Tech Ravings

It’s no secret that Google Rank Spanked me, tkaing me from a PR 3 to a PR 0 when they went after paid posts. This site had none of those because: A) I work for IZEA / PayPerPost, B) I work for them so I can’t tkae those opps nor any competitors. Yet because of A I got nailed in the first round and never got any Page Rank back.

No I’m not going to crawl on me hands and kness to Google to get it back either. I’ll entertain the other Search Engines and Web Crawlers out there.

However I do use WordPress, and while I didn’t upgrade in a while until a few weeks ago I did have problems with the WordPress versions I was using being suspectible to hack attempts and injecting malicous code into my posts.

While I never figured out how the attacks were being done I did notice that Google noticed. Thanks to Mouseclone for first alerting me to this I set about sanitizing my posts. All was wel and good.

I recieved word from Cassknits that she couldn’t really enjoy the site because Google had slapped a malicous site label on me. Har Har I thought; Google just making a mockery of me, again. Yes in fact a lookup of techraving on google search did show such a branding.

OK, fine. I do have an account with Google and checked the webmaster tools for the site maps.

Sure enough Google said they found malicous code that triggered their flags but also which pages they found it on. Wouldn’t you know it was exactly the kind of scum I had been battling. One post I either didn’t catch or got re-injected.

I reluctantly, but tired of dealing with the security flaws of WordPress, upgraded. So far no new injections have occured. Only a week after the upgrade though I I wasn’t getting hit on evry post :). I did however ask Google to re-evealuate my site to remove the malicious site label. Only took a few days and sure enough I am in the clear from bad things, and that was a week again; no fair thinking I’m writing this apease them.

I don’t wwigh a whole lot of worth on Google in Page Rank or indexing. When I target my keywords carefully and use those to my niche adventagously I have performed very well. Irregardless of my Page Rank. Google is a search engine, just like all the others.

However Google has seemed to take one extra step in that they have the technology and the know-how to protect us from spreading the crap the sticks to the bottom of the intrenet pond. Certainly we can by “some” programs to do this; Google does it for free. We just have to look.

I do have to give them credit for that.

In my belief that I could actually take some free time to explore new learning I set about last Monday night to set up a website that ran on a single port. I have never done this so I needed Apache to rewrite or proxy to that port so the application could work. It really was just a test application so I could learn how to do such things with apache.

Granted I have never set up a proxy server and found the warning posted all over every resource I read on the subject. Invariably yesterday I made a change that turned my personal web server into an open proxy; although I only realized this today. Never said I knew it all, other that JavaScript ;).

This morning I found that the one and only large website I run on my personal server was running a little slow I set about looking into it. That’s when I found out that I was processing about 9 requests per second on my box through the proxy. That is unheard of for this little 512M rdram box I’ve had from ‘98.

Of course at first I freaked not wanting all this traffic that was coming through, only thinking about how it would affect my network not to mention any hack attempts against my server. I tried desperately to revert all my changes to what they were before. To no avail. Apache kept serving an open proxy even with the old settings.

Then I noticed a trend in the proxies. A lot of the proxies seemed to be gaming affiliate systems. At that point I was all over turning this noobish episode into a honeypot. Seeings how one of my main considerations in setting up an affiliate system was to prevent fraud this was invaluable information on how gamers use proxies to gain money. I had a perfect opportunity to learn their signatures, if not their IP’s.

From my little bitty server I saw Alexa, Yahoo! get gamed. I saw click counts get inflated to several other sites. Even a few test the animosity of my new honeypot. Using the open proxy I accidentally created I became the hacker against it and sought to see if I could protect an application against this sort of gaming.

One of the not so striking lessons was that the user-agent was a standard browser user-agent *cough*FireFox*cough*. Although two requests per second from the same IPA with the same GET info over the total of five minutes, tends to lead you to believe that this wasn’t a person but a script bot instead.

If I’ve learned anything from Zookoda it’s that spammer busting is difficult, but can be done. I’ve had several “honeypot” blogs set up for a while to bust sploggers and comment spammers and that has been effective. Proxy spammers are just the next step in where I need to go.

I know I’m not a sys admin, but I want to learn. I also know an opportunity to crack a spammers ass when I see it as well!

Not that I was ever far from the computer mind you. In fact I’ve been sitting right here watching you hit my site, rather trying to see if you were a search engine. The past four months I have been coding every day and ngiht including weekends to deliver some projects.

Recently envieled at IZEAFest was the introduction to the Affiliate Program for SocialSpark. That was me. Four months ago it was kicked off; originally starting in Pylons. Roughly a week after starting it I had to break off and help out with the solutions center stuff for about a month. Working only in the evening/weekends on how to best build an affiliate program.

You’re sure to notice all the posts about CherryPy, that’s because the decision was made to go with that for the affiliate server since I didn’t need a true Python framework for tracking. I’m glad I did since CherryPy proved to much faster, and I was able to build a mini-framework out of it using Cheetah. Each controller is RESTFul, and the folder hierarchy is along the lines of Ruby on Rails.

It has been a long four months, even if some at work don’t appreciate it or even recognize it. However I am proud of my work and have lot’s of great things to present to you about my working with CherryPy 3.1.0.

The CherryPy script is a really simple deploy script and daemonizing CherryPy has so much more performance.

Using CherryPy under mod_python breaks the cherrypy dispatcher.

I know I spoke of similar things in other posts but I’ll get there.