Tag Archive: Wassup

Akismet and Jetpack Issues, Stop Spammers and CloudFlare Save the Day

My Web Host Penalised Me Yet Helped Speed Up My Site

Introduction

shared web hosting

shared web hosting

This site used to be hosted on Site5, in Texas.  I had a shared web host account, about the cheapest there is on Site5 though by no means the cheapest around (I’ve had experience of really cheap hosts….).  It worked alright, site management was good.  Then, I got hit by spammers.  Twice.  Big time.

Each time, this slowed the site down, made life hell for other shared accounts, especially when I introduced WordPress plugins to counter this.

Naturally, Site5 advised me to stop the hits or they’d pull my account (they’d already temporarily disabled it).  They advised me to cut the plugins, using GoDaddy’s plugin testing tool, WordPress Plugin Performance Profiler (P3).  So I did this, and after some trial and error, got the running processes down.  Of course, I lost a bit of neat functionality.

Testing Times

Apart from internal WordPress testing, it pays to test your site as if you are someone else somewhere else.  Pingdom have a set of tools that does just this, testing from various global locations and I can recommend it.

Result!

I used an iterative approach, testing various combinations of plugins and systems to end up as being in the top 8% sites for speed in the world!  Not bad for free is all I can say!   You’ll see in the screenshot above, that 92% of websites are slower than mine….   So is it really free?  Here goes…..

Paid For:
  • Web Hosting.  Shared.
  • My domain registration.
Free:
  • WordPress and all the LAMP functionality
  • WordPress plugins
  • CloudFlare
Pingdom Says

Pingdom Says

Automattic Issues

WordPress (which this site uses) is built by the Automattic team and naturally have expanded over time.  I’ve used their plugins for many years, Akismet from the off, which is a comment spam blocking system.  Latterly, they came out with Jetpack, where they say,

Supercharge your WordPress site with powerful features previously only available to WordPress.com users.

Jetpack is a WordPress plugin that supercharges your self-hosted WordPress site with the awesome cloud power of WordPress.com.

P3 Selected Output

P3 Selected Output

This is all well and good, except when I tested it using the P3 plugin profiler, Jetpack was the biggest drag on everything!   The worst part of it, was that actually, I was only using a small part of its features and it was still the biggest suck on performance.

  • I didn’t use Carousel for photos since I had an old solution, NextGen Gallery, that I’m loathe to change.
  • The comments system mucked up all other comment plugins, grabbing all for itself (a bit like Microsoft here!)
  • I used the stats, and that was about all, yet they were very slow and not that informative, actually.
  • Nearly all the other stuff I looked at, tried and ditched for similar reasons.

So much for the awesome cloud power.  On top of this, you’re now supposed to pay for parts of Automattic’s offerings, like Akismet, the comment spam blocker while a major offering of theirs was actually slowing my site right up!

What Did I do?

Change host!

Well not initially, actually, though the heavy-handed Site5 approach got my ire a bit I must admit.  I did do loads of tests with a host of caching, anti-spam and page load improvement plugins first…

Vidahost

Vidahost

I now use Vidahost in the UK.  The site is faster to manage (along with my others) since the servers are in the UK with me, and it’s cheaper, providing almost the same functionality and tools as Site 5.  I took the opportunity to clean out a few dead files in the process, but essentially, all was moved, database and files.  The lot.  Just twiddled config.php and the .htaccess file a bit.

did worry that my American visitors, who are actually in the majority, would  suffer slower speed and thus I’d get hit in Google rankings, but hey, wait for later…!

I got it all working and as part of the whole “thinking” process since the very first warnings from Site 5, I’d been looking for better things.

Looking at Things Closely

  • I like Related Posts.   Related Posts plugins do just that.  I love the idea of pulling out meta-data relevant stuff from a website.  Site 5 had said, as have others on the web, that this sort of plugin makes big hits on a site.  Some of them really do!  I use  YARPP, with a limited subset of features enabled which cuts down processing.
  • I also like Andrew Ozz’s Shutter Reloaded which shows images nicely.   I also like his post editor, TinyMCE Advanced, it being the best of many I’ve tested over the years.
  • I like NextGEN Gallery having used it since before WordPress got all image fancy.  I haven’t got time to fiddle with thousands of photos now…
  • I’d like some statistics within WordPress.
  • I’m not that interested, any-more (though I was) in Social Networking sharing features.  Truth be told, if someone wants to share, they will.
  • I’ve read a lot on image improvements.  I’ve always shrunk images manually before uploading using the excellent IrfanView application.  But during this enforced research, other things like sprites and delayed image loading popped into the equation.

So I like certain plugins or functionality.  I try and use the one that works best for me.  Too many plugins make a big hit on the server and thus website loading.

Caching

A way round this is caching.  e.g. If a post is created and has related posts clagged on the bottom using YARPP, then the post is cached and YARRP is only running once.  How and where the caching is done is the crux of the issue…

Site 5 suggested W3 Total Cache as a better alternative to Wp Super Cache,  which I’ve used for years.    Naturally, I’ve tested this and my conclusion was that it could be fast, and it was fast for a while, but over time on each of my sites I got issues around lock-ups and the huge and complex caching system around files, databases and sprites.  This list is long.

I’ve also tested various database query caching plugins likewise over the years.  W3 Total Cache incorporates this method too, but ultimately, it made too much work for not a lot of difference IMHO, since I’m lazy.

However, it did point me to one thing!  CloudFlare.

CloudFlare

CloudFlare Admin1

CloudFlare Admin1

Ah.  The power of the cloud is back!

Not only that – it works!

CloudFlare Admin2

CloudFlare Admin2

You re-direct your DNS at your domain registrar (joker.com in my case) to CloudFlare’s DNS servers, set up the site malware protection level you want – then after a few hours your whole site is cached and protected.  Best of all, it’s free for a little site like this!

In fact, using CloudFlare speeded everything up even before I got caching going again…

Further Plugin Work

Now, I went back to Wp Super Cache from Doncha and it all works fine.  Site speed good.  I then ditched Jetpack after testing it again.  It really does interfere with all comment plugins, and I really like this comment one as do people who comment here:

  • U Extended Comment

It works great and does everything I want.  So Jetpack, it’s bye bye.  Take all your fancy commenting system, your stats, your social media and fancy image handling.

But What About Comment Spam?

Stop Spammer Results2

Stop Spammer Results2

Stop Spammer Results1

Stop Spammer Results1

I’ve found the best solution is a plugin called Stop Spammer Registrations Plugin.  It needed a bit of fine tuning and a re-activation of Akismet to whip out a few wisps of spammer, but it works and seems to trap and report more spammers than ever Akismet did alone.  Akismet, by itself, does the commenting bit in tandem with the plugin, rather well.

Registration Spam

SABRE Results

SABRE Results

Unfortunately, during testing, a few unwanted visitors managed to register on the website.  They can’t do real harm since I use the lowest role level at registration time.  So I re-enabled SABRE and since then, no more unwanted visitors.  I’ve tested SABRE as a visitor and the settings I’ve chosen are just about right – I’ve had issues with it previously when it blocked registration!  But reducing the feature set and re-uploading a clean plugin fixes that.

CloudFlare and the CDN Issue

I toyed around getting a CDN to host images.  But they (can) cost and anyway, I’ve gone off Amazon and others because of their anti-Wikileaks actions plus they don’t pay UK tax…

Delayed Image Loading

However, in the course of my reading, I found that images can be loaded just as the page comes into view, which speeds up page loading, and as a consequence the perceived nippiness of a site.  The plugin BJ Lazy Load does this for me and works brilliantly.  Check this last post about Australia which has a lot of medium sized images to see them pop into view!

Delayed Javascript Loading

I use two plugins that handle this end of the issue around JavaScript.

Statistics

WP SlimStat1

WP SlimStat1

Well, Jetpack is gone.  I won’t be using it unless some serious improvements are made, it being the prime reason for the server load that brought me to this position in  the first place.  As soon as I disabled it (and simultaneously blocked all comments to the site, which isn’t the best thing, this being a blog after all), all server loads went away.

I now use SlimStat and it works very well.  I’ve tried many over time, including Google’s analysis tools, my webhost’s stats tools, Wassup and more, but for now, this is it.

Conclusion

My site works pretty fast and is pretty protected from the bad guys.  I actually still use more plugins than what is usually recommended – 50 is a huge lot according to web gurus and sages.  Currently there are 31 in active operation with 8 inactivated.  I love trying new ones, it’s like that, that’s just the way it is.

The delayed image loading is particularly apparent on a post with a lot of images, say this recent one.  The post loads fast and you see the first images load, and as you scroll down you’ll see other images appear with a slight delay.

All the other stuff is incremental improvement, with the biggest, by far, being the free CloudFlare service which I cannot recommend highly enough.  It’s a no-brainer, go and do it?

My Full List?

These are the plugins currently running that help my site work.  Many are for security, which demonstrates the state of play versus the bad internet guys full well.

Related Posts:

Proactive Refferal Spam Blocking

Introduction to the Problem and .htaccess Usage

Space.com - Levitra_Without_Prescrip's Page

Space.com - Levitra Without Prescrip's Page

I’ve had a few weird hits over time from “normal” websites containing “abnormal” content.  Take today, for instance….

According to my Wassup log and the stats that appear on the main screen widget, I got reffered by:

http://www.space.com/common/community/profile.php?u=1078916

Erectile DysfunctionClick this if you will.  It’s an ad for male erectile dysfunction enhancer pills – levitra.

What perked my interest was the space.com domain.  It’s space and astronomy stuff.

What is happening is that users (the spammer) register with space.com, and the user profile produced is actually the selling area for the knob pills.

Of extra interest is the full Wassup record of the event:

94.102.49.66 2009-07-17 14:34:50

/127/wordpress-internal-post-to-page-links-dont-work-properly/
Referrer: http://www.space.com/common/community/profile.php?u=1078916
Hostname: serv1.extremedhost.org
  • 94.102.49.66 is in Amsterdam
  • extremedhost.org is protected by “Protected Domain Services” of Colorado, USA.

Solution

wall of spam

wall of spam

Well I’m a bit fed up of these pains, so I thought .htaccess might be the way.  I’ve blocked IP addresses individually before and used the file for a host (pun intended) of things.  Now I’ve found a wildcard way of blocking such cracked profiles on public websites.

In a nutshell, I’ve blocked referrers coming from any web-page with ‘profile’ in it’s URL!  This seems a reasonable thing to do and won’t block too many valid visits.  This is the code:

# Spam Protection http://blog.taragana.com/index.php/archive/simple-htaccess-rules-to-block-spammers/
# and http://www.webmasterworld.com/apache/3048850.htm
#'profile' is because some sites are pinging from hacked profile accounts!!
SetEnvIfNoCase Referer profile spammer=yes
deny from env=spammer
# block all referrers that have spammer set:USE THIS IF ABOVE NOT WORK
#<FilesMatch "(.*)">
#Order Allow,Deny
#Allow from all
#Deny from env=spammer
#</FilesMatch>

The second remmed out (or commented) part (# is the line remark in .htaccess)is in case the first bit doesn’t ‘take’. From info on the web, some of this stuff doesn’t always work as intended and I assume the second bit is a belt-and-braces approach. Links to the sources I usually include in my .htaccess so that I know where I got it from! I’ve hyper-linked them here, but if you use it, ensure that the URL html tags don’t get copied into your .htaccess as well…

I could expand it to block sites with ‘viagra’ in their name, say, but this isn’t necessary – other things do that.  To me, this seems a reasonable way to hook down onto a key method that this spammer is using.  It just means that any system that uses a folder name of ‘profile’ won’t be able to click to me from that path.

Absolute Zoo

My creations

Hacked Account Zoo

To see the extent that space.com has been hacked into, just copy the spammer’s link and change the end of the query string to a different profile number….    Assuming profiles are added in numerical order (and why wouldn’t they be?), I had to go back to ~1076000 to find a “standard” user profile that wasn’t hacked for dodgy knob drugs!

That’s THOUSANDS!

Related Posts:

Comments are closed

Hacking Attempt Today via FoxReality

Multiple Attempts to Drop Trojan on This Website Failed

These are the Wassup details of the attack

69.65.41.165 2009-06-13 10:48:00

  • User Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
  • OS: WinVista
  • BROWSER: IE 7

As you can see SERVER[DOCUMENT ROOT]= is a part of php code and they’ve attempted to change my domain root to that of http://web.archive.org/web/20130611185214/http://www.foxreality.com/ which is part of Rupert Murdoch’s empire.

NOD32 NAC Trojan

NOD32 NAC Trojan

The hyperlinks above don’t work as the code failed. However, if you are brave, strip out the first bit and just go to as I did, and hopefully, your anti-virus or browser will kick in with a malware warning like mine did!   The malware is identified as a Trojan by my NOD32 anti-virus software as;  PHP/Small.NAC trojan

Conclusion

Someone has dumped a piece of malware on the Fox network and is now going round blogs and other websites to get them to point to the trojan and thus spread the nefarious package. It just needs one click!

As I type this, at 2009-06-13 10:51:43 I had two more attacks!!! That’s nine in the last few minutes.
Checking the web for references, I’ve found this Russian webpage where the trojan has been tested against various antivirus programs – about half don’t detect it and it’s from the end of May this year! See link, translated into English.

This is their test:

Файл test.txt получен 2009.05.27 20:52:02 (UTC)
Текущий статус: закончено Current status: finished
Результат: 16/40 (40%) Result: 16/40 (40%)
Цитата: Quote:
Антивирус.ерсия Обновление Результат Antivirus Version Update Result
a-squared 4.0.0.101 2009.05.27 Backdoor.PHP.Small.o!IK
AhnLab-V3 5.0.0.2 2009.05.27 HTML/Xema
AntiVir 7.9.0.168 2009.05.27 BDS/PHP.ali.1
Antiy-AVL 2.0.3.1 2009.05.27 –
Authentium 5.1.2.4 2009.05.27 –
Avast 4.8.1335.0 2009.05.27 –
AVG 8.5.0.339 2009.05.27 BackDoor.Generic_c.BTI
BitDefender 7.2 2009.05.27 Backdoor.PHP.ALI
CAT-QuickHeal 10.00 2009.05.27 –
ClamAV 0.94.1 2009.05.27 PHP.Shell-23
Comodo 1207 2009.05.27 Unclassified Malware
DrWeb 5.0.0.12182 2009.05.27 –
eSafe 7.0.17.0 2009.05.27 –
eTrust-Vet 31.6.6524 2009.05.27 –
F-Prot 4.4.4.56 2009.05.27 –
F-Secure 8.0.14470.0 2009.05.27 Exploit:PHP/Preamble.A
Fortinet 3.117.0.0 2009.05.27 –
GData 19 2009.05.27 Backdoor.PHP.ALI
Ikarus T3.1.1.57.0 2009.05.27 –
K7AntiVirus 7.10.746 2009.05.27 –
Kaspersky 7.0.0.125 2009.05.27 –
McAfee 5628 2009.05.27 –
McAfee+Artemis 5628 2009.05.27 –
McAfee-GW-Edition 6.7.6 2009.05.27 Trojan.Backdoor.PHP.ali.1
Microsoft 1.4701 2009.05.27 –
NOD32 4109 2009.05.27 PHP/Small.NAC
Norman 6.01.05 2009.05.27 –
nProtect 2009.1.8.0 2009.05.27 Backdoor.PHP.ALI
Panda 10.0.0.14 2009.05.27 –
PCTools 4.4.2.0 2009.05.21 PHP.ShellBot.M
Prevx 3.0 2009.05.27 –
Rising 21.31.21.00 2009.05.27 –
Sophos 4.42.0 2009.05.27 Troj/PHPBdoor-A
Sunbelt 3.2.1858.2 2009.05.27 –
Symantec 1.4.4.12 2009.05.27 –
TheHacker 6.3.4.3.332 2009.05.26 –
TrendMicro 8.950.0.1092 2009.05.27 –
VBA32 3.12.10.6 2009.05.27 Backdoor.PHP.Small.o
ViRobot 2009.5.27.1757 2009.05.27 –
VirusBuster 4.6.5.0 2009.05.27 PHP.ShellBot.M
Дополнительная информация Additional Information
File size: 1165 bytes
MD5…: f1a9b4e4b207cd38641061e1b72d4775
SHA1..: 33c02179e53c19e00897fb0c63501acc0a2233e8
SHA256: 0b3eef46d7111939962db133d2e75530fbb7946d92a33195ca 6b7f2e1affe43a
ssdeep: 24:kwauoGPmXvuH6dcFTGPmXvuH6dc4H6dcZ1Mpn6+YvKsLKPX VwuHENNTh:bBoC
gMQsCgMQfQu1M5XW0SNl
PEiD..: – PEiD ..: —
TrID..: File type identification TrID ..: File type identification
HyperText Markup Language (100.0%) HyperText Markup Language (100.0%)
PEInfo: – PEInfo: —
PDFiD.: – PDFiD.: —
RDS…: NSRL Reference Data Set RDS …: NSRL Reference Data Set

Needless to say I’ve blocked the source IP address now.  It was from GigeNET in Illinois, and they’ve been told!

Related Posts:

Top Browser, IE6!

Wassup

I use a myriad of plugins on my website (and have tested zillions more).

A plugin, for those that don’t know, is an add-on to the basic WordPress install that I use to run this blog.  You can get plugins for all sorts of blogging, forum and CMS systems…

Anyway, for a week, I’m going to leave the statistics that I collect using the Wassup plugin on view in the right menu.  Why?

A.  Because out of curiosity I wondered how my visitors compared to the general trend.

Browsers

Currently, over the past month, the top web browser of my visitors is IE6!!!  This is remarkable.  It was invented at the turn of the millennium!

It’s successor, IE7, is actually surpassed by Firefox 3!

This puts my visitor mix right out of the loop compared to the general worldwide statistics.  These are shown here:

Browser Splits

Browser Splits

In basic terms, my visitors are nothing like the average!  So fair play to you!  And fair play to me!

Operating Systems

My top visitor OS is Windows XP.  This ties in well with the Market Share data here.  I’m not surprised given it’s overwhelming dominance and the reluctance of consumers to move and the readiness of many manufacturers to supply roll-back versions of Vista.  I can see the trend continuing because M$ with Windows 7, intend to supply a roll-back to XP for that as well – bypassing Vista no less!

Conclusion

Frankly, it’s appalling.  IE6 is a major vector for the transmission of much of the malware zipping around the globe.  Granted, it’s probably installed as the default on a large number of cracked copies of Windows, but even then, there are many free and secure alternatives that can be used.

This is why I’ve installed another plugin to pop up a message to anyone reaching this website using IE6!  It advises them to change to a better browser with suggestions and links therein.  Unfortunately, I haven’t even got a test machine with that old crap on it so I don’t know if it works!  So anyone, let me know if you see the message, please!

BTW, I’ll turn off the browser & OS stats after a week of this as it slows down page loading a bit.

Related Posts:

Staggeringly Old Browsers and Operating Systems still in Use!

Strangely post on December 19th, 2008
Posted in Technology Tags: , , , , , , , , , , , , , ,

I’ve twiddled the settings on my Wassup Widget to show huge lists of all the OSs & Web Browsers hitting my poor little website.  They show in the first sidebar to the right.

Granted that the list has selective filtering applied because of the content and how the various search engines direct people here, but it’s still astonishing that people are not only still using IE5 of various flavours but also IE3 and worse!

To be frank I don’t even know how the website appears in those browsers – in fact, I don’t test it in IE of any shade any more….  I think that anyone who has trouble viewing with IE deserves all they get when there are so many better alternatives.  This applies to both rendering quality and security.

Also of interest is the fact that people are still web-browsing using win95 & winNT!

At least I now have good evidence for a reason for the rapid spread of malware of all types across the web…

(I’ll whip the list down in size in a while after I’ve got bored with it.  It’s a live analysis of the logs hitting my site for the last few months)

Related Posts:

Comments are closed

© 2007-2017 Strangely Perfect All Rights Reserved -- Copyright notice by me