Somehow the index.php file on this website was replaced by spam links. I am still investigating how this could have happened. This had happened already a few months ago but it was due to a flaw in the old wordpress 1.5.2 I was using. Now with the updated version I am not sure what’s wrong. So I just changed my passwords and asked dreamhost if they could provide with some logs.

Thanks go to Lon from MacUpdate for pointing this out

Oops… I was reading a comment from a user that complained about the RSS feed not working and I realized this website got compromised. No wonder however, it’s an old wordpress 1.5 blog that hasn’t been updated in years. Nothing too bad since this blog runs a dedicated user on my Dreamhost account, it only affected the blog itself.

I guess that’s what happens when you use out of the box software and don’t update it regularly…

Update: Seems fixed for now. I upgraded to 1.5.2 since 1.5.1.3 was totally insecure. I am a bit puzzled that it didn’t get hacked before (it’s been like that for two years).

Here is a quick PHP hack to make sure that standard spam bots won’t work on your wiki (just added it to mine).

in EditPage.php

After:


{$editsummary}

Add:
<br /> <br /><span style='color:#AA00AA;font-weight:bold;font-size:24px'>Important: Type the name of the application in this box</span><br />(this prevents spambots, sorry for the hassle):<br /> <input id='chococheck' tabindex='2' type='text' value='' name='chococheck' maxlength='20' size='20' />

Before:

# Check for spam


Add:

if (strtolower($_REQUEST['chococheck']) != 'chocoflop')
{
$this->spamPage ('Did you type the name of the app? If no, hit back in your browser and type it!');
return;
}


Of course you should chose a question of your own

I didn’t have much time or motivation to work on ChocoFlop bugs so I decided to fix something that has been annoying me for over a month: I was getting tired of getting so many user registration spam from the forum (the captcha in phpBB is totally inefficient it seems).

I hacked a little bit into the code. So now it’s easy to register on the forum again, no captcha, no admin validation. All you have to do is enter a special keyword, as asked on the registration form. This should block the standard spam engines and let my e-mail box rest in peace.

Time to use the forums again

Sigh… I just had a look at the forums after a busy week, and once again I had to delete a bunch of spam. Even worse this time it looks like it was porn-day in spamland with pictures and all. If anyone has a good plugin for registration with a captcha or something, it’d be welcome.

Update: Sorry, this is getting out of hand. The captcha seems totally inneffective and I everytime I delete another Britney Spears blowjob image I get another one.. I have no time to deal about time, so user registrations on the forum now require admin approval (eg. from me). Sorry about that, but in the mean time it’s the only solution. They also added crap to the wiki, as usual. It looks like the only hour per week I can dedicate to chocoflop is used to clear up the crap the spammers fill this website through every possible hole. If I may say so.

It seems the some pages on the wiki had a ton of porn links in it for quite a while

The tutorial category is now clean again and the main pages for all categories have been protected. There still isn’t much content in the docs so far, but I’ll start filling this once the app reaches final stage.

Update: The talk category was a mess too… oh crap. Has anyone got links to good antispam extensions for mediawiki. I really need to find a way to only allow registered users. I am quite a newbie with this tool…

Thanks John for pointing this out.

Since some people out there asked about it, I have now setup a mini-shop where you can make a donation to help development of ChocoFlop… for a very reasonable 14.99 Euros (or more if you happen to be rich) you can prepurchase a license of ChocoFlop.

You should really consider it as a donation first, rather than a purchase but by donating you’ll actually get into a database of users who will automatically get a license in the end for the final version.

Sorry, couldn’t work much on ChocoFlop these days, however I get reminded of it about 50 times a day when some crappy spambots post a message that I have to (un)validate in the comments. As a result only registered users will be able to post from now on.

Once again, they win… we have to change our nice friendly world because of them. The fault as usual goes to you, utterly small-dicked, depressive, drug-addict who buys their lovely merchandise (otherwise they’d have stopped spamming a while ago).

Sigh.

For those who always wondered why we need to use CoreImage’s 128 bit capabilities, I wrote a small tutorial in the wiki.

See High Dynamic Range Tutorial .

I had setup the help wiki with the default configuration. As always our beloved spammers enjoyed the occasion to fill it with links to shitty medication sales. I know I should be more careful about security but hey… time is short.

I for one advocate the $1 per person-pissed-off-by-incessant-spam project. Basically each of us pays one dollars, and since we’re millions we just build an army and devastate the whole world in order to find back those assholes

Yes, I am a romantic dreamer.

For all those looking for a peaceful solution on block these invisible texts added by spambots, Read this post.

That said I now created three main categories in the wiki and added some decent introduction page as well as some example pages. I’ll write my first tutorial (on HDR) when I can do so.