Comments on: Excerpts Exacted; Shielding the Admin http://meyerweb.com/eric/thoughts/2008/06/12/excerpts-exacted-shielding-the-admin/ Things that Eric A. Meyer, CSS expert, writes about on his personal Web site; it's largely Web standards and Web technology, but also various bits of culture, politics, personal observations, and other miscellaneous stuff Fri, 19 Mar 2010 00:27:46 -0400 http://wordpress.org/?v=2.9.2 hourly 1 By: Krissie http://meyerweb.com/eric/thoughts/2008/06/12/excerpts-exacted-shielding-the-admin/#comment-411195 Krissie Thu, 25 Sep 2008 05:17:08 +0000 http://meyerweb.com/?p=911#comment-411195 RE: NeverForgetCerpt... It's a great little plugin, but I've just encountered a bug with it... namely that when the plugin is activated, the ability to publish immediately by just pressing the publish button when writing a post dissapears... to publish the post with the plugin active, I had to first choose "published" from the dropdown box before hitting the publish button. I don't know if this plugin prevents scheduled publishing of a post too, but certainly it interfered with immediate publishing for me just now - I've, sadly, had to de-activate it. RE: NeverForgetCerpt…

It’s a great little plugin, but I’ve just encountered a bug with it… namely that when the plugin is activated, the ability to publish immediately by just pressing the publish button when writing a post dissapears… to publish the post with the plugin active, I had to first choose “published” from the dropdown box before hitting the publish button. I don’t know if this plugin prevents scheduled publishing of a post too, but certainly it interfered with immediate publishing for me just now – I’ve, sadly, had to de-activate it.

]]> By: Immeƫmsol http://meyerweb.com/eric/thoughts/2008/06/12/excerpts-exacted-shielding-the-admin/#comment-400586 Immeƫmsol Fri, 15 Aug 2008 13:28:55 +0000 http://meyerweb.com/?p=911#comment-400586 <blockquote cite="http://meyerweb.com/eric/thoughts/2008/06/12/excerpts-exacted-shielding-the-admin/#comment-384416"><a href="http://meyerweb.com/eric/thoughts/2008/06/12/excerpts-exacted-shielding-the-admin/#comment-384416" title="Link to comment #4 by Eric Meyer" rel="nofollow">Eric Meyer</a>: Alan: I"d do that, but I don"t know of a way for WP/PHP to forge the referer for the browser to pick up and pass along, or to just generally forge the referer. Some Googling turned up zippo, though perhaps I wasn"t using the right terms. I"ll poke around some more. </blockquote> You could spoof your hostname into being their hostname (/etc/hosts)They will then see that domainname in their logs,but maybe they can still see the ip-address then, I don't know that right now. I found this though: http://own-the.net/news_Hide-referer-tested-on-IE-and-FF_4.html

Eric Meyer:
Alan: I”d do that, but I don”t know of a way for WP/PHP to forge the referer for the browser to pick up and pass along, or to just generally forge the referer. Some Googling turned up zippo, though perhaps I wasn”t using the right terms. I”ll poke around some more.

You could spoof your hostname into being their hostname (/etc/hosts)They will then see that domainname in their logs,but maybe they can still see the ip-address then, I don’t know that right now.

I found this though:
http://own-the.net/news_Hide-referer-tested-on-IE-and-FF_4.html

]]> By: David Eldridge http://meyerweb.com/eric/thoughts/2008/06/12/excerpts-exacted-shielding-the-admin/#comment-396928 David Eldridge Fri, 01 Aug 2008 14:17:49 +0000 http://meyerweb.com/?p=911#comment-396928 You can also use a more direct Google redirect/proxy, e.g. http://www.google.com/gwt/n?u=http://meyerweb.com. I am not sure if this would meet your requirement or not. You can also use a more direct Google redirect/proxy, e.g. http://www.google.com/gwt/n?u=http://meyerweb.com. I am not sure if this would meet your requirement or not.

]]> By: Andrew http://meyerweb.com/eric/thoughts/2008/06/12/excerpts-exacted-shielding-the-admin/#comment-384725 Andrew Sat, 14 Jun 2008 14:26:08 +0000 http://meyerweb.com/?p=911#comment-384725 Hi, nice idea for a plugin. Changed the code a bit, now it hides the appended URL nicely on Akismet's page, but not on the edit comments page, as the filter get_comment_author_url_link is not used there. On the other hand that clearly shows when the browser is going to be redirected. Also changed it so only the links from not-approved comments are redirected either through hidereferer.com or anonim.to. http://www.laptoptips.ca/wpd/wp-content/img/mw_url_obscurify.zip Hi, nice idea for a plugin. Changed the code a bit, now it hides the appended URL nicely on Akismet’s page, but not on the edit comments page, as the filter get_comment_author_url_link is not used there. On the other hand that clearly shows when the browser is going to be redirected.

Also changed it so only the links from not-approved comments are redirected either through hidereferer.com or anonim.to.

http://www.laptoptips.ca/wpd/wp-content/img/mw_url_obscurify.zip

]]> By: Stephen http://meyerweb.com/eric/thoughts/2008/06/12/excerpts-exacted-shielding-the-admin/#comment-384663 Stephen Sat, 14 Jun 2008 07:15:24 +0000 http://meyerweb.com/?p=911#comment-384663 Most browsers do not send the referer header on a meta refresh. That would be the method I would use-- just link to your own redirect page. You would get to save bandwidth (a tiny amount), get to save time (by only clicking once and loading less pages), and get to use a deprecated method (according to the once useful W3C). Just thought I'd throw that out as a possibility. Most browsers do not send the referer header on a meta refresh. That would be the method I would use– just link to your own redirect page. You would get to save bandwidth (a tiny amount), get to save time (by only clicking once and loading less pages), and get to use a deprecated method (according to the once useful W3C).

Just thought I’d throw that out as a possibility.

]]> By: Peter Wilson http://meyerweb.com/eric/thoughts/2008/06/12/excerpts-exacted-shielding-the-admin/#comment-384482 Peter Wilson Fri, 13 Jun 2008 00:04:04 +0000 http://meyerweb.com/?p=911#comment-384482 Why not put a simple file redirect.php on your server: <code><?php header("Location: " . $_GET["q"]); ?></code> Using this, the url could be http://meyerweb.com/redirect.php?q=http://hamstu.com allowing a single click while avoiding the reference to the WP Admin. Of course, this won't work if you're trying to avoid references to meyerweb all together. Why not put a simple file redirect.php on your server:

<?php
header("Location: " . $_GET["q"]);
?>

Using this, the url could be http://meyerweb.com/redirect.php?q=http://hamstu.com allowing a single click while avoiding the reference to the WP Admin.

Of course, this won’t work if you’re trying to avoid references to meyerweb all together.

]]> By: Jemaleddin http://meyerweb.com/eric/thoughts/2008/06/12/excerpts-exacted-shielding-the-admin/#comment-384454 Jemaleddin Thu, 12 Jun 2008 20:26:51 +0000 http://meyerweb.com/?p=911#comment-384454 @Nick: Sounds like a good job for GreaseMonkey - any takers? @Nick: Sounds like a good job for GreaseMonkey – any takers?

]]> By: Nick http://meyerweb.com/eric/thoughts/2008/06/12/excerpts-exacted-shielding-the-admin/#comment-384421 Nick Thu, 12 Jun 2008 16:25:39 +0000 http://meyerweb.com/?p=911#comment-384421 For the Comments page, get_comment_author_url is assigned to another variable and too many things are done with the variables after that. You could use Javascript to change all external links when viewing edit-comments.php. If I had any Javascript skills I'd give it a shot. For the Comments page, get_comment_author_url is assigned to another variable and too many things are done with the variables after that.

You could use Javascript to change all external links when viewing edit-comments.php. If I had any Javascript skills I’d give it a shot.

]]> By: Pete Nelson http://meyerweb.com/eric/thoughts/2008/06/12/excerpts-exacted-shielding-the-admin/#comment-384420 Pete Nelson Thu, 12 Jun 2008 16:14:30 +0000 http://meyerweb.com/?p=911#comment-384420 One of my boss' favorite things to check out is how many people came to our site via a google search, and then to look at the keywords they use. If someone wrote a common plugin that went through google to mask the referrer, we could see some very interesting side effects when we look at the keywords used to get to our site. Even more interesting, though, is that google gives me an intermediary page when I try a URL such as you suggest. It even adds a query param to the URL - "oi=unauthorizedredirect". One of my boss’ favorite things to check out is how many people came to our site via a google search, and then to look at the keywords they use.

If someone wrote a common plugin that went through google to mask the referrer, we could see some very interesting side effects when we look at the keywords used to get to our site.

Even more interesting, though, is that google gives me an intermediary page when I try a URL such as you suggest. It even adds a query param to the URL – “oi=unauthorizedredirect”.

]]> By: Devon Young http://meyerweb.com/eric/thoughts/2008/06/12/excerpts-exacted-shielding-the-admin/#comment-384417 Devon Young Thu, 12 Jun 2008 15:35:28 +0000 http://meyerweb.com/?p=911#comment-384417 You might be interested in the Simple Trackback Validation plugin if you're going through that much effort. I forget the exact link, but you can find it in my latest blog post. Funny you mention comment spam today. You might be interested in the Simple Trackback Validation plugin if you’re going through that much effort. I forget the exact link, but you can find it in my latest blog post. Funny you mention comment spam today.

]]> By: Eric Meyer http://meyerweb.com/eric/thoughts/2008/06/12/excerpts-exacted-shielding-the-admin/#comment-384416 Eric Meyer Thu, 12 Jun 2008 15:11:21 +0000 http://meyerweb.com/?p=911#comment-384416 Thanks, <a href="http://meyerweb.com/eric/thoughts/2008/06/12/excerpts-exacted-shielding-the-admin/#comment-384409" rel="nofollow">Shaun</a>-- at least some small good might come from your pain. I'll also look at your suggestion, <a href="http://meyerweb.com/eric/thoughts/2008/06/12/excerpts-exacted-shielding-the-admin/#comment-384410" rel="nofollow">Fireball</a>. Maybe I'll randomly switch between the two for extra obscurity! <a href="http://meyerweb.com/eric/thoughts/2008/06/12/excerpts-exacted-shielding-the-admin/#comment-384414" rel="nofollow">Alan</a>: I'd do that, but I don't know of a way for WP/PHP to forge the referer for the browser to pick up and pass along, or to just generally forge the referer. Some Googling turned up zippo, though perhaps I wasn't using the right terms. I'll poke around some more. Thanks, Shaun– at least some small good might come from your pain. I’ll also look at your suggestion, Fireball. Maybe I’ll randomly switch between the two for extra obscurity!

Alan: I’d do that, but I don’t know of a way for WP/PHP to forge the referer for the browser to pick up and pass along, or to just generally forge the referer. Some Googling turned up zippo, though perhaps I wasn’t using the right terms. I’ll poke around some more.

]]> By: Alan Gresley http://meyerweb.com/eric/thoughts/2008/06/12/excerpts-exacted-shielding-the-admin/#comment-384414 Alan Gresley Thu, 12 Jun 2008 14:32:31 +0000 http://meyerweb.com/?p=911#comment-384414 Not knowing WordPress or script, I will make this suggestion in sheer ignorance. Why not make the referrer string reflect the domain that is the possible spammer. Their logs would show their site referring to itself. This is what we see normally in our logs from inbound links but would be good payback to spammers. Not knowing WordPress or script, I will make this suggestion in sheer ignorance.

Why not make the referrer string reflect the domain that is the possible spammer. Their logs would show their site referring to itself. This is what we see normally in our logs from inbound links but would be good payback to spammers.

]]> By: Fireball http://meyerweb.com/eric/thoughts/2008/06/12/excerpts-exacted-shielding-the-admin/#comment-384410 Fireball Thu, 12 Jun 2008 14:08:10 +0000 http://meyerweb.com/?p=911#comment-384410 There is http://anonym.to/, which gives you a slight feeling of anonymity... don't know if it's better, but it's widley used in the german speaking web. There is http://anonym.to/, which gives you a slight feeling of anonymity… don’t know if it’s better, but it’s widley used in the german speaking web.

]]> By: Shaun Inman http://meyerweb.com/eric/thoughts/2008/06/12/excerpts-exacted-shielding-the-admin/#comment-384409 Shaun Inman Thu, 12 Jun 2008 14:07:31 +0000 http://meyerweb.com/?p=911#comment-384409 You want http://hiderefer.com/. I come across this site all the time when dealing with nulled copies of Mint. Sigh. Just add a question mark and url you want to redirect to. You want http://hiderefer.com/.

I come across this site all the time when dealing with nulled copies of Mint. Sigh.

Just add a question mark and url you want to redirect to.

]]> meyerweb.com

meyerweb.com

Skip to: site navigation/presentation
Skip to: Thoughts From Eric

Excerpts Exacted; Shielding the Admin

In response to my request, the indomitable Hamish Macpherson has created NeverForgetcerpt, a plugin for WordPress 2.5+ that will warn you if you’re about to publish a post that lacks an excerpt. I’m already using it on meyerweb and it’s working like a charm. He’s also expressed interest in the idea of a plugin that does that and also warns you if you forgot to add tags or categories, so stay tuned. Meantime, all hail Hamish!

I have another plugin request, but in this case I’m looking for help in modifying something I’ve already done. Or half-done, maybe.

I don’t know about you, but I get a lot of comment spam. As I type this sentence, Akismet has stopped 837,806 spam attempts in total. A false positive makes it past Akismet and my other defenses to land in the moderation queue about once every four days, on average.

Some of those false positives are really, really, really easy to spot, and they get marked as spam in order to help improve the recognition algorithms. Others are hard to evaluate just by looking at the comment. Many are trackbacks from sites in langauges I can’t read, and others that I can read look legit enough. In such cases, I usually go visit the author’s URL to see if it looks spammy or not.

Now, the way I used to do this was to right-click on the blog link, copy the URL of the target, open a new browser tab, and paste the URL into the address bar. Why? To prevent my WP admin URL from landing in the referer logs of a potentially unscrupulous site owner. But sometimes I forget to do all that, and just click. I figured, well, why not stop fighting the tendency to just click and write a plugin that routes all outbound links through a redirect service?

So I did. You can grab it for yourself if you want, but if you do, understand that it’s pretty clunky right now. Which is the part I’d like help fixing.

The heart of the plugin is simplicity itself: 

if (is_admin_page()) {
	add_filter('get_comment_author_url','_mw_obscurify',5);
}

function _mw_obscurify($url) {
	if ($url) return 'http://google.com/url?q=' . $url;
}

There’s a little more to it than that (specifically, the routine is_admin_page(), which I got from someone else’s plugin and wish now I could remember whose it was) but that’s the core. So any time the URL of a comment author is fetched, it’s prepended to turn it into a Google redirect.

That’s true for both href values and displayed URLs, though, which is the clunky part. The end result is that on comments from the aforementioned mighty Hamish, for example, I get the following markup on the “Comments” page: 

<a href="http://google.com/url?q=http://hamstu.com">

http://google.com/url?q=http://hamstu.com</a>

What I’d very much prefer is: 

<a href="http://google.com/url?q=http://hamstu.com">

http://hamstu.com</a>

Or even: 

<a href="http://google.com/url?q=http://hamstu.com">
hamstu.com</a>

So what I’d like to know is if there’s any way to make that happen short of rewriting and replacing get_comment_author_url, which I’d prefer not to do since it could change in future versions of WordPress and I’m not particularly interested in turning a basic plugin into a continuing maintenance headache. I mean, I will if absolutely necessary, but I’d like to find a better way if there is one. Thus the request for help.

Also, are there better redirect strategies than using Google the way I have? It’s very slightly annoying that I have to click through the Google redirect page, and though I absolutely understand why they do that, I’d love to find an automatic redirect that wouldn’t expose my referer to the target site. Anyone know of one, or have a related sharp idea?

(If you care, there's even an archive of previous thoughts...)

Identity Archipelago

Projects Elsewhere

Recently Tweeted

see more

Spent the afternoon manhandling a rototiller whose clutch design was exactly the inverse of anything resembling reasonable or safe. –tweeted 3 hours, 18 minutes ago

Distractions

archive

Blog Advisory System Alert Level: Guarded

The excuse of the day is

Internet 1 traffic is being routed onto Internet 2

Extras