How to stop new user registration spam

I’m currently in the process of finishing up an e-commerce website, which runs on WooCommerce. As soon as it went live, there were five new accounts registered in a couple of hours. Each of them with a suspicious email. Pretty sure none of them wanted to do any purchases.

After some digging, I was able to find out that these spammers visit the following url: https://www.example.com/wp-login.php?action=register. If there’s no captcha and if registrations are allowed, they register a new account. By default, these accounts are assigned the Customer role. So they probably can’t cause any damage but still. It’s really annoying to get emails that a new person registered to the site and it’s a spammer.

The solution? There are lots of plugins that take care of this, but I wanted to solve this problem without any additional plugins (I’m using too many already!). The domain DNS is pointed to Cloudflare, which takes care of a lot of useful things. In Firewall, I created a new rule and assigned a name to it. For the first field, I selected Uri Full. I did not touch the operator field, by default it was set to equals. On Value, I pasted the whole URL – https://www.example.com/wp-login.php?action=register. The most important part comes last – under Then, I selected Challenge(CAPTCHA). After saving the new rule, I tested it out. As soon as I visited the URL, I was presented with a nice CAPTCHA.

Ever since I set this rule, I had no new spam accounts!

Raspberry Pi backup – easy and efficient

Creating Raspberry Pi backups is extremely important, have you backed up your Raspberry Pi lately? No? Well, that are you waiting for! I admit, I have messed up my Raspbian system several times and had to start fresh. It was not a problem in the beginning because I was able to learn lots of new things. As time went on, my Pi had more and more features (security camera, web server, flight radar, Raspberry Pi Weather station, etc). It would take a really long time to set everything again. That’s why it’s really important to do regular backups.

Everyone recommends that you use Win32 disk manager. Don’t get me wrong, it is a great tool for making backups. Some time ago I had bought a new SD card, and tried to restore the image, created by Win32 disk manager. It did not work, because the SD cards were not exactly the same size, although both were marked as 32GB cards. I got a message “Not enough disk space”. The second disadvantage is the image size, which is exactly the same as the SD card.

paragon backup

The solution is: Paragon Backup and recovery free. The free version does exactly what is needed. With it you can create incremental versions of the SD card. The file size is greatly reduced, in my case from 32GB to 8GB! The best thing – this backup can be restored to any SD card. Once a month I power down my Pi and replace the SD card with an old backup. That way I get very little down time. Meanwhile, Paragon takes care of creating a new backup. The files for your Raspberry Pi backup are neatly arranged in a specified folder. After the original SD card is inserted into its place, I immediately restore the created backup to my second SD card.

Granted, the process has a few extra steps compared to Win32 disk manager. But the extra clicks are worth it, the process itself is so simple and straightforward that I’m not even going to write a detailed how-to with loads of screenshots. Install it and give it a go, you will never look back!

Disable LED lights on Raspberry Pi

Raspberry Pi provides two LED lights – a green and red one. If anything goes wrong you can identify most of the problems by their status – blinking, always turned on etc. My Pi is working perfectly, so I’ve decided to rid myself of these two bright lights. It might even lower the power consumption a little bit. Anyway, the process is really simple. Type in sudo crontab -e and start editing the cron. You need to paste in the following:

@reboot echo 0 >/sys/class/leds/led0/brightness
@reboot echo 0 >/sys/class/leds/led1/brightness

 

Save changes and reboot in order to try out the new additions. These two commands are run after the Pi boots up, after each restart. The names led0 and led1 are the green and red LED. They still blink during boot, but power off completely when the system is up and running.

Developer console scraping, part two

I wrote a post about scraping Google’s Developer Console a year ago. A site visitor told me about his problems with this solution so I decided to help him out with a different option – a simple python script. It requires less prerequesites to be installed – only mechanize (sudo easy_install mechanize or sudo pip install mechanize).

In case you did not notice, when you log in to the Developer console, you can click on the Reports option and then statistics. There you have to write the name of your application and you will be presenteed with the statistics in zip files. I’m only interested in number of downloads and how many people actually use my application. Right click on Latest monthy install report and copy its url, we will be needing it shortly. For example, in my case the url would look something similar to https://play.google.com/apps/publish/bulkreports/download?period=2015_07&report_type=STATS_INSTALLS&package=com.example.application&dev_acc=0358642832969076833.

As you can see from the url, it contains a time period. The zip file also contains several csv files, that display daily statistics. I’ve made a simple script that downloads current months statistics in a zip file, extracts it and outputs the very last entry. That way I get the number of downloads and how many people have my app installed on their device. The script is available over here.

Before running it, you will need to do a few things first though. As stated before, install mechanize first. Get a hold of your dev_acc – it should be in the url you copied before. Take a look at the line that starts with result=br.open (should be number 22). Replace my dev_acc id with yours. Also replace the example package name with your application package name. Definitively replace the email and password with an account that has access to the developer console. I’m using /home/peter/production/scrape/ folder to hold  the downloaded zip and csv files. Change that according to your needs.

Now you can give it a go! The script first opens the url to the zip file that contains all of the statistics for the current month. It cannot, because it’s not authorised – it then logs in to the Developer console. In a moment the zip file is saved to the path you want. The file that ends with overview.csv is opened, because it’s the only one that contains the neeeded statistics. With the help of tail and cut, the needed information is parsed out. Then you can do what you want with it.

Developer console scraping

Google Play has a nice Developer console, which displays various information ranging from download stats to crash reports. It provides a great insight how the app is used. I wanted to automate getting the most important information from the apps I have published. I’m mostly interested in download stats and ratings. Tried several tools and even tried to make a simple python script. Because the site uses lots of javascript, there was no luck in creating my own solution. After some googling, I did stumble upon Google Dev scraper. It has been running on my Raspberry Pi for almost 4 months and it is truly working great!

google_play_store_logo

It needs some prerequisites such as Ruby and RubyGems. After these two are installed, clone the latest version from github. Because I want to get these information on a daily basis I’m using a cronjob that runs a bash script. Upon completion it creates a php file that displays the results in a simple manner. To start using the scraper, you need to get your developer Id. Visit the console and copy the numers after “dev_acc=”. Afterwards you need to get the package name for the stats that you want to get. You need to limit the search for the stats, get the publish date and latest displayed date in the statistics displayed in the console. When you have all of this information, issue the following command googleplay_dev_scraper -u [email protected] -p yourPassword -a yourDeveloperID app.package.name 20130227 20140106 >results.zip (replace the last two numbers with the starting and ending date in the same format!).

If you replaced all the data with your own login information, package name and correct dates, you should end up with a zip file. It contains lots and lots of statistics in csv format. Now it’s all upon you to decide which information you need and automate it with a bash script.  In general, my script does the following. Everyday at noon the starting command is issued to get statistics in a zip file. This file is then unpacked and removed.  Then the app.package.name_overall_installs.csv is read for the latest download number and ratings. Afterwards you can simply email them or display them in your website. Truly an amazing tool!

Raspberry PI with lighttpd

Yep, yet another Raspberry Pi post! After a little time off, I have just resumed my work on www.raspberryweather.com. It’s running WordPress on my hard working Raspberry Pi. After adding several tweaks to it, such as caching, I still felt that it’s a little slow sometimes. That is why I decided to step away from the classic LAMP (Linux, Apache, MySQL, PHP) and try out something new. This new option is lighttpd, also nicknamed lighty. It is much easier to set up, compared with nginx and the Quick Cache plugin works flawlessly with it. The increase of speed is noticeable, you should try it yourself.

Start with the well known command – sudo apt-get install lighttpd. With it, your Pi will install lighttpd along with any required dependencies. After installation the server will start and notify you. Same as with Apache, you show the website contents in /var/www map. Take ownership of this map with sudo chown www-data:www-data /var/www. Also allow the group to write to this directory by typing sudo chmod 775 /var/www. To test if the first part was completed successfully, create a simple html file inside /var/www. Hopefully the contents of the html file will be shown.

Now you need to work on the rewrite rules, so your WordPress site will be able to use pretty links. Modify the configuration file – nano /etc/lighttpd/lighttpd.conf. Here is the important part of config for my site along with some comments. You can easily copy and paste it to your config.

#replace raspberryweather with your domain/ip

$HTTP["host"] == "www.raspberryweather.com" {
  server.document-root = "/var/www/"

  server.error-handler-404 = "/index.php"

  url.rewrite-final = (
    # exclude directories from rewriting
    "^/(wp-admin|wp-includes|wp-content|gallery2)/(.*)" => "$0",

    # exclude .php files at root from rewriting
    "^/(.*.php)" => "$0",
    # exclude robots.txt from rewriting
    "/robots.txt" => "$0",
    # exclude xml files also
    "^/(.*.xml)" => "$0",

    # handle permalinks and feeds
    "^/(.*)$" => "/index.php/$1"
  )
}

To test it our, restart the service with  /etc/init.d/lighttpd restart. In your WordPress admin panel, navigate to Settings, Permalinks. Make sure that Custom Structure with /%postname%/ is chosen. Hopefully you will not get any 404 errors while browsing your site.

If you want to give some extra speed, then enable gzip. Again, modify the conf by adding the following code

compress.cache-dir          = "/var/cache/lighttpd/compress/"
compress.filetype           = ("text/xml","application/x-javascript", "application/javascript", "text/javascript", "text/x-js", "text/css", "text/html", "text/plain", "image/png", "image/gif", "image/jpg", "image/svg+xml", "application/xml")

In my case I had to comment out the existing two lines. If you forget that, you will get an error when restarting lighttpd service. Make sure that var/cache/lighttpd/compress does indeed exist! You need to take ownership of this particular folder as well issue the command chown www-data:www-data /var/cache/lighttpd/compress/. Restart the service and test if all is working as planned. Go to www.whatsmyip.org/http-compression-test/ and type in your IP or domain name.

Simple Twitter integration for Android

I have decided to try out integrating Twitter into an Android application. It appears that this takes a little bit of more effort than for Facebook. There is no official SDK for this, so you are pretty much on your own. There are lots of unofficial plugins like Twitter4J but I could not find one that would be simple to implement and would look nice. In the end, after hours of Googling and testing different solutions I decided for the simplest solution there is. It’s not the best one, mind you, but it’s simple and efficient. You do not need to get your own api key and its only a few lines of code. The solution is launching the web browser with some parameters, one of them is the string that will be tweeted.

public void twitterAction()
	{
		String yourTweet="This is your tweet!";
		String url = "https://twitter.com/intent/tweet?text="+yourTweet+" %2simple";
	    Intent i = new Intent(Intent.ACTION_VIEW);
	    Uri u = Uri.parse(url);
	    try
	    {
	    	i.setData(u);
	    	startActivity(i);
	    }
	    catch(ActivityNotFoundException ex)
	    {
	    	Toast.makeText(getActivity(), "No browser installed", Toast.LENGTH_SHORT).show();
	    }
	}

After calling this method, your browser will be opened and you will have to login. Afterwards your message will be tweeted along with a hashtag. If there is no browser present an exception is caught and displayed with a toast message. Simple and nice :).

Outlook custom domain

You might have heard, that Google Apps is no longer free. Every since the beginning of this year, you cannot register new Google Apps for free. If you did so before this time, you’re safe. Others should look for a good alternative. One of the best options is Outlook.com, the new and improved hotmail.com. The process is fairly simple and you should be done pretty fast. My domain raspberryweather.com is using the cloudns.net service for DNS hosting, and will be used to show you what to change. The process itself is similar on other sites or your hosting control panel.

Start by going to domains.live.com, click the get started button and type in your domain. Leave the “set outlook.com for my domain” checked and proceed. Create a new account with your domain. Create a new account or sign in if you have previously registered on outlook.com. I have registered a new domain and verified my account. Afterwards I visited https://domains.live.com again and clicked on get started. There you have to type in your domain again, leave the radiobox as it is and continue. After typing in the CAPTCHA, leave everything unchanged.

Now you need to prove that you really own this domain. You will be presented with some long strings that need to be added to certain records in your domain. These strings will be different for each user, do not paste my strings that are displayed here just for reference. Log in you domain management. As said before, in my case this is cloudns.net. First, change the MX record. I had to click on add new record next to MX tab. Then I pasted in something like 5f5850w7sd3779a11b1O403565f99b.pamx1.hotmail.com in the points to textbox. Same process but different text for TXT record. In my case the text was something like v=msv1 t=635850d78bd7722a7720408d652w9x. Create yet another MX record, mine looks like 6w5850x78b329d7731040425632d92.msv1.invalid but make sure the MX priority is 11. Last but not least, another TXT record for spf, looks similar to v=spf1 include:hotmail.com ~all.

I myself do not care for messenger, so I skipped that part and pressed the refresh button. It took a few seconds to check all the new records and it worked like a charm. Now you can add the accounts you want to be using for your new domain. That way you can use outlook.com instead of the obsolete webmail. You will have to set your security question the first time you log. it might cause some problems if you plan on using a client that checks for your email, so sign in with your browser for the first time.

Install nginx on Raspberry Pi

Here is how to install nginx on your Raspberry Pi. I have decided to use it instead of apache, because of its great reviews and speed. First off, you need to update the dependencies by typing in apt-get update. Wait a bit for it to finish.

Next, start installing the required packages. Type in apt-get install nginx php5-fpm php5-cgi php5-cli php5-common php5-mysql . This will install nginx along with needed php5 packages. This will take some time, so relax and wait for it to finish. Start the service up by typing service nginx start. Get your IP address by typing in ifconfig. When you have the IP, paste it into the browser. You should get a nice html page, that tells you that nginx is running. So far so good, right?

Now you have to modify the configuration a bit. Type in cd /etc/nginx/sites-available, there is a single file default, which you need to modify with nano. First off, find the line below root /usr/share/nginx/www; . You will need to add support for php files, so type in index.php next to index.html. Leave the remaining line untouched.

Search for a line that starts with pass the PHP scripts to and move down two lines to location ~ \.php$ { . You will be needing this part, so uncomment it by removing the # symbol. Do the same for next line (starts with fastcgi_split_path_info) and the ones below that start with fastcgi_pass unix, fastcgi_index and include fastgi_params. Make sure you do not forget to uncomment the closing curly brace! You need to uncomment the part that denies access to .htaccess files. These lines start with location ~ /\, deny all; and the closing curly brace. For reference, take a look at the sample picture.

install nginx

Save the file by ctr+x and confirm rewriting the file. Restart the service so that the new changes start working. Issue the command service nginx restart. Lets test if .php files are now working. The contents that are displayed on the web are located in /usr/share/nginx/www. Get there and create a sample file with nano test.php.
Type in <?php phpinfo(); ?> and save by ctr+x. Open your browser, put in your ip and new file for example 192.168.1.110/test.php. Recheck if a html page appears with only the IP. That is all for now, you have successfully installed nginx!

How to solder Adafruit Pi Cobbler Kit

I have recently received my Adafruit Pi Cobbler kit, which I will be using for an upcoming project of mine. The pieces themselves might look intimidating to some people, but the whole process is pretty simple and beginner friendly. That is why I decided to write a “How to solder Adafruit Pi Cobbler Kit”.Unpack all of the items from the bags, start by removing the one black long “stick” – these are the header pins. Break it in two 13 pin pieces. There were a few extra pins left in my case, but do not worry about them. Place them somewhere on the protoboard, anywhere will do.

2013-07-01 18.08.43

 

Next off, prepare the PCB and the ribbon case socket. There is only one way of putting it together correctly. Make sure that the indentation is next to the number 21. In my case it was next to 21/27. Yup, just like in the red circle in the image below. Meanwhile, turn your solder iron on, so it gets nice an hot.

2013-07-01 18.09.20

Now the fun part. Turn the whole piece around, so you see the pins that need to be soldered. Go on, start soldering. I recommend using a less thick solder iron that I was using, because it’s much easier to solder.

2013-07-01 18.09.42

After that, take the protoboard from the first step. Place the newly soldered item on the pins. It does not matter which way you put them on. In the final step, solder these pins together and you are nearly done.

2013-07-01 18.29.06

For the final step, connect the Pi Cobbler with the ribbon cable and you are done! It was not that hard, right?

 

 

Page 1 of 2 12