Elliott C. Back: In Aere Aedificare

I want to blog about how my cancelled flight on nwa is making me five hours late, but all I have is my bb.

Wordpress should definitely release a mobile skin for the admin area, which doesn’t work so well right now on small screens.

I just added mod_deflate to my server by using the following configuration:

LoadModule deflate_module modules/mod_deflate.so
<IFModule mod_deflate.c>
  SetOutputFilter DEFLATE
  SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
  SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
  SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
  BrowserMatch ^Mozilla/4 gzip-only-text/html
  BrowserMatch ^Mozilla/4\.0[678] no-gzip
  BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
</IFModule>

The static parts of my pages now render with about 70% compression, meaning that I’m saving 2/3 of static page bandwidth now. Server load seems fine!

It wasn’t my intention, when I wrote about how Google wouldn’t index one of my sites to make it to the #1 keyword for “Google Sucks” but it happened anyway. That’s a story for another day–right now my gripe is with infamous search engine Yahoo, which doesn’t index any of my sites at all!

Try searching for name, Elliott Back on Yahoo and you get absolutely nothing:

I tried adding my feed to Yahoo Site Explorer but it’s been 50 minutes and it hasn’t been indexed yet. I’m going to contact Webmaster Support and see what comes. My suspicion is that this is a side-effect from the rapid adoption by others of WP Autoblog, which links back to me, one of the reasons I stopped distributing it.

Update: I submitted my feed at 05/17/2007 14:18:01 and it was processed on 05/17/2007 14:26:18. Apparently it took a long time to get reported as processed, but the processing itself happened within 10 minutes.

Update 2: Well so far nothing. If any Yahoo people stop by, drop me a note or give me a call and we can get this sorted out.

Update 3: I emailed a friendly Yahoo employee who might be able to help, and also signed up for their paid search inclusion, “search submit basic,” which hopefully can nudge the site back into the index. Although, I don’t feel right paying for being indexed, it feels too black hat.

Update 4: I got the following email back from Yahoo:

Hello,

Thank you for writing to Yahoo! Search.

It has been determined that your site may not comply with Yahoo!’s Content Quality Guidelines located at: help.yahoo.com/help/us/ysearch/deletions/deletions-05.html

Below are some answers to common questions regarding this issue:

Q: What are some of the common reasons that a site may violate Yahoo!’s Content Policy Guidelines?

A: Yahoo!’s Content Quality Guidelines (link above) outline what we are and are not looking for in pages that we index. Listed below are some of the more common reasons that a site may violate these guidelines:

- Cloaking (showing crawlers deceptive content about a site)
- Massive domain interlinking- Use of affiliate programs without the addition of substantial unique content
- Use of reciprocal link programs (aka “link farms”)
- Hidden text
- Excessive keyword repetition

Q: If my site has a judgment against it, can I use the SiteMatch inclusion program?

A: All pages submitted to SiteMatch are editorially reviewed. If a site has a judgment against it, it is likely to be rejected by the SiteMatch program.

Q: If my site has a judgment against it, can I use the Yahoo! Express directory inclusion program?

A: Yes, the Yahoo! Directory and Yahoo! Search Index are different systems. Inclusion or exclusion from one does not affect the other.

Q: How can I have my site re-reviewed?

A: Please review our content quality guidelines to make sure that your site meets all of them. When you feel the site is ready, please complete the form located at: add.yahoo.com/fast/help/us/ysearch/cgi_rereview requesting a re-review of your site. You may wish to include an explanation of unique features on your site, or details of changes to your site’s content that may assist our editors in their evaluation.

Please allow several weeks for the review process, YST indexing, and a complete refresh of the database before checking search.yahoo.com to see if your site is listed in the Yahoo!Search Index. We do not offer specifics detailing how an individual site is not in compliance with our guidelines, but we will review your site individually. You will not be
receiving further notification regarding your request for a second review, and we are not able to offer the option of another review.

Thank you for taking the time to make the Yahoo! Search Index better.
Thank you again for contacting Yahoo! Customer Care.

Regards,
Evan

Yahoo! Customer Care
www.yahoo.com/

Uh, this email contains no information that could help me understand why I’m banned from Yahoo, or how to correct that ban. Thanks for the … wasted bits in cyberspace!

So I just had some downtime, basically caused because one of my sites was running a script which hunted for RSS feeds but didn’t time out. The feed URI was 404′ing, but every time a user hit the script they would start a new script which would run for the maximum execution time. Naturally, this continued until all of apache’s 512 connections were maxed out, essentially DOSing my own server. Pingdom says there were almost 3 hours of downtime:

Date  	Response time  	Uptime  	Downtime
5 	1,257.524 ms 	100.00% 	-

6 	1,231.475 ms 	100.00% 	-

7 	1,341.041 ms 	100.00% 	-

8 	1,373.642 ms 	100.00% 	-

9 	1,228.253 ms 	100.00% 	-

10 	1,332.559 ms 	100.00% 	-

11 	1,218.832 ms 	100.00% 	-
12 	2,462.757 ms 	87.84%		2h 46m

The response times also went through the roof. At this time, the load average was at least 50, way too high to serve requests quickly:

Things have settled down now, so there’s nothing to worry or fret over. I’m going to need to slowly migrate all of my RSS-grabbing scripts to a newer version with timeout, but for now Apache is behaving itself:

Current Time: Saturday, 12-May-2007 23:59:31 EDT
Restart Time: Saturday, 12-May-2007 23:21:44 EDT
Parent Server Generation: 1
Server uptime: 37 minutes 46 seconds
Total accesses: 31328 - Total Traffic: 2.1 GB
CPU Usage: u20.32 s4.48 cu0 cs0 - 1.09% CPU load
13.8 requests/sec - 0.9 MB/second - 68.8 kB/request
38 requests currently being processed, 13 idle workers

If anyone knows how I can increase my requests / s, let me know. I’m always wanting more speed.

Wow! A blog of mine running Wordpress 2.0.4 just got hacked. The attacker, without logging in, was able to inject a bunch of spam links into three of my posts. I caught the attack because I read my own Wordpress feeds, and noticed the update. The IP address the attacker used was 64.252.168.207. Here is the timeline of his penetration into my poor, but out of date, Wordpress installation:

1) Visit Video Games Blog pretending to be Googlebot
2) Visit random pages just to confuse me
3) Visit the three target pages (1, 2, 3)
4) Grab the nonces from wp-admin/post.php?action=edit
5) Use the nonces to do something weird to /wp-admin/inline-uploading.php?action=view
6) Post to the regular edit page

If you don’t want to be hacked, here’s what you need to do:

• Upgrade to the latest version of Wordpress (2.0.10 in my case)
• Remove crap you don’t need. If you’re not using comments, remove wp-comments-post.php. If you don’t know what xmlrpc is, remove wp-xmlrpc.php as well.
• Permission your files. If you are on a shared host, it’s especially important that you don’t make your wp-config world read/writable, or anyone can steal your database login information, or just overwrite it with their own.

If you’re interested, here’s the full server log, as a text file: wordpress-hack-log.txt. The attacker didn’t compromise or access any other services, just used the web interface to insert his spam into my post.