Behold the ubiquitous list elements, <ul> and <ol>! These two sexy elements help millions of websites display lists of information in clean, semantic fashion. Without them, we’d be crawling around like filthy cavemen, eating dirt and howling at the moon.

But these list elements aren’t just sexy, they are also extremely flexible, enabling us humble designers to create robust list configurations that are semantically versatile and highly customizable. We all know how to throw down a basic list:

Continue Reading

In my recent article on blocking proxy servers, I explain how to use HTAccess to deny site access to a wide range of proxy servers. The method works great, but some readers want to know how to allow access for specific proxy servers while denying access to as many other proxies as possible.

Fortunately, the solution is as simple as adding a few lines to my original proxy-blocking method. Specifically, we may allow any requests coming from our whitelist of proxy servers by testing Apache’s HTTP_REFERER variable, like so:

RewriteCond %{HTTP_REFERER} !(.*)allowed-proxy-01.domain.tld(.*)
RewriteCond %{HTTP_REFERER} !(.*)allowed-proxy-02.domain.tld(.*)
RewriteCond %{HTTP_REFERER} !(.*)allowed-proxy-03.domain.tld(.*)

Continue Reading

Not too long ago, a reader going by the name of bjarbj78 asked about how to block proxy servers from accessing her website. Apparently, bjarbj78 had taken the time to compile a proxy blacklist of over 9,000 domains, only to discover afterwards that the formulated htaccess blacklisting strategy didn’t work as expected:

deny from proxydomain.com proxydomain2.com

Blacklisting proxy servers by blocking individual domains seems like a futile exercise. Although there are a good number of reliable, consistent proxy domains that could be blocked directly, the vast majority of such sites are constantly changing. It would take a team of professionals working around the clock just to keep up with them all.

As explained in my reply to bjarbj78’s comment, requiring Apache to process over 9,000 htaccess entries for every request could prove disastrous:

Continue Reading

Recently, a reader named Don asked about this theme’s accessibility (accesskey) jump menu located at the top of each page. Several people have commented that they like the way the jump menu “lights up” upon gaining focus. Whenever a user hovers their cursor over the region at the top of the page, all links in the jump menu change to a more visible color. Then, as the cursor moves over the various menu items, each jump link is further highlighted with an even brighter color and an underline. This progressive focusing is best seen in browsers that support the CSS :hover pseudo-class (e.g., Firefox, Opera, etc.), however the menu remains useful even in CSS-challenged browsers (e.g., Internet Explorer). In this article, I explain how the Perishable Press jump menu is built using Web standards via CSS and (X)HTML, and then provide the specific code required to emulate the jump menu as it appears here at Perishable Press.

Continue Reading

Since posting the Ultimate htaccess Blacklist and then the Ultimate htaccess Blacklist 2, I find myself dealing with a new breed of malicious attacks. It is no longer useful to simply block nefarious user agents because they are frequently faked. Likewise, blocking individual IP addresses is generally a waste of time because the attacks are coming from a decentralized network of zombie machines. Watching my error and access logs very closely, I have observed the following trends in current attacks:

• User agents are faked, typically using something generic like “Mozilla/5.0”
• Each attack may involve hundreds of compromised IP addresses
• Attacks generally target a large number of indexed (i.e., known) pages, posts, etc.
• Frequently, attacks utilize query strings appended to variously named PHP files
• The target URLs often include a secondary URL appended to the end of a permalink
• An increasing number of attacks employ random character strings to probe for holes

Yet despite the apparent complexity of such attacks, they tend to look remarkably similar. Specifically, notice the trends in the following examples of (nonexistent) target URLs, or “attack strings,” as I like to call them:

Continue Reading

In our original htaccess blacklist article, we provide an extensive list of bad user agents. This so-called “Ultimate htaccess Blacklist” works great at blocking many different online villains: spammers, scammers, scrapers, scrappers, rippers, leechers — you name it. Yet, despite its usefulness, there is always room for improvement. For example, as reader Greg suggests, a compressed version of the blacklist would be very useful. In this post, we present a compressed version of our Ultimate htaccess Blacklist that features around 50 new agents. Whereas the original blacklist is approximately 8.6KB in size, the compressed version is only 3.4KB, even with the additional agents. Overall, the compressed version requires fewer system resources to block a greater number of bad agents.

Continue Reading

Even with all the fancy-pants new features found in Windows XP and now Vista, Microsoft Windows 98 (Second Edition) remains our favorite Windows-flavored operating system. We love it so much, we still use it on one of our trusty laptops. Over the years, we have discovered several very useful functions available via the command line or even the “Run” prompt (Start → Run...). Anyway, without spending too much time researching or explaining these wonderful tools, we figured posting the information online may prove beneficial at some point in the future. So, without further ado, we present this working repository of helpful MS run commands:

Continue Reading

For those of us running Apache, htaccess rewrite rules provide an excellent way to block spammers, scrapers, and other scumbags easily and effectively. While there are many htaccess tricks involving blocking domains, preventing access, and redirecting traffic, Apache’s mod_rewrite module enables us to target bad agents by testing the user-agent string against a predefined blacklist of unwanted visitors. Any matches are immediately and quietly denied access.

There are many ways to obtain an effective htaccess blacklist. There are several excellent forums around the web that provide a plethora of priceless htaccess advice. Highly suggested. Additionally, after copying and pasting your favorite forum blacklist examples to your domain’s root htaccess file, you will want to continue with its development by tracking bandwidth thieves, comment spammers, and site scrapers and adding them to the list. Or, you may wish to skip the tedious grunt work and simply grab a copy of the Ultimate htaccess Blacklist!

The Ultimate htaccess Blacklist began as a short list of only the most heinous offenders. Blocking scum was such an enjoyable activity that we soon added to the list the identity of every nasty agent we could find. The result has been a very low-stress, spam-free site with virtually zero stolen bandwidth. The list is fairly comprehensive and attempts to blacklist as many site rippers, grabbers, spammers and bad bots as possible. While no blacklist could ever block them all (nor would they want to using this method)¹, an elaborate htaccess blacklist can do wonders to improve overall performance, decrease site maintenance, and reduce server expense. Overall, we consider this blacklist a great foundation on which to build and customize your own ultimate htaccess blacklist!²

Continue Reading

Welcome to Perishable Press! This article covers a plethora of search-engine optimization resources. For more excellent SEO information, check out the Optimization category archive. If you like what you see, I encourage you to subscribe to Perishable Press for a periodic dose of online enlightenment ;)

Search-Engine-Related Websites

• pandia.com optimization
• searchenginebulletin.com
• seo-help.com
• currentwisdom.com
• resource-zone.com
• Google Webmaster FAQ
• submit-it.com
• webmasterworld.com
• ihelpyouservices.com
• highrankings.com
• dmoz: Directories

Continue Reading

Perishable Press currently offers eight plugins for WordPress:

Authenticate

Authenticate is a free WordPress plugin that enables universal and/or targeted inclusion of custom content for both feeds and posts. Ideal for adding copyright information, distribution policy, thank-you messages, custom links, special offers, and much more. Custom content may be added to any location within posts or feeds — before, after, or even within post content. All options are set via admin control panel. Learn more about Authenticate, or download direct:

Download Authenticate
[ current version 1.0 | ~4KB | .zip | 1227 downloads ]

Authenticate Lite

Authenticate Lite is a free WordPress plugin that enables universal and/or targeted inclusion of custom content for both feeds and posts. Ideal for adding copyright information, distribution policy, thank-you messages, custom links, special offers, and much more. Custom content may be added to any location within posts or feeds — before, after, or even within post content. All options are set in the plugin file. Learn more about Authenticate Lite, or download direct:

Download Authenticate Lite
[ current version 1.0 | ~3KB | .zip | 1215 downloads ]

Contact Coldform

Contact Coldform is a fully functional, highly customizable contact form for WordPress. Features full Admin Options, easy installation, and clean markup. Includes anti-spam challenge question, user carbon copies, and much more. Solid performance, secure functionality, complete flexibility. Learn more about Contact Coldform, or download direct:

Download Contact Coldform
[ current version 0.88 | ~8KB | .zip | 4081 downloads ]

BlogStats PCC

BlogStats PCC is the easy way to display the total number of posts, comments, and categories, as well as several other great statistics for your WordPress-powered website. Learn more about BlogStats PCC, or download direct:

Download BlogStats PCC
[ version 2.3.0a | ~3KB | .zip | 2530 downloads ]

Category LiveBookmarks Plus

Category LiveBookmarks Plus is the easy way to provide complete autodiscovery functionality and “Post Smart” feed links to your WordPress-powered website. Learn more about Category LiveBookmarks Plus, or download direct:

Download Category LiveBookmarks Plus
[ version 2.3.0b | ~7.3KB | .zip | 3013 downloads ]

Head MetaData Plus

The Head MetaData Plus plugin is designed to complete a site’s head construct by including some of the more obscure meta tags, such as "author" and "copyright". This was one of the original plugins for customizing meta tags. Learn more about Head MetaData Plus, or download direct:

Download Head MetaData Plus
[ version 1.0 | 3.3KB | .zip | 2067 downloads ]

AddMySite (AMS)

AddMySite makes it easy for your visitors to add your site to the social bookmarking service of their choice. Users may bookmark your site at over 25 different social bookmarking services, which are concisely presented via drop-down menu or as a customizable list. Learn more about AddMySite, or download direct:

Download AddMySite (AMS)
[ version 0.88 (widgetized) | ~5KB | .zip | 2013 downloads ]

Export Blogroll for del.icio.us

The Export Blogroll for del.icio.us plugin simplifies the process of transferring the links in your WordPress Links Manager (aka the Blogroll) to your del.icio.us social bookmarking account. The plugin provides several export options, including category-specific export. Learn more about Export Blogroll, or download direct:

Export Blogroll for del.icio.us
[ version 1.0 | ~4KB | .zip | 1836 downloads ]

Welcome to WordPress Plugin Central! Here we will organize, review, and log any changes made to the plugins used here at Perishable Press. Our first task involves listing all of the plugins used as of May 29, 2006 (Note: This list is updated with every plugin modification and is current as of the “Edited on” date in the “Post Metadata” section to the left of this post):

Continue Reading