Another Wordpress Blog

test

Big Bucks — Wed, 14 Mar 2012 21:57:48 +0000

test

ZBblock: Installing for WordPress, part I.

Bucks — Tue, 08 Nov 2011 16:39:51 +0000

Are you trying to install ZBBlock to protect WordPress? Are you having trouble figuring out every dang step? I’m going to describe the first set of steps, stopping before we update the “signature” files. I’ll explain how to update those tomorrow.

When you are finished with everything described in this post, ZBBlock will be protecting you against lots of bots; updating the signature files will protect you against more recently identified ‘bots.

It takes longer to write the instructions than to do everything. But I think this should help you find exactly which files you need to access and slap codes into– all without expecting you to know unix!

Steps to install ZBBlock to let it start bouncing resource consuming ‘bots from your WordPress blog:

Visit the zbblock download page. Click to download one of the scripts. (I chose ZB Block .zip; unzip this.)
After unzipping, find the ‘zbblock’ directory on your pc or mac.
Inside, you will find “ZB_Block_Manual.pdf”. Open that. It contains much of the information you need, though it’s a bit spread out. The information describing installation starts on page 1-3. This is the description for steps 1&2:

If you are this far, you have already done steps 1-2.
Next, do step 3 in the manual direction: upload the zbblock directory (folder) to the top level for your domain. My server is Dreamhost, and I can use their webFTP system to upload, but you can also use something like Fetch. If you use unix you probably aren’t reading this how to guide.
Step 4 is to enter: http://yoursite.tld/zbblock/setup.php in a browser replacing yoursite.tld with your domain name. So, for my blog, I replaced that with “money.bigbucksblogger.com”. Wait for an interesting page to appear. It will look sort of like this:

(Note: you can only do set up once because the installation removes the “setup.php” file– which is a good safety precaution anyway. If you need to start over, you’ll have to get directions on how to do a fresh install. )

Pick the best method you can. I picked 7 and so clicked the green “YES” above Method 7.

Copy and paste the bit of php code provide on that page. I saved it in an email to myself. Keep it safe because you are going to need to add that to two WordPress Files. (You may later want to add it to other files.)
You are not done, but can go get coffee and stretch your legs now. But don’t forget that bit of code– you need it on the next step.
Go to your server host (where your copy of word press is installed. ) Locate your WordPress directory and find these two files: wp-load.php and wp-config.php.
Open each one and edit to add the bit of code you saved in the previous step.

wp-load.php will now begin something like this:
/** * Bootstrap file for setting the ABSPATH constant
(I highlighted the new code in blue.)

The /** used to be the first line in my wp-load.php file. If you read the ZBBlock manual, you will see Zaphod goes on and on and on about leaving no spaces. So don’t leave any!

The first line in wp-config.php will be similar.

You have now finished step 9 for WordPress. If you need to protect other files, you can add the line to them. But WordPress is covered.
Scroll down to page 2-6.
Go back to your host– the place where Dreamhost is installed. Click back up to the top of your domain. Find the “zbblock” directory, open it. Find the “vault” directory. Open it. Now find ‘zbblock.ini’. (The manual only says ‘.ini’.) Open this ‘zbblock.ini’ to edit it. (I can do that using the ‘edit file’ at Dreamhosts ftp site.).
Scroll down to find “; *** ZB Block Password ***.
; *** ZB Block Password *** ; ; Password to control functions of ZB Block ; ?wlpw= to add yourself to the whitelist ; and allow yourself back in. ; ; values: ; "" to neutralize password and turn of control ; functions globally. ; ; " " Password to control functions. ; ; default: zbb_pw = ""
zbb_pw = ""

The part in blue is the line where you will enter your password. Enter a difficult to guess password there. Don’t let it match any other password you use. Then, copy it somewhere temporarily (so you can use it on the next step.) Save this edited file.
After adding the password, load the following, substituting your domain name for “yourwebsite.tld” and substitute your password for “the password you just set”.
http://yourwebsite.tld/zbblock/zbblock.php?wlpw=the password you just set

Go pour a cup of coffee. Come back. The message should tell you your IP has been whitelisted.

Now test your blog by loading your blog address and tacking on ?test=xtestx like this:
http://yourblogurl.com/?test=xtestx

(For my blog, I would substitute “money.bigbucksblogger.com” for “yourblogurl.com”. Don’t substitute my blog address though, you’ll risk getting banned from my blog. Substitute yours so you can test your blog! Load your that address. Wait a few moments.
You should be shown a page with a huge blinking “Forbidden 403″ on it. If this hasn’t shown up, you screwed up. If it does show up, you are almost done. But there is one more thing you need to do if you are using this to protect wordpress!
Last two steps: Two steps are requires so that you know how to add a whitelist entry to the white list file. You will eventually need to do this.
1. Even though you can’t see it yet when you saw the “Forbidden 403″ [age, a message was be added to special file at: your domain “zbbblock/vault/killed_log.txt. You can’t look at this on the web though.

To look at ‘killed_log.txt’ return to your host (mine is dreamhost). Find the “zbblock” directory, open. Find the “vault” directory, open. Find the killed_log.txt. View this file. You should see an entry sort of like this:
IP: xxx.xxx.xxx.xxx Score: 1 Violation count: Why blocked: QUERY Test Trigger to test function. Query: test=xtestx
The number in blue is the entry number. Mine is 3 because 2 ‘bots were repelled while I was setting my password and getting ready to test! The Host and IP were me (I blotted them out.) You message will show your host and IP. Write down the IP.

You can now just close this file without editing. The purpose was merely to have you look at the file and copy down your IP address.

2. In the same ‘vault’ folder, you will find ipwldb.csv. Open that so that you can edit it. It should contain exactly one entry: your IP address followed by a comma which was added when you loaded http://yourwebsite.tld/zbblock/zbblock.php?wlpw=the password you just set

This is your current whitelist.

If you are using this to protect WordPress, you need to add the IP for your web host. (That is: the one your blog runs is hosted on). If you don’t add this, you will be blocked from editing your theme inside the admin panel at WordPress. Other wordpress functions will also be blocked.

This means you need to learn what your IP is. To do that, visit this site:whois.domaintools.com. Enter your domain name; click look up. Click “serverstats”, then read the IP address. Add this IP to ipwldb.csv ending with a comma.

You now have 2 IPs in the whitelist. You may need to add more in the future. I need to add new ones whenever AT&T (or comcast or xfinity etc) change my IP. To add IPs from your ISP, you can repeat this step:
http://yourwebsite.tld/zbblock/zbblock.php?wlpw=the password you just set
My ISP changes my IP roughly once a month, so I’ll be doing that regularly.

However, if you change hosting services, or your hosting service moves your account to a new machine, you will need to add a new IP manually. If you start getting 503 errors inside wordpress, or if you a ‘blocked’ message for your own host in ‘killed_log.txt’ will need to add you will need to add an IP by editing ‘ipwldb.csv’ You need to remember that this file exists so you can add another entry.
Advice: I advise looking at ‘killed_log.txt’ once or twice a day for the next few days. You’ll see the sorts of spam being caught and might notice some internal IP’s are being blocked. If the latter happens, you can check whether these are legitimate connections; if they are, white list them. If they aren’t legitimate, let ZBBlock do it’s job and block them.
Finally, upload the WordPress_Joomla_compatibility.inc file contained in ZD Block in the ‘index.php’ file of WordPress and a ‘spamtrap.php’ file I’ve been using to monitor various spam attempts. Later this week, I’ll be reporting how well it works. But in the meantime, even if I don’t report, I would suggest bloggers who can load a php script and know how to insert exactly 1 line of code into the ‘index.php’ file of wordpress try to use ZD Block because the manual does make a convincing case that it will greatly reduce spam and make your blog more secure.

Whether it works well or not, I’ll later explain how well it words in greater details so other bloggers may find the information and use it to protect their WordPress blogs (or forums).

(For those wondering about whether this blog will be nofollow: It might. But lets face it, once I stopped posting, all comments were from spammers. After several months, I just moderated everything and periodically returned to move all the comments to trash.)

Posties Paid $100 to Remove Links

Bucks — Mon, 12 Nov 2007 16:00:27 +0000

Comfirmed by Joe of Pay Per Post / Izea: Some publishers are paying posties $100 to remove paid links. The discussion takes place on this thread.

Here’s an interesting tidbit: Several posties wouldn’t have been able to find the paid links to delete without the spread sheet provided in the request!

So, if your a postie, you might want to ask yourself: If someone offered me $100 to remove a link, could I find it?

October’s Google fall out shows that it can be profitable for some posties to risk their page ranks and not delete paid posts. It can be even more profitable to refuse to remove them unless the advertiser pays!

TrafficJam.com Is Coming! Can It Save Blogrush?

Bucks — Thu, 08 Nov 2007 19:08:25 +0000

John Reese, the promoter who brought “Blogrush” recently announced “TrafficJam.com”; evidently TrafficJam will help our blogs even more than Blogrush. The Blogosphere seems to have ignored the announcement. . .

But I won’t ignore it! John Reese is now promising loads of traffic through “TrafficJam”, requesting bloggers be patient and telling us feed back is positive. He has also closed comments at his blog. Given this marketing push, I think, bloggers do need to make decisions based on data; sharing information helps other bloggers make decisions.

What’s Blogrush done for Big Bucks Blogger?

Did Blogrush send much traffic?
Nope. In one month, this blog received 11 visits from the Blogrush widget. The increased number of categories in Phase II might help– and for this reason, I’ll leave the widget in my footer.
Were the 11 Blogrush visits targeted?
Blogrush traffic doesn’t seem to include people interested in reading my posts. According to Google Analytics, Blogrush visitors remained at my site, on average, 19 seconds and had a bounce rate of 64%. In contrast, Stumble visitors stayed for 1 minute and 25 seconds with a bounce rate of 36%. The average visitor remained for 2 minutes 33 seconds with a bounce rate of 56%.

Stumble visitors appear to read; Blogrush visitors don’t.
What sorts of blogs appear on my Blogrush widget?
It’s been weeks since John Reese supposedly implemented his quality standards. Despite that, the widget is still full of blogs I would not recommend to my visitors.

When preparing to write this article, I clicked the Blogrush links. I visited: a missing page, an author “about” page, preview.tinyurl.com, ( a fine resource. Too bad it’s not a blog.) and a blog article about lawyers’ need for virtual assistants.

One click sent me to the affiliate page shown in the thumbnail to the right. Mind you, I have nothing against affiliate marketing; the problem is the site is not a blog. In case you are wondering: No the page did not blink.

Oh, notice the ?hop= in the url?
Do Blogrush’s Phase II filtering features help me block the non-blogs? In principle, now that I’ve discovered the “Affiliate Splash Page” blog, and the “TinyURL imitation blog”, I could visit Blogrush and block them. That would require me to a) regularly click my own Blogrush widget so I can catch the bad blogs, b) copy the urls of these pages, c) open a new tab, d) log into Blogrush, e) go to the appropriate filter page f) paste the url into the box and save.
Of course, I would only be able to block blogs I actually identify. I can’t discover every blog that populates my widget. Who knows what my visitors might visit.

Blogrush: Only good for conversation

So, there you have it: Blogrush has brought little traffic, the traffic is poorly targeted, by displaying the widget, I promote non-blogs and blogs outside my niche.

As usual: It’s still free. Blogging about the widget fits this blogs niche. For this reason, I’m willing to leave this in the footer until such time that John Reese kicks me out of the program.

What’s Blogrush done for other blogs?

It’s mostly wasted Blog Real Estate that could be used for other widgets, ads or the bloggers own blogroll. In return, bloggers got very little traffic. When posting her stats for October, Caroline Middlebury, who has experienced phenomenal traffic growth, noted that Blogrush doesn’t bring her traffic; like many bloggers, she’s bagging the widget in favor of other widgets that really can bring traffic or income.

What about TrafficJam.com?

Supposedly, TrafficJam will publicize the “hot” topics that appear in Blogrush widgets, helping quality blog posts get more traffic.

But is TrafficJam likely to be a resource for identifying great posts? I’m not so sure. It appears “hotness” will be based on the clickrate on titles appearing in Blogrush widgets. I don’t know about you, but I have no idea if a post is great until after I click. So how would this sort of “hotness” indicate quality?

I think it’s pretty obvious why news of TrafficJam.com did not set the Blogosphere on fire. Blogrush didn’t fill its promises. TrafficJam doesn’t sound promising. Still, who knows. It might be great. But one thing is true:

TrafficJam will have to catch on the old fashioned way: By providing value.

Make Your Blog Easy to Read:

Bucks — Mon, 05 Nov 2007 20:22:22 +0000

Which blog do you prefer? One that makes easy things hard to understand? Or one that makes difficult things easy to understand?

In “Is your blog easy to read?” Muhammad Saleem recommends the second. He also guides bloggers to an online readability tool to test the reading level of your blog.

Guess what readibility level I rated? Yep. I write like I’m in grade school.

I used the tool to test Volokh.com a blog written by a bunch of law professors: they write at the junior high level.

I bet you’re wondering about Muhammad Saleem’s blog’s readibility level? Highschool.

Two tips to avoid Duplicate Content: Robots.txt or Meta Robots WordPress Plugin

Bucks — Mon, 05 Nov 2007 16:07:23 +0000

Do you use tags? Did you know they can bash your Google Page rank? But you can fix that?

Reading Graywolf’s blog, I was reminded to watch out for duplicate content issues and WordPress. It turns out that the wordpress default doesn’t nofollow “tags”.

Because bloggers who tag posts tend to create zillions of tags, they often end up with exactly one post in a many individual “/tag/” directories. This nearly always create duplicate content, which is not a good thing.

You’ll want to fix this; it’s fairly easy. I fixed the issue by modifying my robots.txt file.

What’s a Robot.txt file?

The robots.txt file is a plain text file you place in your root directory. It tells robots not to crawl specific files thereby eliminating the duplicate content issue.

The robot.txt file for BigBucksBlogger now reads like this:

User-agent: *
Disallow: /*.js
Disallow: /*.png
Disallow: /*trackback
Disallow: /*.css
Disallow: /*/feed/$
Disallow: /*/feed/rss/$
Disallow: /*/trackback/$
Disallow: /tag/
Disallow: /author/
Disallow: /comments/
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /wp-content/themes/
Disallow: /wp-admin/
Disallow: /*?*
Disallow: /*?

I’m keeping robots out of my tag, author, comments and wp-admin directories, out of a number of subdirectories in wp-contents, and out of javascript, png, css, trackback files.

Because I don’t use the WordPress default permalinks, I’ve also blocked robots from crawling addresses with query strings. Do this only if you aren’t using query strings in your permalinks otherwise, you’ll block the ‘bots from your whole site. You really don’t want to do that. Permitting the bot to index duplicate content is bad; indexing no content is worse.

I could block the bots from other files, but there is generally no need to block the robots from any file that is never linked. Also, you never want to block robots from your index.php file, sitemap or ‘.php’ files in general.

Once you create the robot.txt file, just save it with the name robots.txt file and drop it in my root directory.

Should you block from categories?

I don’t block bots from my categories directory because I only post excerpts on those pages. So, I don’t worry too much about duplicate content on those pages. In fact, since I find the ‘bots often index those and bring me traffic, I want the ‘bots to crawl those. (I am planning to change things to post 10 excerpts per page; I think that will make it easier for people who look at categories to find what they want to find.)

If you run full articles in your categories, you may wish to block ‘bot from those. The same holds for all your archives. (I’m going to be modifying my template to show nothing but excerpts at all addresses except the front page and the individula posts. This should prevent a lot of duplicate content issues without the need to block ‘bots.)

Is there anything you can do to avoid duplicate content?

Sure. In fact, there is a great Meta Robots WordPress plugin available that lets you tailor no-follows on your blog. One of the options is adding nofollow metatags to the headers of files in your “tag” directories. This will eliminate the duplicate content penalty as well.

Using the plugin also permits you to precisely tailor link-juice flow around your blog. I’ll be using this soon and explaining many of my “nofollow” decisions after I install the plugin.

WordPress Vulnerability: Take a little time to check.

Bucks — Thu, 01 Nov 2007 14:57:18 +0000

Seo Egghead has evidently discovered a WP 2.3.1 vulnerability HTML-tainting attacks. (The vulnerability evidently exists in W.P 2.1). The apparent application is to inject ads into bloggers older posts; these would tend to look like paid links. The problems for you would be a potential drop in page rank.

SEO Egghead recommends bloggers check their posts for insserted links to mp3 sites he has discovered at his site, and provides a plugin for this purpose.

I may be wrong, but I think you need to use his plugin. You should be able to get the same information by clicking “manage” in your dashboard, finding the big “search box” and entering ‘adshelper’. Then, click search. WP will return a list of posts containing links to “adshelper”. Next repeat the search for ‘softicana’. If both searches return zero pages, you’re clean.

While your at it: why assume these are the only hacker-advertisers? Take a little time and search for words like “mp3″, “casino”, “mortgage”, “viagra” and anything else you can dream up. If you find anything, blog about it so other bloggers can learn and check.

With luck, if my suggested method of testing useless, and you really do need to use the plugin, Seo Egghead will pop in and tell us I’m wrong. (I asked at his blog last night, and I’ll keep checking for an answer .)

Are you wondering how I did?
I seem to be ‘clean’ on both ‘adshelper’, ‘softicana’ and a variety of other terms I dreamed up.

Hmmm… Plugin idea
If these sorts of HTML tainting attacks are common, I should probably write a plugin that periodically scans all blog posts for a standard set of blacklist terms, plus terms in the users own blacklist. Monthly checks at all our blogs would let us catch these things and warn others. It would be an easy plugin… hmmm….

If readers do run this test, and any come up “tainted”, I’ll seriously consider writing that plugin. Meanwhile, I need to get through updating all my existing ones first!

Two Lessons About Search: What I learned by ranking #2 for “PageRank Zero October 2007″!

Bucks — Wed, 31 Oct 2007 21:25:26 +0000

Do you check your referrers? I do. I even try to learn things about search from my referrers. Today, I learned two thing when I investigated why I had a high rank for the Google search PageRank Zero October 2007.

What did I learn? First, no matter what else happened during the PageRank dust up, Google still likes older pages. Second, we should all give some attention to our archives.

Now, a bit of background. When I was my highrank for PageRank Zero October 2007 I thought three things:

Google relevancy on this search term is not so hot.
Who ranks #1 for “PageRank Zero”? and most importantly.
Archives matter.

These thought led to a bit of investigation, from which I “learned” a thing or two. Below, I’ll expand on these thoughts, and provide the lessons they taught me about Google search.

Why do I think Google’s relevancy for this search is not so hot?

Two reasons.

The #2 result was the top page of my monthly archive. The top page of my October archives were relevant for this search several days ago when they matched the current Google cache. That shows text from Ten Google Page Rank Haikus. which matches the topic of that search rather well.
Today? There is no mention of “PageRank Zero” on that url.
The #1 result for that particular long tailed search is Courtney Tuttle’s Going From PageRank Zero To PageRank Hero. (I’m condomizing the link in my never ending effort to seize the #1 position for totally useless search terms!)
Sound relevant, right? The problem? Whoever was searching for “PageRank Zero October 2007″ likely wished to read articles about the “Google Page Rank Debacle of October ’07″. Courtney’s post was published in April; his October article would have been relevant.

Lesson:
Before proceeding, it’s worth noticing something: My October Archives page is older than my haiku page. It also has a direct link from my main blog page. Court’s April 2007 article is older still and it’s older than his October article.

Google still seems to like older pages.

Guess what ranks ranks #1 for “PageRank Zero”?

A forum post! Specifically, this entry at Webmaster world with an entry dated 6:52 am on Oct. 16, 2005 that reads:

My website, or rather a page or two which I occassionally check (as a general rule, I don’t enable the Page Rank feature of my Google toolbar), usually carries a page rank of about 4-6. On October 15th, my traffic dropped to less than 10% of normal, so I checked its page rank. zero. Zip. Zilch. Bizarre.

Below that, we find links to a variety of blogs. As far as I can tell, all but the forum entry were written well before October 2007. So, once again, for this search Google relevancy isn’t exceptional. (It is a toughie though. The person searching should have tried the blog search tool!)

Lesson:Google still likes older posts.
We all know there are many relevant posts about the October 2007 events posted on blogs. They didn’t show up. Why? Age often matters more than relevance.

Why do archives matter?

Google still likes older posts. It also likes pages linked from the top page of the blog. At month’s end, my archives may often be my oldest “relevant” entries; they are always linked from my top page. Google is likely to send people to my archives rather than my individual posts.

It would have been useful if the person searching had been able to find my Google Page Rank Haikus by way of my monthly archives. The haiku’s themselves do link a fair number of articles discussing the “PageRank Incident”. The person searching may well have been a blogger who was writing their own post. They didn’t find the relevant article at my site: they will surely never link it.

Lesson: I need a better format for archives
If my archives displayed at least 10 articles, most of the content would match Google’s cache. Currently they display three, which means that quite often, Google will send people to an irrelevant page. This is my fault more than Google’s.

There are other problems with my archives. Clearly, I need to put “improve archives” on my “to do” list.

Here’s another to do.

Ask readers their thoughts on archives.

Do you know of any useful plugins, features or ways of organizing my monthly (or topical) archives to ensure Google search results send visitors to the correct page? Are there other features I should consider? If you have good ideas, I’d love to read them.

L’s Linky Love for WP 2.3: Option to follow trackback immediately.

Bucks — Wed, 31 Oct 2007 18:04:54 +0000

Update

I’ve moved on to other things. These plugins are no longer supported.

Article

I’ve updated L’s Linky Love for WP 2.3. Sort of. It turned out the plugin already worked for WP 2.3. However, I did make a two mods at user request:

Josh Spaulding requested the ability to dofollow trackbacks immediately. That function now exists.
Tricia identified a bug that appeared to sometimes occur when people left “names” with apostrophe (that is “‘”) in them. I think I coded corrected.

If you’d like the new version, download Linky Love for WP 2.3. Unzip. Place in plugin folder. Deactivate the old version, activate this one.

If you notice any problems, let me know so I can fix.

A word or caution
Trackback spam can be particularly pesky. I have seen a rash of semi-innocent looking scraper blogs that post snippets of your content. I call these Daegan Spam. If you keep those trackbacks and visit later, you will notice the blogs get redirected to irrelevant thin-affiliate sites for commercial products. This causes you to link into a “bad neighborhood”, which is a bad thing.

I’m planning a tool to help us find these things months later, “just in case”, but haven’t thought through the best way to do it yet.

Meanwhile, be very vigilant about trackback spam. When in doubt delete.

In the “irony” department

I found a bug in “Hide Sponsored Categories Plugins” for 2.3. It only happens for categories that have apostrophe’s in their name. I have such a category. It’s the one for “L’s Linky Love!” So, I’m currently running the old version. Needless to say, I’ll be fixing that bug!