, using GoDaddy’s plugin testing tool, WordPress Plugin Performance Profiler (P3).  So I did this, and after some trial and error, got the running processes down.  Of course, I lost a bit of neat functionality.

Testing Times

Apart from internal WordPress testing, it pays to test your site as if you are someone else somewhere else.  Pingdom have a set of tools that does just this, testing from various global locations and I can recommend it.

Result!

I used an iterative approach, testing various combinations of plugins and systems to end up as being in the top 8% sites for speed in the world!  Not bad for free is all I can say!   You’ll see in the screenshot above, that 92% of websites are slower than mine….   So is it really free?  Here goes…..

Paid For:
  • Web Hosting.  Shared.
  • My domain registration.
Free:
  • WordPress and all the LAMP functionality
  • WordPress plugins
  • CloudFlare
Pingdom Says

Pingdom Says

Automattic Issues

WordPress (which this site uses) is built by the Automattic team and naturally have expanded over time.  I’ve used their plugins for many years, Akismet from the off, which is a comment spam blocking system.  Latterly, they came out with Jetpack, where they say,

Supercharge your WordPress site with powerful features previously only available to WordPress.com users.

Jetpack is a WordPress plugin that supercharges your self-hosted WordPress site with the awesome cloud power of WordPress.com.

P3 Selected Output

P3 Selected Output

This is all well and good, except when I tested it using the P3 plugin profiler, Jetpack was the biggest drag on everything!   The worst part of it, was that actually, I was only using a small part of its features and it was still the biggest suck on performance.

  • I didn’t use Carousel for photos since I had an old solution, NextGen Gallery, that I’m loathe to change.
  • The comments system mucked up all other comment plugins, grabbing all for itself (a bit like Microsoft here!)
  • I used the stats, and that was about all, yet they were very slow and not that informative, actually.
  • Nearly all the other stuff I looked at, tried and ditched for similar reasons.

So much for the awesome cloud power.  On top of this, you’re now supposed to pay for parts of Automattic’s offerings, like Akismet, the comment spam blocker while a major offering of theirs was actually slowing my site right up!

What Did I do?

Change host!

Well not initially, actually, though the heavy-handed Site5 approach got my ire a bit I must admit.  I did do loads of tests with a host of caching, anti-spam and page load improvement plugins first…

Vidahost

Vidahost

I now use Vidahost in the UK.  The site is faster to manage (along with my others) since the servers are in the UK with me, and it’s cheaper, providing almost the same functionality and tools as Site 5.  I took the opportunity to clean out a few dead files in the process, but essentially, all was moved, database and files.  The lot.  Just twiddled config.php and the .htaccess file a bit.

did worry that my American visitors, who are actually in the majority, would  suffer slower speed and thus I’d get hit in Google rankings, but hey, wait for later…!

I got it all working and as part of the whole “thinking” process since the very first warnings from Site 5, I’d been looking for better things.

Looking at Things Closely

  • I like Related Posts.   Related Posts plugins do just that.  I love the idea of pulling out meta-data relevant stuff from a website.  Site 5 had said, as have others on the web, that this sort of plugin makes big hits on a site.  Some of them really do!  I use  YARPP, with a limited subset of features enabled which cuts down processing.
  • I also like Andrew Ozz’s Shutter Reloaded which shows images nicely.   I also like his post editor, TinyMCE Advanced, it being the best of many I’ve tested over the years.
  • I like NextGEN Gallery having used it since before WordPress got all image fancy.  I haven’t got time to fiddle with thousands of photos now…
  • I’d like some statistics within WordPress.
  • I’m not that interested, any-more (though I was) in Social Networking sharing features.  Truth be told, if someone wants to share, they will.
  • I’ve read a lot on image improvements.  I’ve always shrunk images manually before uploading using the excellent IrfanView application.  But during this enforced research, other things like sprites and delayed image loading popped into the equation.

So I like certain plugins or functionality.  I try and use the one that works best for me.  Too many plugins make a big hit on the server and thus website loading.

Caching

A way round this is caching.  e.g. If a post is created and has related posts clagged on the bottom using YARPP, then the post is cached and YARRP is only running once.  How and where the caching is done is the crux of the issue…

Site 5 suggested W3 Total Cache as a better alternative to Wp Super Cache,  which I’ve used for years.    Naturally, I’ve tested this and my conclusion was that it could be fast, and it was fast for a while, but over time on each of my sites I got issues around lock-ups and the huge and complex caching system around files, databases and sprites.  This list is long.

I’ve also tested various database query caching plugins likewise over the years.  W3 Total Cache incorporates this method too, but ultimately, it made too much work for not a lot of difference IMHO, since I’m lazy.

However, it did point me to one thing!  CloudFlare.

CloudFlare

CloudFlare Admin1

CloudFlare Admin1

Ah.  The power of the cloud is back!

Not only that – it works!

CloudFlare Admin2

CloudFlare Admin2

You re-direct your DNS at your domain registrar (joker.com in my case) to CloudFlare’s DNS servers, set up the site malware protection level you want – then after a few hours your whole site is cached and protected.  Best of all, it’s free for a little site like this!

In fact, using CloudFlare speeded everything up even before I got caching going again…

Further Plugin Work

Now, I went back to Wp Super Cache from Doncha and it all works fine.  Site speed good.  I then ditched Jetpack after testing it again.  It really does interfere with all comment plugins, and I really like this comment one as do people who comment here:

  • U Extended Comment

It works great and does everything I want.  So Jetpack, it’s bye bye.  Take all your fancy commenting system, your stats, your social media and fancy image handling.

But What About Comment Spam?

Stop Spammer Results2

Stop Spammer Results2

Stop Spammer Results1

Stop Spammer Results1

I’ve found the best solution is a plugin called Stop Spammer Registrations Plugin.  It needed a bit of fine tuning and a re-activation of Akismet to whip out a few wisps of spammer, but it works and seems to trap and report more spammers than ever Akismet did alone.  Akismet, by itself, does the commenting bit in tandem with the plugin, rather well.

Registration Spam

SABRE Results

SABRE Results

Unfortunately, during testing, a few unwanted visitors managed to register on the website.  They can’t do real harm since I use the lowest role level at registration time.  So I re-enabled SABRE and since then, no more unwanted visitors.  I’ve tested SABRE as a visitor and the settings I’ve chosen are just about right – I’ve had issues with it previously when it blocked registration!  But reducing the feature set and re-uploading a clean plugin fixes that.

CloudFlare and the CDN Issue

I toyed around getting a CDN to host images.  But they (can) cost and anyway, I’ve gone off Amazon and others because of their anti-Wikileaks actions plus they don’t pay UK tax…

Delayed Image Loading

However, in the course of my reading, I found that images can be loaded just as the page comes into view, which speeds up page loading, and as a consequence the perceived nippiness of a site.  The plugin BJ Lazy Load does this for me and works brilliantly.  Check this last post about Australia which has a lot of medium sized images to see them pop into view!

Delayed Javascript Loading

I use two plugins that handle this end of the issue around JavaScript.

Statistics

WP SlimStat1

WP SlimStat1

Well, Jetpack is gone.  I won’t be using it unless some serious improvements are made, it being the prime reason for the server load that brought me to this position in  the first place.  As soon as I disabled it (and simultaneously blocked all comments to the site, which isn’t the best thing, this being a blog after all), all server loads went away.

I now use SlimStat and it works very well.  I’ve tried many over time, including Google’s analysis tools, my webhost’s stats tools, Wassup and more, but for now, this is it.

Conclusion

My site works pretty fast and is pretty protected from the bad guys.  I actually still use more plugins than what is usually recommended – 50 is a huge lot according to web gurus and sages.  Currently there are 31 in active operation with 8 inactivated.  I love trying new ones, it’s like that, that’s just the way it is.

The delayed image loading is particularly apparent on a post with a lot of images, say this recent one.  The post loads fast and you see the first images load, and as you scroll down you’ll see other images appear with a slight delay.

All the other stuff is incremental improvement, with the biggest, by far, being the free CloudFlare service which I cannot recommend highly enough.  It’s a no-brainer, go and do it?

My Full List?

These are the plugins currently running that help my site work.  Many are for security, which demonstrates the state of play versus the bad internet guys full well.

Related Posts:

Foetus Products Shop Made Simple

Foetus Products Shop Open

Foetus Products

Foetus Products

In preparation for our next release, Spookhouse, I’ve set up a proper shop to sell it!  Our intention is to sell everything ourselves via this sole outlet. (Click image for the UK shopping site.)

The announcement is on the Crawling Chaos website here.

Kicking off the shop I’ve reworked (…er…shouldn’t that be ‘am in the process of re-working?…) all tracks from the two previous CD issues.  Finally I’ve had a decent handle of the articles…

Some have been substantially changed which may upset the purists, my current modus operandi being to imagine myself back then using the current software and equipment I now have at my disposal, then to change the existing 2-track recordings to best fit this basic idea.  After all, they’re already in the digital domain – so I may as well try and make them something like how I/we wanted originally, but was thwarted by technology.

In tandem with this, I’ve whipped out some jam and hidden parts in tribute especially to Paul, Jeff & Garry, because this was the core of many creations that appear on those two releases and turned them into something dark and tragic, as that’s how I currently feel about their absence from the planet.

As Steve Jobs once said,

“Remembering that you are going to die is the best way I know to avoid the trap of thinking you have something to lose. You are already naked. There is no reason not to follow your heart.”

Close observers will spot the “new” tracks.  They are there to highlight our jollity, our bleakness, the tiny hidden gems of deftness in improvisational Jeff’s playing and Paul’s lyricism, the randomness of Gazza and the end that must come to us all.

All this stuff is competitively priced compared to the muffled output from the usual on-line stores.

Spookhouse

The Spookhouse design is currently being set.  Downloads from the CD will be available following the CD release.

Other Items

These will be released, mainly as download, for other artists wanting to contribute to to the Foetus Products collective sound resource.  This isn’t a joke.  We really mean it folks!

Technical

I’ve set it up using open-source software on the foetusproducts.co.uk domain.  All links are secure where they need to be using a SSL Certificate I bought from GoDaddy.com, as they were had a special offer going…!  It’s security level is the highest you can get (it uses a 2048 bit key), which means folks should have no qualms about their bank getting raided or whatever if they buy from us.

Users will have a choice of two financial transaction processors – PayPal and Google Checkout for which I’ve set up merchant accounts.  They’re ubiquitous and most people are familiar with their operation nowadays.  I thought about using Amazon, but they don’t currently process for digital items.

The reason that we’ve gone this route harks back to our (i.e. Crawling Chaos’s) independence of spirit – and because our returns will be on par to going the iTunes route, say, for distribution.  We lose about 10% commission in the transaction process compared to a lot more through online download stores.

Related Posts:

Comments are closed

How WordPress Spam Works

WordPress Comment Spam

The plague of all blogs is spam, mainly comment spam, by sheer numerical superiority.

Q.  Why Do They Do It?

A. As a minimum, they do it to open a back-door into your blog that allows the perpetrator to place reverse linkages to another website to increase that website’s visibility in search engine results (so called “Search Engine Optimisation” – SEO ).  This back-linkage they use to increase website search hits, which they can charge an ignorant website beginner big money for.

At the worst, the culprit would gain full access to the blog allowing free posting and deletions or even the complete removal of your website content.

Today’s Example

Today, I got a comment that made me check further as notionally, it looked okay-ish. These are the details (click image for full-size view of the comment as it appears in the WordPress admin section):

Comment Spam Example

Comment Spam Example

The Jacksonville lawyer is in Florida and has this website; http://www.divorceyes.com/index.html, and the actual comment is pretty kosher, although brief, saying;

Strangely you have made an awesome post and i appreciate your work and keep it up. Thanks for sharing this with us.

This is all very nice, but check out the IP address….

WHOIS 113.203.135.140

By checking the WHOIS for this, we see that the IP Address for this supposedly reputable Florida lawyer (Divorce Yes) is in Karachi, Pakistan!  Well are they?  My guess, given the cheap web costs in the USA, is that Divorce Yes is in the US and that they wouldn’t for an instant even consider anywhere else!

And so it is!  The actual WHOIS for Divorce Yes is in Florida!  (The actual WHOIS for the web-hosting, fortehosting.com is in Illinois).  The registrant’s name (Miller) also agrees with the Divorce Yes’s contact details here, but note; the email address in the comment, [email protected], is not the same as the email address on the contact page, which is [email protected]

Registrant:

jeff miller

1019 grand court

highland beach, Florida 33487

United States

Registered through: GoDaddy.com, Inc. https://uk.godaddy.com/)

Domain Name: DIVORCEYES.COM

Created on: 07-Jun-05

Expires on: 07-Jun-16

Last Updated on: 17-Feb-07

Administrative Contact:

miller, jeff [email protected]

1019 grand court

highland beach, Florida 33487

United States

(561) 445-6962 Fax — (561) 347-7588

Technical Contact:

miller, jeff [email protected]

1019 grand court

highland beach, Florida 33487

United States

(561) 445-6962 Fax — (561) 347-7588

Domain servers in listed order:

NS1.FORTEHOSTING.COM

NS2.FORTEHOSTING.COM

Conclusion

There isn’t a conclusion really.  This is just an example of the way that text harvesting is being used to make seemingly intelligent comments slip past the comment filters on a WordPress blog.

As many of these filters rely on an IP address, if the webmaster lets a dodgy IP address through just once then it’ll be marked as “good” by the filters which will then allow the spammer to post even more comments, all for the various nefarious reasons that I mentioned first.

This is why I use a plugin like WP-SpamFree, and using it I can block all incoming pings from a given IP address, in this case, 113.203.135.140!

For interest, I’ve edited out the back-link from the spam comment above and you can find it on this post, Pacific Webworks, Lawyers and Social Networking, here.

Alternative Conclusion

This isn’t a conclusion again, but my examination of alternative possibilities, but note the following:

  • The Divorce Yes website is made and SEO’d by http://enettechnologies.com/.
  • WordPress is used on the website.
  • Many WordPress plugins exist to “improve” the SEO of a website.  (I use some!)
    • Some do it by ensuring meta and other data is added if it’s missing.
    • Others have sprung up over the last few years that “intelligently” link to other websites….  they harvest websites for text and linkages for later use, much like email spammers scan websites for email addresses to spam.  [n.b.  I use PHPEnkoder from Michael Greenberg to hide email addresses on this site from email address harvesters.]

It could be, although I cannot prove or disprove it, but because some of this spam I receive is now pretty readable as with this one above, that plugins are being used for much of the hits I get.  This comment  could be such an example, or the law website name is being used textually as a smokescreen for the Pakistani spammer.  I see lots of adverts along these lines that couldn’t possibly rely on manual  human link placements for their effectiveness….

I’d be interested to hear from Miller Law or their website designer on this one.  It’s not the first time that I’ve had reputable businesses appear on my website like this and I’d like to know what it appears like at their end, if at all.  It does make me wonder if this very website is being used to cloak spam at other websites in the same manner.

This is why I’ve left all URL back-links to the parties in place so that they’ll see them in their logs.

Related Posts:

Comments are closed

Scum Debt Relief Spammers from China via Live Spaces

I decided to have a small investigation on (some!) of today’s spam…  I noticed a lot of similarities in my Mailwasher Pro output:

  • Forged/spoofed “from” address
  • “Debt free” or “get out of debt” or some permutation thereof in the subject field
  • ALL have a non-obfuscated ~spaces.live.com web address as the link
  • 2 line body: e.g.
    • Let us Help you Manage your Debt. Reduce your payments up to 50%!
  • All 1.2kb in size
  • No attachments
  • All to the usual spam harvester address – a catch all I use for sign-ups of ANYTHING on the web

These are the four address links:

pdf of microsoft's spaces live userAll the genuine spaces pages look exactly the same.  The pdf is an exact copy of the web page I made using Nitro’s PDF Download add-on for Firefox.

There are two websites buried in here.

  • is the click-to link
  • is where the large central graphic is located

Clicking the follow through link instead of going to actually goes straight to Google.com!!  This must be Microsoft’s doing within the spaces.live environment.  They must be expecting this rubbish…

Going to the domain hosting the picture, actually IS a debt type site called which looks very professional and honest.  Thoughtfully, they’ve provided a “Company Info” page…..

Precision Debt Relief Company Info Page….er, apart from a large pile of advertising waffle, the only “info” is a graphic with a nice glass office block and an address in Dallas, Texas.  This is it here in Dallas:
View Larger Map

Doing a WHOIS on the site, like here, or here, we find that the website is registered/owned by a guy called Mark Compton who owns about 108 other domains according to public whois information.  Some proper company info can be found here and traced through – I haven’t the time for my investigation here and it’s not relevant for me.  I’m chasing IP address info, like so.

Doing a whois on SARIAKANDIFUL.COM such as here or here, gives us a place in China for the domain nameserver and the website is hosted in Panama! So that’s the spamming bit…

So all you need to ask yourself is:

Q.  Why does Mark Compton who has several companies and websites,

  1. advertise his services with forged email spam that
  2. links to Microsoft Live Spaces as a hook, and
  3. is nameserved from China and
  4. is hosted in Panama and
  5. has a dedicated server for his websites (IP 67.212.165.51), physical address in Chicago, apparently, and
  6. has websites registered with (cheapo) GoDaddy and
  7. has DNS nameservers (e.g. DNS1.MIDPHASE.COM) which are at http://enom.com and
  8. uses a simple anonymous yahoo email address for business correspondence?

A.  He’s trying to hide something. His name and address are clear but there’s something going on.

Q.  So why borrow money from someone who’s trying to hide his business?

A.  ?

Or am I missing something and have got it all wrong?

He hasn’t harmed me and I don’t have a connection with him?

Er… I do now!   He’s just plonked shite in my in-tray!

Related Posts:

Comments are closed

Email Spam Trojans Hiding on Websites as MSNBC Breaking News Items

For the past few weeks I suppose everyone has had a bit of email spam with this in the “From” and “Subject”:

msnbc.com: BREAKING NEWS:

There then follows a sucker headline which is obviously pants.  They all have a spoofed link for http://www.msnbc.com/msn which points to somewhere else, quite often a html document on the main site page for a photographer or graphics company.  There is only the one duff link.  All the rest point to Microsoft sites.

A few sites I’ve contacted to let them know that they’ve been hacked – but now I don’t bother – there are too many each day with this particular format.

Agent_ETH_Trogan

Agent ETH Trogan as reported by NOD32

Here are a few I’ve had today.  The links are not live.  Firefox 3 or NOD32 trap all the Trojans but copy and paste the links into a browser at your own risk!  (Initially there is a modal dialog box that cannot be cancelled except by Task Manager.  Clicking OKAY will try to download the package to your PC.  NOD32 identifies it as “a variant of Win32/Agent.ETH trojan).

Nonsense Headline Spoofed Link Destination (manually remove spaces from links) Destination Type Holder from a WHOIS
Bush ‘Troubled’ by Gay Marriages. Declares San Francisco Part of ‘Axis of Evil’ srq.dk/ msn_video.html Hacked site full of broken php and sql Domain: srq.dk
DNS: srq.dk
Registered: 2006-08-30
Expires: 2008-08-31
Registration period: 1 year
VID: no
Status: Deactivated
John Mccain Proposes Gay Marriage thecaviarco.com/ msn_video.html Dodgy, new or completely hacked site Registrant:
koein
Registered through: GoDaddy.com Inc.
New Evidence Suggests That The President May Be Drinking Again www.mobilzeit-daten.de/ msn_video.html Possible dodgy site or it has been hacked.  Even the contact link is an exe file! Type: ORG
Name: MOBILZEIT
Address: Poststr. 9
Pcode: 29308
City: Winsen
Country: DE
Remarks: CID: 6581951/1020
Changed: 2006-12-31T18: 02: 3101: 00
One Hot White Chick Injured in Tsunami Disaster tamarabdul hadi.com/ msn_video.html Iraqi-Canadian photograher apparently with a Jordanian site registration! The evil package is dumped straight on the homepage area. Administrative Contact:
enana.com
Ali Zayni [email protected]

962.795602616
Fax: 962.64629597
p.o.box 940541
Amman 11194
JO

Bush Claims He Has Supernatural Abilities eliteworkwear uk.co.uk/ msn_video.html Workwear and other clothing web shopping site.  The evil package is dumped straight on the homepage area. Registrant:
Chris Peacock
Trading as:
Bubble Design and Marketing
Registrant type:
UK Individual
Registrant’s address:
Bubble Design Hallcroft Indust
Aurillac Way
Retford
Nottinghamshire
DN22 7PX
GB

I use Mailwasher Pro from Firetrust to check through all my mail.  I’ve been using it for several years now – since version 4 I think!  It shows all mail as plain text (which I advise everyone to do anyway).  This is the substance of the last email above, viewed in plain text.

Mailwasher shows all the obfuscated links nicely.

msnbc.com: BREAKING NEWS: Bush Claims He Has Supernatural Abilities

Find out more at http://www.msnbc.com/msn [links to eliteworkwearuk.co.uk/msn_video.html]
======================================================
See the top news of the day at MSNBC.com, and the latest from Today Show and NBC Nightly News.

=========================================
This e-mail is never sent unsolicited. You have received this MSNBC Breaking News Newsletter
newsletter because you subscribed to it or, someone forwarded it to you.
To remove yourself from the list (or to add yourself to the list if this
message was forwarded to you) simply go to
[links to www.msnbc.msn.com/id/24472415], select unsubscribe, enter the
email address receiving this message, and click the Go button.

Microsoft Corporation – One Microsoft Way – Redmond, WA 98052
MSN PRIVACY STATEMENT
; [links to privacy.msn.com/])

Added 17/8/8

I’ve also had quite a few emails purporting to be Greetings eCards!

The pattern is the same as the above except usually they don’t even obfuscate the link!  This one below, for example, has these properties:

Good day.
You have received an eCard

To pick up your eCard, choose from any of the following options:
Click on the following link (or copy & paste it into your web browser):

Your card will be aviailable for pick-up beginning for the next 30 days.
Please be sure to view your eCard before the days are up!

We hope you enjoy you eCard.

Thank You!

http://www.greetingcard.org

NOD32_NMR_Trojan

NOD32 warning for Win32/TrojanDropper.Agent.NMR trojan

The payload according to NOD32 is described as “a variant of Win32/TrojanDropper.Agent.NMR trojan“.  The Belgian website looks okay with info, program of events etc.  But the exe file is dumped straight in their front door!

Related Posts:

© 2007-2017 Strangely Perfect All Rights Reserved -- Copyright notice by me