Category Archives: wordpress

Turkish WordPress?

OK, WTF has happened to WordPress?  Why does it suddenly think my blog is in Turkish?  Not of course the contents, but all the template stuff, and – far worse  – the settings and preferences that should (I guess, though I never actually tried it) enable me to switch to my choice of language.

Confirmed it’s not my browser playing sillybuggers by accessing it from three different browsers[1] on three different computers.  Chrome offers to translate this page, but that’s not going to help with a bunch of clientside-scripted menus!

OK, try another tack.  ssh in to a remote machine on another continent and check the blog with lynx.  Aha, it’s now in English!  Hmm, could that difference be because I’m not logged in?  Try to log in, but fail because Lynx rejects WordPress’s SSL certificate and refuses to talk to it.

OK, what happens if I fire up a spare browser that’s never logged in from a local desktop?  It’s in English.  And when I log in with Safari, it’s still in English.  This is getting silly!

Resolution: when I reload this composition page in Chrome, it’s reverted to English.  Someone or something was playing sillybuggers but got fixed.  Was WordPress hacked?  Did some sysop at WordPress screw up?

Or could it even have been some sysop at my ISP running a supposedly-transparent proxy that messed with browser preferences?  That’s the most worrisome: I got email from them recently inviting me to “protect” myself, and I suspect they’re implementing some Endarkenment.  A glitch in something more sinister?  My next test would’ve been to route my (turkish-infected) desktop browser through another network, but the return to English pre-empted that.

I don’t know when whatever caused the Turkish first appeared, only when I first saw it – which was a little before 09:00 UTC.  Anyone else see Turkish wordpress in recent hours?  Or even – if you’re a Virgin broadband user – other sites unexpectedly in Turkish?

[geek note: I could also have tested for a rogue browser preferences setting by visiting a multilingual site like Apache server docs that display in Turkish if your browser asks for it.  But that would’ve left open the possibility of misdiagnosing a glitch associated with an ISP-run database having different routing/rules for different sites].

[1] Iceweasel, Firefox and Chrome, in that order.

Comment spam

Back in May I mused idly about hair in a very brief blog post.  For months now I’ve been plagued with a torrent of comment spam on that particular post, and I’m now disabling comments on it altogether.

This is the most unsubtle form of spam, full of utterly blatant keywords and phrases like “nude teens”, “pre-teen sex”, “lolitas”, “hairy pussy”, “nymphet incest” linking to the spammer’s sites.  So surely it should be trivial for a spam filter like akismet to deal with them?

Akismet can tend to be over-zealous with legitimate comments, and regularly tends to caution when posts contain links.  For example, Andrew’s recent comment on my Mac troubles includes helpful links which caused Akismet to send it to me for moderation.  Most regular spam just gets automatically binned without my ever knowing about it unless I actively take the trouble to check.  So how the heck does this particular crap get past it?  If Akismet were human, I’d have to suppose (s)he was either being blackmailed or taking backhanders!

It’s not even as if links from here have obvious spam value: wordpress automatically inserts rel=nofollow to tell the ‘bots to ignore them.  And my blog is actively managed: I welcome comments but remove spam, including the traditional innocent-looking stuff that just says something bland like “nice blog”, or even spam compliments like a “thank you for saying that” where they wrap a link.  My criterion is not what someone links to, but whether the ‘comment’ contributes to discussion or is a ‘bot that’s just posting at random or at best has latched onto some key word or phrase in a post.

Talking of which, I wonder why that particular post attracted so much crap?  Is it perhaps the phrase “Long luxuriant hair” appearing in a legitimate comment?  Or maybe the title of the blog entry means something different in the spambot’s world?

Let’s see if this entry attracts similar crap.  If it does, I might (reluctantly) have to close comments here too.

Bizarre

Occasionally I follow a wordpress tag.  On my own blog, to find an old article.  Or on wordpress as a whole.  The latter shows a “featured blog”, which sometimes (but not always) seems relevant to the tag.  There’s quite often lunatic-fringe political ranting, that has led me to wonder if someone at WordPress regards the entire Bush team as wishy-washy liberals.

Recently I’ve seen something altogether more bizarre.  A “featured blog” that seems to be no more than computer-generated random text.  Here’s a snapshot from just now, for the “apache” tag.  A “featured blog” that’s gibberish, followed by the most recent real blog entries to use the keyword.  These entries sometimes include spam too, though the current entries are legit.

A salutory lesson

Just read the sad tale of the demise of Gianugo’s blog.

In short, it fell victim to a spammer/cracker inserting something nasty, which only got noticed when the entire blog fell out of google.  Gianugo had fallen into the common trap of assuming a personal site too insignificant to be of interest to an attacker (a mistake with which I entirely sympathise).  If I’m not much mistaken, Gianugo knows what he’s doing, and if it can happen to him, it can happen to any of us.

For me, this is a very good reason to host my blog at wordpress.com – one less thing to worry about.  Which is not to say I won’t fall victim to a similar attack, either my own server through something different, or my blog through a successful attack on wordpress.com.  We can but do our best to protect ourselves against known dangers!

A new rain of spam

Yesterdays and todays news is that the ‘merkins have arrested one of their top spammers in Seattle. I don’t know how much difference this’ll make, but my understanding is that it’s one or two altogether different US states that give spammers a safe haven and could really make a big difference. Along with the world at large.

Here on the blog I’ve had a recent deluge of trackback spam pointing to something called “correctserver.com”. It’s a subtle one: I first saw it when I referenced an earlier post, and saw not just the one (legitimate) trackback, but a second one appearing simultaneously. I first took that for an innocent wordpress malfunction, then realised that the trackback from “[my post ]| Server software” was spam pointing to someone’s copy of my post. Since then I’ve had a number of them from the same spammer, and they get right through Akismet.

Today I just realised it’s more subtle than that. A week and a half ago, Danny Angus referenced my blog in an entry on his own. The first I saw of that was the trackback; then I saw it on Planet Apache. OK, fine, a legitimate trackback, right? Nope, it was only just this morning it showed up in my feed as [Danny’s entry]|Server software that I realised it didn’t link to Danny’s post, but to the spammer’s copy of it at correctserver.com.

A subtle and devious technique. WordPress admin and Akismet: I hope you’re listening!

wordpress.com is pwned!

… is the only explanation I can see.

My last post “is it blog spam” appeared as “private” when I first hit the “publish” button. Before I’d even made it public, two comments had appeared. They were trackbacks that were definitely and unambiguously spam.

That must surely have come from within!