“Exploring Minimalist Thought and Expression in Contemporary Web Design”

Welcome to our ongoing series of articles exploring minimalism in modern web (and graphic) design. With this post, we continue our exploration of the Web’s most inspiring and intriguing minimalist presentations. Staying true to the spirit of minimalism, each showcase will be kept as clear and concise as possible, focusing on tangible and practical aspects of each featured site. We will discuss aesthetics and functionality on both sides of the browser, examining elegance and simplicity within a Web-Standards context..

Continue Reading

Since posting the Ultimate htaccess Blacklist and then the Ultimate htaccess Blacklist 2, I find myself dealing with a new breed of malicious attacks. It is no longer useful to simply block nefarious user agents because they are frequently faked. Likewise, blocking individual IP addresses is generally a waste of time because the attacks are coming from a decentralized network of zombie machines. Watching my error and access logs very closely, I have observed the following trends in current attacks:

• User agents are faked, typically using something generic like “Mozilla/5.0”
• Each attack may involve hundreds of compromised IP addresses
• Attacks generally target a large number of indexed (i.e., known) pages, posts, etc.
• Frequently, attacks utilize query strings appended to variously named PHP files
• The target URLs often include a secondary URL appended to the end of a permalink
• An increasing number of attacks employ random character strings to probe for holes

Yet despite the apparent complexity of such attacks, they tend to look remarkably similar. Specifically, notice the trends in the following examples of (nonexistent) target URLs, or “attack strings,” as I like to call them:

Continue Reading

Update 2010/07/07: Please visit the 2010 IP Blacklist for more current information.

Over the course of each year, I blacklist a considerable number of individual IP addresses. Every day, Perishable Press is hit with countless numbers of spammers, scrapers, crackers and all sorts of other hapless turds. Weekly examinations of my site’s error logs enable me to filter through the chaff and cherry-pick only the most heinous, nefarious attackers for blacklisting. Minor offenses are generally dismissed, but the evil bastards that insist on wasting resources running redundant automated scripts are immediately investigated via IP lookup and denied access via simple htaccess directive:

<Limit GET POST PUT>
 order allow,deny
 allow from all
 deny from 123.456.789
</LIMIT>

Although many of the worst attacks happen in randomized, zombie-like fashion, I have found that individual IPs that are not blacklisted will return repeatedly until finally blocked. Yet, despite the short-term success enjoyed by denying access to the most malicious IPs, the long-term futility of such blacklisting reflects the temporary nature of this solution. In other words, I have found that blocking individual IPs is useful only for limited periods of time. Thus, every year, I gather my code and flush the blacklist of all individually blocked IP addresses. I then start fresh, adding the worst villains to the list, blocking entire IP ranges if necessary, and referring to previous versions of my htaccess files to cross-check suspiciously familiar entities. It is within this context, then, that I present the following manually assembled collection of over 150 of the worst spammers, scrapers, and crackers to hit my site in 2007.

Continue Reading

Continuing my quest to stop comment spam without using plugins, I have decided to disable comments on “old” posts. In my experience, over 90% of comment, trackback and pingback spam occurs on posts that have been online for over a month or so, just long enough to be indexed by the search engines and picked up by spammers. Especially for older posts that have managed to acquire a little page rank, the frequency of spam attempts is far greater than it is for fresher content. Throw dofollow comment status into the mix, and say “hello” to a hellish number of spam attempts on established pages. Thus, my evolving anti-spam strategy now includes discussion management, which involves periodic closing of feedback on older posts. In this article, we will examine currently available methods of managing comments, and then proceed with a versatile toolbox of SQL queries for complete discussion management.

Continue Reading

During the recent ASO server debacle, I raced frantically to restore functionality to Perishable Press. Along the way, one of the many tricks that I tried while trying to fix the dreaded “white screen of death” syndrome involved increasing the amount of PHP memory available to WordPress. This fix worked for me, but may not prove effective on every installation of WordPress. If you are unsure as to whether or not you need to increase your PHP memory, consult with your host concerning current available memory ¹ and overall compatibility with a localized increase. Note that if your blog is running fine, there is probably no need to employ this solution. I recommend this change only if you are experiencing PHP-related and/or PHP memory issues associated with any of the following:

Continue Reading

Recently, while dealing with the dreaded white screen of death, I found myself unable to login to the WordPress Admin area to manually disable all of the plugins used here at Perishable Press. In the past, I have dealt with this situation by simply deleting all plugin files from the server, however this time, time was of the essence — I had only a few minutes with which to troubleshoot, diagnose, and ultimately resolve the deadly white-screen syndrome. Fortunately, after a few minutes of digging through the WordPress Codex, I had discovered enough information to successfully complete my mission. Now that the fiasco is over, I want to share a simple technique for quickly disabling and (re-)enabling your entire set of WordPress plugins.

Continue Reading

This trick isn’t guaranteed to prevent all WordPress-generated PHP memory errors, but it certainly seems to help reduce their overall occurrence. For some reason, after my host upgraded their servers to Apache 1.3.41, I began logging an extremely high number of fatal PHP “memory exhausted” errors resulting from the WordPress cache.php script. Here is an example of the countless errors that are generated:

Continue Reading

Testing..

[ Please ignore this post ]

Just a quick tip on how to create error-free links to feed validation services for feeds that are redirected through Feedburner. For example, let’s say our site’s main feed is originally located at:

http://domain.tld/feed/

If we wanted to provide our visitors with a link that would enable them to automatically validate our feed using a free service such as feedvalidator.org ¹, we would create the link as follows:

Continue Reading

During my last redesign and site overhaul, I finally made the leap from WP 2.0 to 2.3. In the process of synchronizing data and removing unecessary plugins, I managed to replace several keyword- and meta-related plugins with the incredible All in One SEO Pack (AiOSEO). One of the plugins replaced by AiOSEO is Autometa, an otherwise very useful meta-keywords management tool.

Over the course of a year or so, Autometa had accumulated a significant number of meta keywords in its associated database table. Thus, to keep these keywords, I needed an effective way of transfering them from Autometa to AiOSEO. I definitely wanted to avoid having to manually re-enter the data.. — perhaps a direct database migration?

Fortunately, I am not the first person to blaze this trail, as I gladly discovered an excellent thread in the WordPress forums that provided the perfect solution. After successfully transferring my Autometa data into AiOSEO, I decided to share the technique in “official” tutorial format ;)

Continue Reading

I am going out on a limb here, but my guess is that most bloggers are not taking advantage of Gravatars. Most of the sites that I visit do, however, take full advantage of the opportunity to sport a favicon. Understandably, favicons have been around for much longer than Gravatars and therefore are much more prevalent.

Still, I can’t help but wonder why more people aren’t taking advantage of the free personalized avatar service provided by gravatar.com. For every Gravatar-enabled site there are many opportunities to build brand recognition. And there are many Gravatar-enabled sites from which to choose.

Just as favicons are excellent tools for transforming a user’s browser into a fully branded web portal for your site, so are gravatars, favatars, and other avatars incredibly useful marketing tools for your blog. If you need to further develop a strong sense of name-recognition and brand-awareness, take a few moments to implement and customize these three “must-have” branding tools:

Continue Reading

Just a note to announce a site upgrade to WordPress 2.3.3. The upgrade went well, but overall server performance continues to suffer. I am aware that some people are experiencing difficulties leaving comments and even accessing the site in general. Rest assured, I am working with my hosting company, A Small Orange, to get everything back on track and running smooth. In the meantime, I appreciate your patience as we work to resolve the issues, restore full functionality, and return to reliable performance.

Please share any helpful observations regarding the site here. — Thanks!

Welcome to the Perishable Press “Blacklist Candidate” series. In this post, we continue our new tradition of exposing, humiliating and banishing spammers, crackers and other worthless scumbags..

Scumbag number 2008-02-10, “COME ON DOWN!!” — you’re the next baboon to get banished from the site!

Like many bloggers, I like to spend a little quality time each week examining my site’s error logs. The data contained in Apache, 404, and even PHP error logs is always enlightening. In addition to suspicious behavior, spam nonsense, and cracker mischief, this site frequently endures automated and even manual attacks targeting various XSS exploits, WordPress vulnerabilities, and other potential security holes. Although the number of successful attacks remains relatively small, the very nature of some of the attacks serves to threaten site performance, security and stability. Such is the case of blacklist candidate number 2008-02-10: IP address 128.111.48.138.

Continue Reading

How to streamline and maximize the effectiveness of your WordPress URLs by using htaccess to remove extraneous post-date information: years, months, and days..

Recently, there has been much discussion about whether or not to remove the post-date information from WordPress permalinks ¹. Way back during the WordPress 1.2/1.5 days, URL post-date inclusion had become very popular, in part due to reports of potential conflicts with post-name-only permalinks. Throw in the inevitable “monkey-see, monkey-do” mentality typical of many bloggers, and suddenly an entire wave of WordPressers had adopted the following permalink structure:

/%year%/%monthnum%/%day%/%postname%/

The benefits of using this format are primarily organizational in nature. Post-date information that is “built-in” to every URL provides immediate, “at-a-glance” knowledge of post “freshness”. Looking ahead ten, twenty or even a hundred years into the future of the blogosphere, there will be trillions of posts and articles, each with their own unique URL. Archived copies of content may or may not include creation date: dynamically archived pages require deliberate database queries, while those archived statically may no longer have access to post-date data. Including post dates in permalinks provides permanent, facilitative record of content origination. Needless to say, most adopters of dated permalinks probably jump on board because the WordPress Admin makes it super-easy to follow the crowd.

Continue Reading

I use the CSS clearfix hack on nearly all of my sites. The clearfix hack — also known as the “Easy Clearing Hack” — is used to clear floated divisions (divs) without using structural markup. It is very effective in resolving layout issues and browser inconsistencies without the need to mix structure with presentation. Over the course of the past few years, I have taken note of several useful bits of information regarding the Easy Clear Method. In this article, I summarize these lessons learned and present a (slightly) enhanced version of the clearfix hack..

Continue Reading