Web design

Blocking referrer spam, mal-bots, and other malicious weasels with htaccess

Anyone who runs a site/server for very long will likely find out about the gruesome underbelly of the online work - spammers. They come in many shapes and sizes (most are bots), and with different purposes each, but they each have this in common - they hurt your site/server and it's available resources.

Below are some things to look out for and some methods to take care of one particular type of spam, referrer spam, which can cripple a site/server in no time. With enough referrer spam you'll have what amounts to a denial of service attack (e.g., so many junk requests that the server can't even tend to the real ones).

Example of how serious this can be
Recently one of the sites we host had a big traffic day thanks to being front paged at Fark.com and Foobies.com. 18,000+ unique visitors in 18 hours. Suffice it to say that put quite a load on the shared environment they were hosted in. Well, guess what - the (unrelated) spam attack the site received a few days later actually created more than twice the load on the server that the huge amounts of legitmate traffic did!

Identifying the problem

The first step in fixing a problem is, of course, to know you have one! Referrer spam can be tricky because without knowing where to look you may never realize what is happening in the dark corners of your webserver - you'll just see the symptoms. (a slow site or one that is down completely)

Where to look
If you've got performance issues with your site that you can't tie to an increase in visits then it might be worth a look. The places where you can track referrer spam are a) in your server logs, b) in your site/cpanel statistics pages.

What you'll want to look at is your most recent hits, and the most frequently requested pages. If you see something that surprises you (e.g., an invalid url, or a url that you don't think should be that busy) then note the ip address(es) and/or domain(s) of the who is requesting it. If you ever see pages continually requested by only one ip address/domain or numerous ip's within the same range, then that's not a good sign. Grab the ip address and do a whois lookup on it and try and find out more. There are certain countries, for instance, where spam often orignates from.

Block that spammer
Ok, so now you sure. Your site is being taken apart by a rougue bot. You've identified a fixed ip or defined range of ip that it's coming from. Now it's time to block this vermin using a little .htaccess magic:

To block a single ip address:
(substituting the real ip for the placeholders x's, of course):

order allow,deny
deny from xxx.xxx.xx.x
allow from all

10 February, 2007

Drupal Intranet - Controlling access by role, per node, per user

Recently we had the pleasure of developing a very cool intranet for a group associated with the United Nations. They desired an online space within which they can privately share articles, comments, and files with each other.

Our mission was to make a site that would:

  • Not let anonymous users view any content
  • Enable varying levels of viewing, adding, and editing rights across differing authenticated user roles - on a per page/node basis
  • Enable different/custom menu configurations based upon user role
  • Redirect users after a successful login attempt to a front page which is unique to user role

If you have never used Drupal before you may not know that the above functionality is not available out-of-the-box. However, with a little research we found some contributed modules which helped us to achieve a totally customizable intranet:

  • front page
  • login destination
  • menu per role
  • nodeaccess
8 February, 2007

Drupal themes

One of the greatest things about the Drupal CMS is that it can support *any* look and feel you want it to in a just click of a button. Or at least it can once you have the theme you want designed and "Drupalized".

Themes/designs are a very unique part of a web site, because they they simulataneously are "just" a wrapper for the content on your site - while at the same time being *the* main element which keeps your site from just being a bunch of text splattered on a page (screenshot of this page without an active theme).

So, the visual design of your site is one thing in itself, but it's only a beginning, and in a proper site construction a theme should start out literally as a 'pretty picture', mocked up in Photoshop for easy experimentation/changes.

What happens after this stage in theme development is an entirely different case altogether, because now we're moving from a 'pretty picture' to working code, which will affect browser compatibly (do Internet Explorer 7 users see your page as a blob?), download speed, and usability (does the link to the contact page not work for Firefox users?).

The coding stage is where expertise and testing become necessary in order to keep a your design from becoming a nightmare in terms of usability, compatibility, and flexibility.

So, a good theme is not coded to not just look like the pretty picture you started out for one browser, but to also:

  • look and behave correctly across a wide variety of web browsers - now and for the future
  • be flexible enough to provide future customization and extensibility. Having a theme that falls apart or cannot support at least minor revisions to the layout will be very limiting later on if you need to change things up.
  • be efficient and degradable. If your theme uses Javascript or Flash, it should be made to 'degrade' gracefully if a visitor does not have those features turned on in their web browser. In certain cases, consideration for "accessibility" issues of handicapped web visitors must/should be taken into consideration when coding your theme.

Design resources:
HigherVisibility Theme Library
Hundreds of high quality themes, for dozens of categories. Browse and brainstorm - themes available in raw format, or professionally Drupalized

Open Source Web Design
Browse Free Web Design Templates (non-Drupalized)

The Drupal Theme Developer's handbook is a good place to go for information on developing the code for your own theme.

30 January, 2007

Sacramento Drupal development

In addition to the U.S. and international markets which HigherVisibility serves, we also have a non-virtual home in the Sacramento area, which gives us and our clients more opportunities for the kind of personal face time that isn't always an option when communicating thousands of miles away.

So, if you're in the Sacramento area and are looking for world class web design, online community building, blogging tools, or intranet development - all done with the best open source tools available contact us.

30 January, 2007

Drupal how to: Editing your theme colors, stylesheets

Published in: 

This article is provided for do-it-yourself'ers who would like to customize their site's theme colors, (which will be a good warm-up for doing other things with your theme, btw). With this information and a some patience it's should not be too hard to change your template's colors around yourself, so take heart, and quit your shakin' already!

To change theme colors, the file you'll usually want to edit is called "styles.css" and it can normally be found inside your selected theme's folder. Every great once in a while you may also need to edit "drupal.css" which is located in the "misc" folder of your root Drupal directory, but most of the time this is not the case.

So now let's get editing:

If you have the theme_editor.module installed you can just edit the styles.css file inside your browser window, but it may be a lot easier to see and/or search and replace things if you copy and paste the contents of " style.css" into a proper text editor like like NoteTab Light for instance ( http://www.notetab.com/ntl.php ). It is VERY important NOT to use a rich-text application like Microsoft Word or Wordpad for editing because those programs will introduce invisible characters which can screw up the processing of your code! Believe it or not, the otherwise enemic "Notepad" which comes with windows CAN be used for editing code, since it is plain-text based and not rich-text.

Once you decide where you'll edit the file the next thing to do is to decide what to edit.

If you have Firefox, you should install the Web Developer extension for it - http://chrispederick.com/work/webdeveloper/ - its tools have been a lifesaver many times. Actually, if you don't have Firefox you should just go ahead and get it because this tool alone is worth going through the 5-10 minute installation process. (additional tip - once you have the developer extension installed find the "CSS" menu item and select "View Style Information". This will turn your cursor into "crosshairs" which you can then use to click any item on your webpage to reveal the css classes styling it. Then simply locate the style in your stylesheet)

We recommend using this handy tool to pick out your new colors and/or to figure out what colors are currently being used.

It will be important to remember that in the online world colors are generally referred to by hex numbers, meaning that something like "596F80" will be the current color of your page titles. By going to the url above and clicking "Enter RGB" (lower left-hand corner) a popup box will open and you can paste an existing hex value and doublecheck the color of your numerical values. With this tool and a little trial and error you can replace the color values of what you don't want with the color values of what you do want. Tip - using the 'search and replace all' function of a html/text editor can be a big time saver here.

21 January, 2007
Subscribe to RSS - Web design