I have set up a honeypot to see how actually this blog is getting spam.
Within 6 hours, some 392 trackbacks have been fall into the pot.
I have listed the unique spammer ips here.
Hmm… 392 x 24/6 x 356 = 558208
It seems 50% of the mentioned spams are from trackback pings.
mysql> delete from wp_comments where comment_approved=’spam’;
Query OK, 1121292 rows affected (88.5 sec)
Other 30k comments are NOT filtered as spam , I’ve just approve 8 of them.
Other 29.992k comments where deleted by a huge bunch of SQL operation.
–
My bad, this old version of WP does not close comments for old post , in contrast to what I’ve expected.
SQL is always the real place to do admin….
( Why I’ve stopped to approve comments ? Imagine that after a holiday, you have some 1K comments waiting approval…
and WP show 1K of them at once in the admin page, no pagination, 99.9% spam … That was what I find after not adding new rules for spam fighting for a month.
1 year later, I have got such 30K pending and 1M filtered spam. Poor server, sorry guys….)
A better user script for HKEJ.com
Last time I have shown a very simple/stupid user script to auto login hkej.com ( 信報財經新聞網站 )
In fact, what it does is not auto log in, but check if you are checked out and try to log-in once. It does not safe you ( me ) from cookie expires. Although it does re-log and so user can go back and click on the link to escape.
I find no way to manipulate cookie with GreaseMonkey directly. This is not too bad in terms of security. I don’t have to steal cookies. I just want to revive them.
1) The simplist trick is to reload the page:
window.setTimeout(window.location.reload,29min_later);
It works. But what if the user left some valuable words in forms ?
All such data will be vanished.
2) Do some minimal ajax load
I cannot sure why, but it does not work. It seems the ajax load within Greasemonkey is bounded by some shields.
3) Load some data into an iframe, and reload the iframe from time to time.
It works. Rather than expected, I can hide those iframe without anyharm.
So I rewrite the code a little bit. This time, I have also taken reference from a famous user script to handle username and password.
Wondering if I shall submit it to userscripts.org ….
Would do so if anyone interested.
// ==UserScript== // @name Hacks on HKEJ // @namespace info.bencrox // @description Make life easier with hkej.com // @include http://*.hkej.com/* // @exclude http://*.hkej.com/*/adv/* // @exclude http://*.hkej.com/*/login.jsp // ==/UserScript== // ! Private Credentials, BEWARE ! LOGIN_EMAIL = GM_getValue('ejregem',''); LOGIN_PASS = GM_getValue('ejregpw',''); // Note : lots FIXME // by : lxb [at] hkday [dot] net // ver : 0.1.013 [ 2008 Jul 25 20:00:04 ] // ! Change Log ! // 0.1.000 [ 2008 Jul 25 18:01:12 ] : base GM + jQ ref htt://www.joanpiedra.com/jquery/greasemonkey // 0.1.001 [ 2008 Jul 25 18:13:02 ] : add checkLogin() , use Google hosted jQuery // 0.1.002 [ 2008 Jul 25 18:13:02 ] : checkLogin() add fail handling // 0.1.003 [ 2008 Jul 27 19:02:13 ] : add excludes // 0.1.004 [ 2008 Jul 27 22:04:20] : test window.location.reload and GM Menu // 0.1.005 [ 2008 Jul 27 22:07:56] : test with partial ajax reload, failed // 0.1.006 [ 2008 Jul 27 22:13:28] : test with iframes, worked // 0.1.007 [ 2008 Jul 28 17:35:44] : reload iframes in hidden div by setTimeout // 0.1.008 [ 2008 Jul 29 21:50:13] : test with GM_setValue / getValue // 0.1.009 [ 2008 Jul 30 16:02:32] : fixed GM_setValue by not using jQuery // 0.1.010 [ 2008 Jul 30 16:04:58] : allow manual reset un/pw , blank pw , ref : http://userscripts.org/scripts/review/16341 // 0.1.011 [ 2008 Jul 30 16:56:16]: fix re-bake loop by adding excludes and choosing better dummy pages // 0.1.012 [ 2008 Jul 30 17:15:21]: test with extra styling / manual items // 0.1.013 [ 2008 Jul 30 20:00:04]: clean up test codes // - Change Log - // Add jQuery var GM_JQ = document.createElement('script'); GM_JQ.src = 'http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js'; GM_JQ.type = 'text/javascript'; document.getElementsByTagName('head')[0].appendChild(GM_JQ); // Check if jQuery's loaded function GM_wait() { if(typeof unsafeWindow.jQuery == 'undefined') { window.setTimeout(GM_wait,100); } else { $ = unsafeWindow.jQuery; letsJQuery(); } } GM_wait(); //renewCookie by fetch the smallest pieces. //FIXME: they are not quite small... seems idiot method... function renewCookie() { $('#webifm').attr('src','http://web.hkej.com/template/registration/jsp/login.jsp'); $('#wwwifm').attr('src','http://www.hkej.com/template/registration/jsp/login.jsp'); } //call renew cookies every 25mins function cookieTimeout() { renewCookie(); window.setTimeout(cookieTimeout,1500000); } //provide some way to reset Creds stored in firefox //FIXME: tell me if I can encrypt things ... -_- function resetCredentials(){ if ((LOGIN_EMAIL = prompt('Registered Email:')) != null){ GM_setValue('ejregem',LOGIN_EMAIL); } else return; if ((LOGIN_PASS = prompt('Password (leave blank to prompt every time):')) != null){ GM_setValue('ejregpw',LOGIN_PASS); } } // Provide a button to reset Creds if login failed function checkLogOK(){ // FIXME: Yes, this must lead to faults afterwards ts = document.getElementsByTagName('b') if(ts.len){ // FIXME: Cannot use jQuery (GM_setValue within unsafeWindow ) here, resetp = document.createElement('button'); resetp.innerHTML='Reset'; resetp.addEventListener('click',resetCredentials,true); ts[0].appendChild(resetp); } } // Extract the Log in Operation for manual use function AutoLog() { if (LOGIN_EMAIL == '') resetCredentials; if (LOGIN_PASS == '') LOGIN_PASS = prompt('Password :'); // FIXME : this must fail afterward, yes, yes... $('#wrapper table:first td:eq(1)') .load('/template/registration/jsp/_login_prg.jsp #regWrap b', {login:LOGIN_EMAIL,password:LOGIN_PASS},checkLogOK); } // Check login function checkLogin() { // FIXME : it may not work if hkej update itself var login = $('img#Reg_Log').attr('src').indexOf('logout') + 1; if (!login) AutoLog(); cookieTimeout(); } // Hide the cookie ovens function Addiframe(){ $('<div id= "hid"></div>').appendTo('body'); $('<iframe name="webifm" id="webifm"></iframe>').appendTo('#hid'); $('<iframe name="wwwifm" id="wwwifm"></iframe>').appendTo('#hid'); $('#hid').hide(); } // All your GM code must be inside this function function letsJQuery() { Addiframe(); checkLogin(); } GM_registerMenuCommand('Login', AutoLog); GM_registerMenuCommand('Reset ID',resetCredentials);
Have fun!
Firecookie is good, localize ‘Expires’ can be better
The ’session expires’ problem kicks me ass again. Thus I open firebug to check how can I extend life.
Adding Firecookie save my time for this task. Yet, up to version 0.6 firecookie shows expire time in GMT only.
I think not much people lives / syncs with GMT. Adding options for proper localized timezone would be nice.
Thus, I filed an issue for the developer.
For those who don’t want to wait, please locate your own ‘firecookie.js’ and s/toGMTString/toLocateString/g .
I don’t think this is a considerate hack. Bear your own risk if you are as lazy as I am.
–
Notes:
XPI can be upzipped… Tell you, I have not hack things for a long time. I googled decompile xpi … how stupid am i …
–
Notes 2:
Is that GreaseMonkey does not touch cookies anymore ?
I find that extracting content with jQuery ajax load into a div does not help, but adding a visible iframe does.
This is an extremely stupid and simple script, using GreaseMonkey and jQuery, to auto login in hkej.com ( 信報財經新聞網站 )
I am very annoyed by the site’s super duper session handler that
1. expire very soon
2. non working redirection
3. separated session handler for its forum and newspaper content
4. no ssl ( OK, I cannot help, but this means leaving credentials in GreaseMonkey will only degrade security slightly. )
Here we go :
// ==UserScript==
// @name Hacks on HKEJ
// @namespace hkej
// @description Make life easier with hkej.com
// @include http://*.hkej.com/*
// @exclude http://*.hkej.com/*/adv/*
// ==/UserScript==// ! Private Credentials, BEWARE !
var LOGIN_EMAIL = 'nonsense@hkej.com';
var LOGIN_PASS = 'kickmyasshere';
// ! Please fill in for your own sake !// Note : 2 FIXME
// by : lxb [at] hkday [dot] net
// ver : 0.1.003 [ 2008 Jul 25 19:08:00 ]
// ! Change Log !
// 0.1.000 [ 2008 Jul 25 18:01:12 ] : base GM + jQ ref htt://www.joanpiedra.com/jquery/greasemonkey
// 0.1.001 [ 2008 Jul 25 18:06:56 ] : add checkLogin() , use Google hosted jQuery
// 0.1.002 [ 2008 Jul 25 18:13:02 ] : checkLogin() add fail handling
// 0.1.003 [ 2008 Jul 25 19:08:00 ] : add @exclude
// - Change Log -// Add jQuery
var GM_JQ = document.createElement('script');
GM_JQ.src = 'http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js';
GM_JQ.type = 'text/javascript';
document.getElementsByTagName('head')[0].appendChild(GM_JQ);// Check if jQuery's loaded
function GM_wait() {
if(typeof unsafeWindow.jQuery == 'undefined') { window.setTimeout(GM_wait,100); }
else { $ = unsafeWindow.jQuery; letsJQuery(); }
}
GM_wait();// Check login
function checkLogin() {// FIXME : it may not work if hkej update itself
var login_ok = $('img#Reg_Log').attr('src').indexOf('logout') + 1;
if (!login_ok) {
// fail handling : it will show the bold message when login failed. FIXME : same as above
$('#wrapper table:first td:eq(1)')
.load('/template/registration/jsp/_login_prg.jsp #regWrap b',
{login:LOGIN_EMAIL,password:LOGIN_PASS});
}
}// All your GM code must be inside this function
function letsJQuery() {
checkLogin();
}
User Experience, Game interface for enterprise
This is nothing new. When the major corporate software solution vendors stress on user experience, shut their mouth with game designs.
And this is why game designers, especially 2D flash / web base / multi-user online experts SHOULD consider pitching the corps.
Ask the bosses, How much does their company spend on software solution last year ?
How much is your design team earn ?
If the numbers match, show what have you done for User Interface / User eXperience / User InterActions.
It is time to mix up work and game play. Believe me, the major vendors HAVE open their back doors for you. And don’t forget to compare your game server’s uptime with the corps.
All in, take it all!
Friend Feed imported. Comment OK~
Bravo ~!
Dont comment on my blog.bencrox.info, comment on friendfeed instead.
Some surprise in Microsoft MIX essentials 2008 HK
I am no friend of windows, but can be still considered as neutral towards microsoft.
So, today’s MUST topic is iphone 3G , be practical, go to check PK Chan’s chart.
I have no luck in HTHK’s lucky draw. Even worse, I was appointed to attend Microsoft HK’s MIX essentials 2008.
That’s done?
No.
MS’s web technology lag is still there, MS HK has even more jet lag. Since I do not subscribe news from MSDN, my lag makes the previous mentioned negligible.
1. Windows Live ID can be used as a SSO passport ( nothing new ) , for FREE ( really ? )
2. After the merger of UWANTS and DISCUSS.COM.HK , the local forum giant is migrating their back end from Linux to Windows 2008 , says Oscar ( of UWANTS ) , with charts about performance and stability gain. ( WTF ??? )
- rational 1 - there are more Certs MS engineers, while not much hard core linux guys.
Ben consider this is TRUE
- rational 2 - their new h/w cannot be driven to max power by linux, because of driver issue.
Ben has a little doubt…. but it can be TRUE
- rational 3 - MSWS 2008 serves more PV per machine
Hey… you deploy those MSWS 2008 with NEW h/w, not right ? Is the comparison fair ???
- rational 4 - MSWS 2008 does not hang so far ( after half year of prod. deploy )
OK, MS does a good job
- rational 5 - MSWS 2008 supports PHP and fastcgi
Ben: WTH your linux + apache guys NOT deploying fastcgi ( or memcached and blah blah blah ) ?????
3. The HKGOLDEN guys ( in fact from Fevaworks ) show new feature for IE 8 users
Ben: they are misleading on what is RSS. they are not using Microformats, hey !
4. With silverlight and expression and blah blah blah, 蘇絲黃 ’s new site 07807.com has been a flashy showcase.
Done.
( and MS gives out pipes of Silverlight books and MIX shirts )
