Perishable Press

A reader recently brought to my attention a reported vulnerability on servers running PHP (404 link removed 2016/02/22). It’s been known about for eons, but it’s new to me and it involves easter eggs in PHP so I thought it would be fun to share a quick post about what […]

Ill requests and malicious scans have been spiking recently, to the point where server performance was really taking a hit. One scan in particular hammered the server with thousands of bad requests in just a few minutes. There are people out there with strong scripts and small minds that are […]

Okay, so Summer’s over, kids are back in school, and I’m finding all sorts of free time to continue writing and posting. One of my Summer projects involved updating & optimizing one of my old project sites, DeadLetterArt.com. It was basically a huge clean-up session that included lots of content […]

Please excuse this self-serving, miscellaneous post, but I’ve just got to purge all of these code snippets and scraps collected over the years. Whenever I update this site, I place any removed/unused code snippets into a giant note file for future reference, just in case. There’s all sorts of different […]

Free WordPress plugins! Here is my current offering of plugins for WordPress. Enjoy! Alternately these plugins are available at the WP Plugin Directory and at Plugin Planet »

Updated June 30th, 2016: All code current with WordPress 4+. The permalink rules in this article should work with all versions of WordPress. I recently performed a series of tests on a fresh installation of WordPress to determine the exact .htaccess rewrite rules that WordPress writes to its .htaccess file […]

Welcome to Perishable Press! This article, Stupid .htaccess Tricks, covers just about every .htaccess “trick” in the book, and easily is the site’s most popular resource. In addition to this tutorial, you also may want to explore the growing .htaccess archive. Along with all things .htaccess, Perishable Press also focuses […]

This post summarizes Blackhole for Bad Bots version 4.0+. For older versions, check out the original tutorial. Please read the original tutorial for download, demo, and important information about the standalone PHP version of Blackhole for Bad Bots. The following guide is meant to simplify things for users of Blackhole […]

I recently redesigned my .htaccess site, htaccessbook.com. Before the redesign, I was using bbPress for the forum functionality. It worked okay for a few years, but along the way there were all sorts of really nasty bugs and important things breaking. It seemed like, no matter what, each updated version […]

Redirecting stuff with .htaccess generally is pretty straightforward, but there can be a lot of confusion when it comes to targeting patterns that include numbers. I think this largely is due to the syntax used for matching numbers in regular expressions. It’s sort of unintuitive until you get the hang […]

Typically malicious scans use some sort of encoding to obscure their payloads. For example, instead of injecting a literal script, the attacker will run it through a PHP encoding function such as base64_encode(), utf8_encode(), or urlencode(). So if and when you need to decode some discovered payload, you can use […]

Whether you’re running WordPress or not, your site may be getting hit by endless scanning for your site’s uploaded files and similar nonexistent resources. Specifically, the “Greasy Uploads Scanner” endlessly scans sites for nonexistent resources in the /uploads/ directory, even if the directory itself doesn’t exist. Just mindless scanning for […]

Suffering from spammers, content scrapers, bandwidth leeches, and other bad bots? Got some loser stalking your chat forum? Site getting scanned by endless malicious requests? In this tutorial, you’ll learn how to block bad bots and users with minimal effort. Keeping the trash away from your site is gonna free […]

I wrote recently about how to block proxy visits with WordPress. That article provides a simple, plug-&-play script that you can drop into WordPress-powered site. This article goes further with two effective techniques for blocking proxy visits to your site using only PHP. These techniques work for any PHP-enabled site, […]

A little late this year, but following tradition here is my list of the absolute worst IP addresses from 2016. All in nice numerical order for easy crunching. These IPs are associated with all sorts of malicious activity, including exploit scanning, email harvesting, brute-force login attacks, referrer spam, and everything […]

Finally got around to setting up and pimping out official Facebook pages for my main websites. It took awhile to get them all fleshed out with posts, graphics, infos, and so forth. And then took awhile longer to wait until there were enough likes to get those oh-so-special vanity URLs. […]