After my server was down for a couple days (because I was physically moving the machine to another location) I decided to check if there were any updates. Sure enough, there just happened to be an update for 3.2 and it had the usual warning of “be sure to backup your database and files” which I either ignore or partially ignore. I do typically do a mysqldump before running any of the updates, but I almost never backup the WordPress directory itself.
I just thought I’d make a quick post about two WordPress plugins which seem to work great for spam detection. The first one is Akismet. Alone it seems to catch most spam here. The problem with this plugin alone is, there may still be false positives. This requires more time on my part to skim over my spam to see if there was any legit comments. This brings me to the second plugin, Conditional CAPTCHA.
I decided it was time to have some form of backups in place. Currently all I’m really (automatically) backing up is the WordPress MySQL table since it’s the thing to changes on a regular basis. Everything else on this server can be backed up by hand when/if I make changes. It would be faster if/when something does fail (hard drive most likely) to have a recent full backup image to restore from, but really, a good backup of the MySQL table(s), a backup of important configuration files (since they rarely change, I back them up manually after change(s)), and a backup up various directories that’d be nice to restore quickly (most of which change infrequently.
Well, I’m going to try to cut down on the spam (only a few spam bots so far have attempted to post, but I know there will be more.) I’m trying out SI Captcha to see if that helps. I just wish it had an option to still email upon failed comment posts (or something similar till I’m sure it’s working.) Oh well, I’ll still be moderating comments, but I hope this will help cut down on the amount of spam comments I have to moderate.
So, I’ve only been up for about three weeks and I’ve already got my first spam comment (which is why I moderate all comments ATM.) Also, it was kind of strange, I went to go here at work today and I wasn’t able to connect. So, I logged into my router. I thought that my iptables were screwy again, so I started trying to fix them by hand. Deleted a rule and BAM no more connectivity to my router (at all.
Well now that the system is live, I think there’s going to be a few things I’m going to need to fix. Most all of them are from using mod_chroot. Most aren’t anything critical, but things that should be addressed (sooner rather than later.) For instance, I think DNS lookups are failing from inside WordPress. I breifly read in the mod_chroot caveates that this may happen, and I think this is happening now.
Well, my server is pretty much ready I now. Apache is chrooted and seems to be working well. I also did a self-signed cert in hopes that’ll make my remote logins even more secure to WordPress. SSH access is limited to keyed logins. Ntpd is running in hopes of keeping the system’s clock sane. I’ve moved all my Git repos here and even have my CGit vhost running/working. Git daemon is also running.
As I prepare to have my server public, I’ve chrooted my server’s Apache with mod_chroot. This allows me to have the advantages of a chroot environment without as many of the draw backs. There is still some strangeness to work out. For instance “Warning: timezone_open() [function.timezone-open]: Unknown or bad timezone (America/Chicago) in /wp/wp-includes/functions.phpon line 3160” I’ll get this figured out, but honestly, it’s not a huge deal. I may have to have Apache load the zoneinfo file, or perhaps not… Really, the only change I had to make to WordPress was to have it connect to the MySQL database on 127.