Wow, had my very first experience of trackback spam. I almost feel honored that they found the site. ;-)

Trackbacks are still on for now since it was fairly minor...maybe ten or so.

Since I have never really experienced trackback spam before I have never really looked into if there are any tools to deal with it. In particular, I am using Coreblog on top of a standard Plone site. I am aware of a couple of tools that help with comment spam, but haven't seen anything for comment spam.

Plone in the news.

Plone 2.5 Released

Oh, joy. Plone 2.5 has been officially released. 2.5 is the latest and greatest version of Plone, one of the premier content management systems. Plone powers neohawk.org. I am currently running 2.1.3, and have yet to test 2.5. According to the release, Plone 2.5 can run on Zope 2.9.3 with Python 2.4.2, or Zope 2.8.7 on Python 2.3.5. Of course, the question is whether the "products" or modules, are compatible with this new version of Plone. I have read on the Japanese mailing list for Coreblog that Coreblog runs fine on Plone 2.5. My real concern though is the other products I use like photoablum.

Guess there is one way to find out.....set up a test site.

Limi Hired by Google

What is big news for those of us that follow Plone, Alexander Limi, one of the founding developers and visionaries behind Plone has been hired by Google. Limi-san posted the news himself on Plone.org. According to that post, he is paid to work on Plone one full day a week while at Google. He states that, in fact, it is more time than he spends on Plone now....which I must say is hard to believe considering the output.

Good luck and congratulations, Limi-san

Plone Foundation is now a 501c

Paul Everitt announced that the IRS has notified the Plone foundation that it is now, officially, a 501c organization. Plone Foundation owns the various intellectual property around Plone. Paul blogs about it and Limi's new job.

Hotfix affecting Plone Released

A hotfix for Zope that impacts Plone was released recently. It relates to restructured text. I have already applied it to my server. More information on the hotfix is available on Zope.org. Check it out if you haven't seen it yet.

Okay, yesterday I noticed that I had problems after my recent upgrade to Plone 2.5.1-rc1. The upgrade was to fix a security issues where some Russian spammers had figured out a way to create a script that registered with a site, and would then commence to leave comment spam. That's iirc. The fix really targeted plone sites with open registration. Neohawk is not open for registration, but another site I am working on this server is....so I upgraded.

Everything seemed to work well, until yesterday I noticed I couldn't access posts that had comments. I would get redirected to a login page, even though I was logged in. After digging into the trackback, and error logs it turns out that the default view for a coreblog entry calls the default view for a coreblog comment. In that template is a call to render the "body" of the comment. Whatever was included in the plone fix doesn't like that call and spits out an "Unauthorized" error. I commented out the call to render the body of the comment and the entries with comments could be accessed. Not surprisingly though, the body of the comment does not render, so all you see is the title, date, poster, etc. But not the body of the comment itself.

I have confirmed that if a comment is entered the body is being registered in the system, so that whenever this gets fix, the body of the content will be renderable. In other words, the comment that Scott of Word Of Mouth left me yesterday is in the system. It says:

thanks for doing this Robert!

(you are more than welcome. Thanks for the great blog!)

So you can see that the comment is there. If do don't comment-out that call, the post itself is inaccessible. With it commented-out, at least the post is accessible and the fact that a comment has been left is shown. Just can't read the comment.

Another thing I noticed is that the notifications of comments are also not being sent. So I didn't get an email when Scott left me a comment. That's another thing I'll need to look into. I have sent an email to the coreblog mailing list, the japanese one, and have one other confirmed report of the same issue. I am assuming that Shibata-san is reading the list and will figure out what the problem is.

For those interested, below is part of the trackback I was getting, and the section I commented-out.

Trackback

URL: /neohawk-org/
 Line 31, Column 15
 Expression: standard:'comment_obj/body'
 Names:
{'container': <PloneSite at /neohawk-org>,
 'context': <COREBlogEntry 
at /neohawk-org/Members/rbh-ja/roba-to-no-blog/plone-upgrade03>,
 'default': <Products.PageTemplates.TALES.Default instance at 0xb71a73cc>,
 'here': <COREBlogEntry 
at /neohawk-org/Members/rbh-ja/roba-to-no-blog/plone-upgrade03>,
 'loop': <Products.PageTemplates.TALES.SafeMapping object at 0xb19d4a6c>,
 'modules': <Products.PageTemplates.ZRPythonExpr._SecureModuleImporter 
instance at 0xb714d06c>,
 'nothing': None,
 'options': {'args': (),
             'state': 
<Products.CMFFormController.ControllerState.ControllerState object at 
0xb194878c>},
 'repeat': <Products.PageTemplates.TALES.SafeMapping object at 0xb19d4a6c>,
 'request': <HTTPRequest, 
URL=http://www.neohawk.org/Members/rbh-ja/roba-to-no-blog/plone-upgrade03/cbentry_view>,
 'root': <Application at >,
 'template': <ControllerPageTemplate at /neohawk-org/cbentry_view used 
for /neohawk-org/Members/rbh-ja/roba-to-no-blog/plone-upgrade03>,
 'traverse_subpath': [],
 'user': <PloneUser 'rbh'>}
 Module Products.PageTemplates.Expressions, line 185, in __call__
 Module Products.PageTemplates.Expressions, line 173, in _eval
 Module Products.PageTemplates.Expressions, line 127, in _eval
 __traceback_info__: comment_obj
 Module Products.PageTemplates.Expressions, line 310, in restrictedTraverse
 __traceback_info__: {'path': ['body'], 'TraversalRequestNameStack': []}
Unauthorized: You are not allowed to access 'body' in this context

And the commented out section:

<div tal:define="pss modules/Products/PythonScripts/standard;
                                comment_body comment_obj/body"
                    tal:content="structure python:pss.newline_to_br(comment_body)"
                    class="commentBody">
                    This is the body text of the comment.
               </div>

Yesterday, upon the advice of Shibata-san, the developer of Coreblog, I was able to fix the commenting problem. The other individual that had the same problem, also confirmed the fix. For reference sake, here is the fix, edit cbcomment_view as follows:

Before：

<div tal:define="pss modules/Products/PythonScripts/standard; comment_body comment_obj/body" tal:content="structure python:pss.newline_to_br(comment_body)" class="commentBody"$gt; This is the body text of the comment. </div>

After:

<div tal:define="pss modules/Products/PythonScripts/standard; comment_body comment_obj/getBody" tal:content="structure python:pss.newline_to_br(comment_body)" class="commentBody"> This is the body text of the comment. </div>

(The emphasis are mine) It was as simple as changing "body" to "getBody". Of course, that is something I never would have figured out. I probably should proactively send it to the english mailing list.

Just noticed that the Japan Postgresql User Group uses plone. I discovered this because Shibata-san, the developer of Coreblog which powers this blog, announced a seminar on creating content for plone.

The Japan Postgresql community is extremely active and do a fantastic job of promoting the use of Postgre. At OSPI, we had them come down for a two day seminar and man did they have it down. It was really well done. And it is done by volunteers!

Note that they will be at OSC 2006 in Okinawa this weekend. The first OSC in Okinawa was something I was trying to get done for years, finally got it done, but moved back to the U.S. before it was actually held.

Finally finished. I have moved all of my servers and services to the new datacenter. Hopefully there wasn't too much disruption of service.

I currently have two servers running. The first is a ubuntu based server with limited memory. The other is a Gentoo based server that has significantly more memory. For what it is worth, if there is sufficient memory I much prefer Gentoo for servers. It may be that I am used to the configuration process, but it just strikes me as easier to administer.

As some of you may be aware, I have several domains: Neohawk.org, Neohawk.info and Neohawk.net. Generally speaking, the neohawk.org domain is for the family site and email. Neohawk.info is for informational portals, wikis, and other such websites. Neohawk.net is for "network services". Each domain is located on both servers, depending on what in particular is being serverd.

Neohawk.Info

I have also set up two planets under this domain; Planet Uchina and NeoIT. Planet Uchina is a Planet for aggregating news and blogs related to Okinawa. It is in Japanese. Planet NeoIT is my tech feeds aggregator. Both currently run PlanetPlanet, but I plan to transition them to the feedjack module for django.

Fair warning, when I transition to feedjack, I will be changing Planet NEO, which is currently under the Neohawk.Org domain, to the neohawk.info. I will prewarn you, as well as keep both running in parallel for a little bit. Oh, the same goes for Planet Ohio Japan.

Neohawk.net

As I mentioned Neohawk.net is for "network services. Accordingly, it runs my openid server and a jabber server. It also hosts two tracs, the first one is my personal one which is password protected. The other trac is Ken's Python Project trac. Ken is learning programming, python in particular. I figured that as long as he was learning programming that he should learn some skills related to project management, bug tracking, documentation, etc that are always involved. So I have him using the trac system and using the subversion repository.

The openid server and jabber server are free to use, but be warned it is provided as is with absolutely no guarantees. However, the Neohawk.org family are using both daily, for whatever that is worth.

I have at least temporarily turned trackbacks off. It's not a huge loss since other than spam I didn't get much. I'd like to keep them open, but for the last couple of days the spam attacks have been pretty bad.

It appears that some scumbags from russia, or at least some scumbag using boxes with ip addresses in russia, are spamming NeoHAWK. It comes in waves and from a block of ip addresses. So I am assuming its a script of some kind. Gotta luv script kiddies. not. But I really don't have time to work on making my tracback spam protection work correctly so I am turning it off for now.

I really don't get spammers. I really don't. Besides the fact that they are ruining a cool feature of blogging, they're shooting themselves in the foot. I would imagine that the point of spam is to get somebody to click on the trackback link. But when you send 30 trackbacks in 5 minutes, the invariable result is that the site will turn trackbacks off, if only temporarily. Trackbacks get turned off, no clicks. Talk about cutting off your nose despite your face...sigh.

On the other hand, I can't imagine that spammers are really that smart or they would be doing something more important with their lives other than bothering a small family website blog.....

I found this link today posted on delicious by weboo. Spam protection and community service merged.

reCaptcha is just that, a captcha. You know the funky text with graphics which only humans are supposed to be able to read, hence defying script kiddies' comment spam bots? Yeah, those captchas. Like the one on this blog when you want to add a comment. Well, reCaptcha takes that and adds some community service to it.

What reCaptcha does is provide you with a captcha the content of which is from scanned books. As you may know, when an OCR scans a book it can't correctly identify the words in whatever was scanned. So instead of "this" it sees "nhis". In order to create a digitized version of the book then, all those errors need be corrected. And that is exactly what reCaptcha does. Each captcha presented is actually an error from an OCR scan of a book. By inputting the correct reading of those letters, not only are you demonstrating that you are not a comment spambot, but you are submitting a correction to the digitized book.

So not only can I feel good about protecting my site(s) from comment spam, I can do it by providing a valuable service to society at the same time! Pretty cool if you ask me....oh, too bad there isn't a plugin for plone or coreblog yet...

Now, I also need to give credit to Charlie, a.k.a Cyberchuck, as he mentioned this to me a few weeks ago. At the time, however, I really didn't get a chance to look at it. If he hadn't of mentioned it, I probably wouldn't have noticed weboo's link. Thanks Charlie.