Monthly Archives: April 2011

Wordpress: spambots mating season

wp-spamDid anyone notice how quadrupled number of spam comments during last week? I usually check Comments->SPAM folder on daily basis and where usually was about 3-8 comments a day now no less then 70.
It’s interesting and educating to observe how spamming technologies and tools evolve over time – just a few weeks ago there was a wave of spam comments masquerading as pingbacks from completely unrelated blogs, then (mostly from russian origins) spam comments containing couple of paragraphs of text from some text book, now almost every other spam comment contains url from gravatar.com site.
Thanks to the excellent anti-captcha plugin nobody ever sees these comments on my blog except me, in spam folder, and if a real person will decide to leave the comment he will not need to strain his vision trying to recognize graphical captcha (I hate it too).

Apache, PHP, SuEXEC: added security and control

suhosin
As we know from original article using Apache, PHP in CGI mode along with suExec gives us 2 important security advantages:
– suExec allows to run PHP process with (only) the file owner user privileges, enforcing proper permissions on PHP scripts and thus allowing to avoid cross-site exploits on the server that is running multiple dynamic web sites;
– per site php.ini.
That gives some unique opportunities for securing separate web sites on the server.
Read more »