BotBlock with Invisible CAPTCHA

It looks like LinkSleeve has been failing me lately. The past week I've been inundated with comment spam. So, to fix that problem, I updated the BotBlock plugin. You can download version 0.2.0 here. Just unzip and drop it in your LnBlog/plugins directory, overwriting the old version.

For the new version, I basically rewrote the plugin. The old version did nothing but force bots to download the comment form before submitting, which was fairly useless.

The new version, however, implements an invisible CAPTCHA. This is not the annoying image-based CAPTCHA you see all over, but rather a simple math problem. Furthermore, it's "invisible" to anyone with JavaScript enabled - i.e. it includes JavaScript code to automatically solve the CAPTCHA and hide the form field. So, for 90% of visitors, the comment form should work as before, but block any bots that don't interpret JavaScript (which is a lot of them). For the rest, there will be a simple math problem and they will be prompted to type in the answer. (Note: There is an option to turn the non-JavaScript text off, if you're so inclined. Of course, that makes it less accessible, but apparently lots of people are into discriminating against the disabled.)

As a fall-back measure, I also included an option (on by default) for some simple content filtering - that is, comments with HTML links in them get blocked. The idea is that most of the comment spam I get includes plain text, HTML, and BBCode links, but LnBlog only allows plain text in comments. Therefore, anyone who posts a comment with an HTML link is either a spammer or too stupid to read the instructions. Either way, we probably don't care what they have to say.

So there it is. I haven't had any comment spam since installing the new version on my site. Of course, I'm still having problems with TrackBack spam for some reason. Apparently the LinkSleeve and TrackbackValidator plugins aren't working for this particular wave, though I don't know why. I'll have to work on that.

I have returned

It's hard to believe it's been 6 months since I posted an update here. That's by far the longest lapse since I started working on LnBlog.

If you're curious as to the reason, I started doing some serious refactoring back in late April and May, so the codebase was in serious flux. Then I got distracted looking for a new job. Then I found a new job and got distracted adjusting to it. Then I had to move for the new job and, well, you get the idea.

So now I'm settled in at my new job as a full-time LAMP developer, I'm moved into our new house and about ready to put the old one on the market, and so now I feel like a little hobby coding again.

I'll start with the bad news. I'm probably not going to be releasing anything for a little while, what with having to fix up the code and refamiliarize myself with where I left off. I'm also switching to PHP 5 after the next release, so if your host only has PHP 4, sorry, but you're out of luck. PHP 4 has finally been officially EOLed anyway, so it really is time for everyone who's still on version 4 to upgrade.

The good news is that I've already uploaded some fixes to my site, so it should be mostly working again. I've also been getting lots of good experience at my new job, so I'm expecting the overhaul of LnBlog to speed up. I've also got lots of new features in mind, particularly on the user interface side. But first I have to clean up the mess I made earlier this year.

There will be more updates in the coming weeks. Stay tuned!

LnBlog 0.9.0 is finalized

Well, I'm done. LnBlog 0.9.0 is now officially available. You can grab the zip archive here or go to the download page to get it.

There are a lot of new features in this version. You read a somewhat more thoughtful discussion of them in the beta 1 announcement. In this post, I'll just give the quickie list.

  • Most data files are now XML. Old formats are still supported (no need to convert).
  • Support for running blogs on multiple subdomains from a single installation.
  • Consolidated the per-blog PHP wrapper scripts.
  • Support for saving draft entries to be published later.
  • New Linksleeve anti-spam plugin.
  • Improved support for blogging APIs, including support for the MoveableType API.
  • Reply management pages for bulk listing/deleting of replies.
  • Improvements (?) to file writing configuration.

To upgrade from a previous release, follow the usual procedure:

  1. Make backup copies of each of your blogs, just to be safe.
  2. Rename your old LnBlog directory on the server.
  3. Upload the new LnBlog in its place.
  4. Copy your old LnBlog/userdata directory into the new LnBlog directory, overwriting the existing files.
  5. Log into the administration page and run an upgrade on each of your blogs.

As an additional note, the URLs for XMLRPC-based services has changed. LnBlog has adopted the Wordpress style and just consolidated them all (APIs, Pingbacks, etc.) in a single xmlrpc.php script located in the root LnBlog directory. If you want to use a blogging client that supports the Blogger 1.0, MetaWeblog, or MovableType API, you should point it to that file.

It's late and that's about all I can think of for now. As usual, feel free to pass on any comments, suggestions, feature requests, or bug reports. You can e-mail me, leave a comment, or use the SourceForge issue tracker or forums.

Last beta for 0.9.0

Time for the last beta release: LnBlog-0.9.0b3.zip. No new innovations here, just some bug fixes for draft updating, JavaScript on subdomains, and a few other things. Barring any more bug discoveries, this will become the final release before too long.

Version 0.9.0 beta 2

Well, here's the next beta: LnBlog 0.9.0 beta 2.  There's nothing really new in this release - just big fixes from the last beta.  Mostly they're related to the URL changes from getting rid of the zillion wrapper scripts.

So far, this beta seems to be working pretty well.  I'm going to let it bake for a week or so, and if all goes well, make it final.  In the mean time, I'm going to try to work on the end-user documentation a bit.

LnBlog 0.9.0 beta 1

It's finally that time again. LnBlog 0.9.0 beta 1 is ready for those adventurous souls who feel like taking it for a spin. You can download it here. I actually hadn't intended to get to version 0.9.0 quite yet, but on the way to 0.8.3, I accumulated so many features and under-the-hood changes that a higher version number seemed justified.

If you want to upgrade to the beta version on a live web server, I strongly recommend backing up everything related to your existing LnBlog installation. That means your entire LnBlog directory and each one of your blog directories. I don't expect that anything will go wrong (it didn't for me), but there are a lot of changes in this version and I'd hate to see anyone lose data because of it.

In addition, if you are upgrading from a previous release, please note that you will need to run an upgrade on each of your blogs. You probably won't forget this because there is now a helpful reminder in the sidebar under you logout link.

As for the changes and new features, here's the quick list:

  1. Entry, reply, and user data files have all been converted to XML format. Old files will still be read, so there is no need to convert.
  2. Support for running blogs on multiple subdomains from a single installation.
  3. Lots of those annoying wrapper scripts in the blog, entry, etc. directories have been removed. For existing blogs, the unused wrappers will be deleted when you run an upgrade.
  4. Support for saving draft entries to be published later.
  5. New Linksleeve anti-spam plugin.
  6. Lots of fixes to the blogging APIs. Note that the Blogger, MetaWeblog, and Pingback implementations are now combined in a single xmlrpc.php file, so adjust the URIs in your blogging client accordingly.
  7. Added a "manage replies" feature to view all replies for various levels of archives.

I'm not planning to add any more significant features to this release, otherwise it will drag on forever. However, I am a bit unsure about some of the user interface elements, and I would love any feedback people have on them.

My two big UI questions are the new feature in the entry editor to automatically add a link when you add a file to be uploaded. There is a checkbox in the entry options to turn that off, but I'm generally not satisfied with this. It would probably be better to pop up a prompt window, but that will wait for another release....

The other thing I'm unsure about is the new file writing setup page. It's significantly longer and more verbose than the previous version. That's partially because I added the subdomain options to it, and partially because I added file permission settings and some option buttons to help guide the choice. I'm not really happy with the final product, though. I'm thinking it would be better to break the different sections out into a multi-step wizard kind of interface. I'm also not sure I'm doing a good job explaining the options and issues with configuring file writing. I guess I'm just not sure how to explain the technical details of the the various possible permission, ownership, and safe mode configurations in a non-technical way.

As usual, any feedback is greatly appreciated - suggestions, bug reports, whatever. Leave a comment, send an e-mail, or use the SourceForge tracker. Unfortunately, I am currently unable to accept feedback via telepathy.

New BotBlock plugin

I've just uploaded a new version of the BotBlock plugin. This one adds two options. One makes the comment check depend on a cookie, so user agents that don't accept them will be blocked. The other option blocks any comment that contains markup for HTML or BBcod-style links. Since markup isn't allowed in comments anyway, it's a pretty good bet that comments with links are spam. Either that, or the commenter wasn't paying attention.

Now on a subdomain

Well, now that I have a host that supports subdomains, I've finally gotten around to adding subdomain support to LnBlog. And so, the URL of this page has now changed to http://lnblog.skepticats.com/. Thanks to the wonder that is mod_rewrite, the old URLs should continue to function.

And, of course, it goes without saying that subdomain support will be in the nex release of LnBlog. Of course, first I'll have to add a user interface to configure it, but at least the back-end code is working now.

New file writing twists

It looks like I've got my file permission issues sorted out now. I case you didn't know, I've moved to a new web host and I ended up having some issues with LnBlog.

My previous host ran PHP as an Apache module. In this configuration, andy files PHP creates are owned by the Apache user. Basically, this means that if you want a script to write to the filesystem, you have to disable safe_mode and make everything world-writable, or you have to use FTP. This is the scenario I had in mind when I wrote the NativeFS file writing module for LnBlog.

My new host, however, runs PHP suexec. This means that PHP is running as CGI, not an Apache module, and is running as my regular user account, not the Apache account. Thus, there is no need to worry about file permissions or ownership, because everything "just works."

Well, almost everything. It turns out that the server objects to scripts and directories that are world-writable, throwing an internal server error. This is a good thing as far as security goes. However, the NativeFS module, by default, makes everything world-writable because it was designed for the mod_php scenario. Hence it doesn't work.

Needless to say, I've fixed this problem and deployed it on my site. Basically, I've just added the ability to set the permissions for LnBlog to use when creating files. I just have to work out the configuration interface and then I'll put up a maintenance release.

LnBlog 0.8.2 finally released

Well, it's finally release time again. I've put up LnBlog 0.8.2. As usual, you can find it on the download page or just grab the release archive.

I'll be honest with you: it's been so long since the last stable release, I don't really remember all the changes. I just know there have been quite a few of them. I'll try to highlight the big ones, but if you're really curious, just read the last few blog entries and/or the changelog.

  • Change organization of theme style sheets.
  • Added option in system.ini to group all replies (comments, Pingbacks, and TrackBacks) into a single list.
  • Added mass deletion of replies.
  • Improved the sidebar calendar and made it AJAX-powered.
  • Added interface on admin page for administrators to modify user accounts.
  • Converted entry data files to XML format (don't worry - it'll still read the old format).

Thanks to everyone who contacted me with problems, suggestions, and other feedback for this release. Please keep it up - I really appreciate it! And if you find anything wrong in this release, you know what to do. Thanks!