Typically malicious scans use some sort of encoding to obscure their payloads. For example, instead of injecting a literal script, the attacker will run it through a PHP encoding function such as base64_encode(), utf8_encode(), or urlencode(). So if and when you need to decode some discovered payload, you can use whichever decoding function will do the job. For example, base64_decode(), utf8_decode(), or urldecode(). Sounds straightforward, but let’s dig a little deeper.. Continue reading »
I love looking at beautiful source-code output. However WordPress tends to spit code out in random chunks, often leaving spaces, line breaks, and tabs littered throughout the source output. This messes things up. Lists don’t look like lists and logically written code often appears scattered along the page carelessly. Often, this is the result of poorly written PHP, which can be manipulated to write beautifully aligned code that looks as good as it works. Continue reading »
I am working on some new books and one of them focuses on CSS techniques. I can’t share any specifics at this point, but I am inviting CSS experts and enthusiasts to be featured in the book by contributing their favorite CSS snippet. Continue reading »
Some douchebag has been scanning my sites for a variety of potential database exploits. My sites are secure, so there is no real security threat, but the scans are extremely annoying and waste my server resources. Resources like bandwidth and memory that I would rather use for legitimate visitors. So after collecting some data and experimenting a bit, I wrote a simple .htaccess snippet to block a vast majority of these pathetic database-exploit scans. Continue reading »
Traceroute not working correctly via macOS Terminal app, which is how I’ve been doing it for years now. For some reason, the traces hang up and never complete for certain sites. After some time troubleshooting and not finding any solution, I decided to look for alternate ways of performing traceroutes and site pings. Fortunately there are tons of free tools. Here are some of the useful services and apps that I’ve found.. Continue reading »
Blasty is a paid online service that sends DMCA takedown notices to infringing websites on your behalf. As the author of several books, I paid for one year of the service in March of 2018 to help combat rampant piracy. And for several months the service worked great. I enjoyed receiving the periodic email reports letting me know of successful takedowns. And I could log into my account and check out specific takedowns, view reports, and find all sorts of […] Continue reading »
The nG Firewall is a carefully crafted set of security rules for Apache and Nginx servers. nG may be applied via your site’s public root .htaccess file, or added via server configuration file. Once added, 8G provides powerful server-level protection against a wide range of malicious requests, bad bots, automated attacks, spam, and many other types of threats and nonsense. It’s a lightweight yet super strong firewall that improves site security and peace of mind. Continue reading »
Working on the redesign of Plugin Planet, I needed a way to toggle between two divs based on which radio input is selected. This is useful for showing option-specific information conditionally, depending on the current active radio select field. This tutorial shows how to achieve it using vanilla JavaScript, so there is no need for including an entire library like jQuery. Very simple technique, requiring minimal amount of HTML markup and vanilla JavaScript. Continue reading »
After six months of on-again, off-again hard work (and plenty of unexpected challenges), I am excited to launch the new Perishable Press Bookstore. The old bookstore was located on a separate domain, but I wanted it to be better integrated with the main site here at Perishable Press. So now there is the site blog at perishablepress.com and the store at books.perishablepress.com. Continue reading »
This is an experimental technique that I am playing with. It’s the simplest possible way that I could think of to protect all files in the WordPress Media Library using only Apache/.htaccess. I’ve been testing the code on an image-heavy site and so far there are no issues. So I want to put the code out there for others to test and hopefully provide feedback if anything less than perfect. It’s a super simple method that prevents media files from […] Continue reading »
I like sharing my plans with those who will listen. For example, last year I said what I was going to do in 2019, and as far as I can tell it is mission accomplished. Now my goals for 2020 are a little more structured and ambitious.. Continue reading »
According to specification (and these helpful posts by Chris Coyier), CSS pseudo elements like ::before and ::after should be written with two preceding colons. It can be confusing because while pseudo elements are prefixed by two colons, like ::element, pseudo selectors (aka pseudo classes) are prefixed by only one, like :selector. So that’s the context for an odd little CSS bug.. Continue reading »
Recently WordPress sites have been getting hammered with random-string comment spam. The attackers are clever, using random text strings for every vector except the payload, which usually is the URL used for the comment’s Name link. But for these weird comment spams, the apparent payload is the email address. It’s the only part of the comment that’s not made up of random gibberish. Continue reading »
Finally got around to setting up and pimping out official Facebook pages for my main websites. It took awhile to get them all fleshed out with posts, graphics, infos, and so forth. And then took awhile longer to wait until there were enough likes to get those oh-so-special vanity URLs. You know you gotta have those things. And now at this point, they’re all pretty much ready for their close-ups.. and so without further ado, here is my growing collection […] Continue reading »
The Web is a beautiful, incredible thing. It enables anyone with a connection to access an entire universe of human knowledge. The Web is like this because it is free and open. We the people built the Internet and it belongs to everyone. Each person may claim their own piece of the Internet, but no one person or group may claim ownership of its entirety. The Web Belongs to Everyone. If you feel the need to control or regulate something, […] Continue reading »
The Opera and Brave web browsers are blocking many legit images (and likely video and other types of media). Thanks to the Opera settings “Block Ads” and “Block Trackers”, many legitimate (non-ad) images are broken. For Brave it’s the setting, “Block cross-site trackers”. These settings are all enabled by default. Apparently the blocking feature in Opera and Brave is determining (at least in part) if an image should be blocked based on its URL, file name, and possibly factors like […] Continue reading »