One thing I loathe about WordPress 2.5 is login cookies only last two weeks. So every two weeks I get prompted to login again. It is extremely disruptive to have to log in again, when just a few hours earlier I was logged in. The cookie logic should be tweaked that if you haven’t logged in over the past two weeks, then (maybe) the cookie should expire. but if I was allowed to work on the blog yesterday, why should I need to log in again today. The two week window should not be based on when I first logged in, but on when I last did administrative functions while logged in.

There aren’t any plugin hooks to the cookie setting functions of WordPress 2.5. But you can edit line number 547 of pluggable.php (which is under wp-includes of your WordPress installation) to lengthen the amount of time a cookie is stored for. Simply change the number at the end of the line
$expiration = $expire = time() + 1209600;
to ever how many seconds you want the cookie to be good for.

Two Weeks: 1209600
One Month (30 days): 2592000
One Year (365 days): 31536000
Ten Years (3650 days): 315360000

Once you’ve made that change, log out (in the top right of the administrative area) and then log in again to create the new cookie with the longer login time. Or simply wait two weeks for your cookie to expire, and then the next time you login, you’ll be all set.

Yes, I can see how this might be a security issue, since an attacker may stay logged in for a long time, and get past any system upgrades. (A system upgrade though should wipe any stored logins. Which doesn’t appear to be possible currently, since the cookie doesn’t store which version of WordPress the cookie is good for.) Or if your machine is compromised, your blog can be compromised. But generally, if that happens, you’re screwed anyways. So in this instance, ease of use is trumping security for me.

If you're new here, you may want to subscribe to my RSS feed. This allows you to read my newer articles without having to visit the site again. Thanks for visiting! Mike

I prefer having the time listed on the “edit posts” page under the WordPress admin area, instead of just the date of the post. Usually the URL you see this is something like (WP-base)/wp-admin/edit.php. I don’t see a hook to manage this format, so I couldn’t write a plugin. (If there is a hook, please let me know what it is!)

To edit the date and time that are displayed, simply edit line #74 in wp-admin/edit-post-rows.php (line 74 in WordPress 2.51, the line number may be different in other versions of WordPress). Change the portion that says “Y/m/d” to “Y/m/d H:i” and you’ll then see the time listed on the edit.php page. You can use any of the date/time formats defined by php.

I just received an email letting me know that Verizon is again changing their terms of service. It’s interesting that the first item listed below means they are changing their privacy policy and are going to share your account and identifying info if they even think you’re doing Bad Stuff. I wonder what was wrong with simply waiting for a legal order of some sort?

Also, i wonder if item #4 below means they could block bit torrent traffic?

And if you do go to the URL they provide for seeing more information (www2.verizon.net/policies) you have to give your area code and exchange to see the info. Hmmm, trying to keep researchers and other interested people out perhaps? Is anyone interested in a research project to see how the policies are different in different areas?

Effective June 9, 2008 - Important Information Regarding Changes to Your Verizon Online Terms Of Service

The following is an outline of important changes to the Verizon Online Terms of Service which are effective as of June 9, 2008. We have described these changes in general terms below and recommend that you review the complete Terms of Service to determine how these changes, and other routine changes being made simultaneously, apply to you or your use of the Service. The Terms of Service can be accessed by clicking on the “Policies and Terms of Service” link (www2.verizon.net/policies) at the bottom of any page of our Website. The Terms of Service, as revised, will govern your rights and obligations, and ours, with respect to your use of the Services we offer. As set forth in Paragraph 3 of the Terms of Service, your continued use of the Service after the effective date of these changes will constitute your agreement to the changes.

1. Reporting of Actual or Potential Violations of Child Pornography Laws. We have added language to our Acceptable Use Policy (AUP) making clear that the Service cannot be used in any fashion for the transmission or dissemination of images containing child pornography. In addition, in Section 5, Privacy Policy; Legal Compliance, we have added language making clear that (a) we are required by law to report any facts or circumstances reported to us or which we discover from which it appears there may be a violation of the child pornography laws; and (b) that we reserve the right to report any such information, including the identity of users, account information, images and other facts to law enforcement personnel.

2. Billing Start Date for Additional Services. In Section 8.1, Prices and Fees; Billing, we have added language stating that, unless otherwise noted at the time of purchase, billing for the Additional Services set forth on Exhibit B will begin either on your Service Ready Date if you are also ordering new Broadband Service or upon submission of your order if you are ordering only an Additional Service.

3. Refundable Deposits. We have added a new Section 8.8, Refundable Deposits, which permits us, in certain instances, to require a refundable deposit either prior or subsequent to activation of Service.

4. Modifications to AUP. We have added language to our AUP making clear (a) that we may monitor our subscribers‚ compliance with our Terms of Service and AUP; and (b) that we have the right, but not the obligation, to pre-screen, refuse, move or remove any content available on the Service including, but not limited to, content that violates the law, our Terms of Service or our AUP.

5. Verizon Premium Technical Support (PTS). We have added a new Section 6 to Exhibit B, Additional Terms, which sets forth the terms and conditions governing our provision, and your use, of the PTS service.

Please take time to review the complete Verizon Online Terms of Service. Thank you for being a Verizon Online customer.

As I mentioned yesterday when I noticed I passed the 30,000 spam comment threshold, the comment spam rate on the blog has gone through the roof. I dug out some of my old backups of my WordPress database and generated this chart showing how many spam comments I’ve received. This chart is from December 14, 2006 (8,105 spam comments) through today (31,601 spam comments).

This chart shows the daily rate of how many spam comments have been received. The peak before today was December 14-19, when I was getting 143 spam messages per day. Since yesterday the rate has been 1,154 per day.

I just deleted my 30,000th comment spam. I have no idea how high the count would have been had I not put into place several techniques that automatically block bad commenters. Those that fall into my traps don’t even get entered into the Akismet system, and so aren’t counted.

(Addendum 9:32pm: The count is now up to 30,447. That comes to one new spam comment every 63 seconds.)

Has anyone else noticed a large increase in the amount of comment spam that Akismet is missing this week? I’ve tagged and deleted more comment spam in the past week than I have in the past 6 months. I would guess across all of my WordPress sites, I’m manually tagging 10 messages a day. That is a huge increase. Are the spammers simply attacking at a higher rate? Or is Akismet not as effective as it used to be?

And why can’t Akismet learn that a comment in the format of: “eight words, all lowercase, all at least 7 letters long, a link inside an anchor tag, then the close tag, then a URL” is spam?

A setting you can make to help under WordPress 2.5: Go to the Settings tab, then the Discussion sub-tab. Under “Comment Moderation” have a “1″ for “Hold a comment in the queue if it contains __ or more links.”

One of my sites had this very odd entry in it’s log from overnight: (actual URL changed)

http://www.example.com/2005/06/24/title-in-here/%2B%25255bPLM=0%25255d%2BGET%2Bhttp:///2005/06/24/title-in-here/%2B%25255b0,16925,26735%25255d%2B-%25253e%2B%25255bN%25255d%2BPOST%2Bhttp:/wp-comments-post.php%2B%25255b0,0,349%25255d

If you do the hexadecimal recoding a couple times you end up with:

http://www.example.com/2005/06/24/title-in-here/+[PLM=0]+GET+http:///2005/06/24/title-in-here/+[0,16925,26735]+->+[N]+POST+http:/wp-comments-post.php+[0,0,349]

And if you assume the plus marks are actually spaces:

http://www.example.com/2005/06/24/title-in-here/ [PLM=0] GET http:///2005/06/24/title-in-here/ [0,16925,26735] -> [N] POST http:/wp-comments-post.php [0,0,349]

What is this trying to do? The only software I can find referring to PLM is Fred’s ImageMagick Scripts, which I don’t think is right.

Updated information 2008-03-29 11:55am

There have been a lot of requests like this. The first request was on March 7th, 2008 at 11:39:46, and the most recent (the one listed above) was March 29, 2008 at 03:43:01. From these IP addresses:
1 125.93.180.155
1 198.136.32.82
2 212.35.107.52
1 216.171.98.77
1 218.75.120.75
1 24.179.9.153
1 60.247.100.2
1 61.180.239.250
1 71.107.24.99
3 75.127.78.171
1 77.108.76.170
1 78.39.204.114
1 82.198.250.80
1 82.236.218.101
1 85.5.237.228
1 98.25.110.0

The user agent is also varied:
3 “Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)”
5 “Mozilla/4.0 (compatible; Powermarks/3.5; Windows 95/98/2000/NT)”
6 “Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b2) Gecko/20050224 Firefox/1.0+”
4 “Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.3a) Gecko/20021207 Phoenix/0.5″
1 “Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0″

Is this actually not an attack, but just some web browsing tool or toolbar that is doing funky things?

Updated information 2008-03-29 12:05pm

Hmmm, another of of my sites also has this type of request in its log.

I still watch TV using regular old rabbit ears. We have two TVs in the house, one in the living room, and one in the basement. They work fine, and are each over 15 years old. So a couple months ago when the U.S. Department of Commerce allowed people to apply for up to two $40 coupons for a digital to analog converter for older TV sets, I applied. The coupons are only good for three months, and there is a limited supply of them. I received the coupons today, but they expire on June 6, 2008. It took the government nearly two weeks to get them shipped out. Bizarre. Or government efficiency, you decide.

The “coupons” look like gift cards (or credit cards). They are bright red and are labeled “TV Converter Box Coupon Program.” There is a hologram on the front that says “Security” in a circle, with an eagle’s head in the center, and the letter “s” repeated in the background. The back of the coupon says “It is illegal to sell, duplicate or tamper with this coupon. This coupon will not be replaced if lost or stolen. Retailer Support Center: www.ntiadtv.gov.

If you’d like to apply for your coupons, or learn more about this program, go to www.DTV2009.gov.

I’ve been exploring the WordPress 2.5 Release Candidate 1. I found a few bugs that are probably related to AJAX or javascript under Safari 3.04. I made a few suggestions and comments for part of the new design aspect of the Administrative section. But one interesting thing I haven’t seen mentioned anywhere is WP 2.5’s “Secret Key.”

When you set up WordPress, you put your database settings in the wp-config.php file. There is a new line there:

// Change SECRET_KEY to a unique phrase. You won’t have to remember it later,
// so make it long and complicated. You can visit https://www.grc.com/passwords.htm
// to get a phrase generated for you, or just make something up.
define(’SECRET_KEY’, ‘put your unique phrase here’); // Change this to a unique phrase.

While I’m not sure what the “secret key” is used for, I prefer using my own pass phrases and passwords. I generally use the pwgen program to generate my passwords. This command
pwgen --numerals --capitalize --symbols --secure 64


entered in my PowerBook’s Terminal gave me a good password. You can install pwgen for OS X with these instructions: Building pwgen on Mac OS X. Why use pwgen over grc.com? Why not? It’s good to have options.

While perusing my apache logs, I ran across a lot of requests from a bot with the user-agent of “ShablastBot 1.0″ and all came from the IP address of 67.228.100.141. Reverse IP shows that 67.228.100.138 67.228.100.139 67.228.100.140
and 67.228.100.142 also resolve to shablast.com. One significant problem appears to be it doesn’t correctly parse out feed: URLs, so I have dozens of bad requests for things like “HEAD /2008/02/feed:http:/www.example.com/feed”

The other major problem is it sent out many many requests in a very short amount of time. Luckily, the server throttled the connections before any damage could be done. But for now I’ve blocked both the ShaBlastBot user-agent and the known IP addresses of that agent from my server.

There isn’t any obvious way to contact any one at ShaBlast about the problems, although I did leave a comment on the site’s blog.