Advertisements

Posts Tagged Joomla

Drupal and Yourls

Actually, this should work with any CMS supporting PHP code blocks: Drupal, Joomla, WordPress (with a  plug-in), phpBB, etc. Has been tested working with Drupal 6, Joomla 1.5.

You’ll want to replace YOUR-YOURLS-DOMAIN-HERE below with the actual YOURLS domain, and API-SIGNATURE-HERE with the API key found at your YOURLSDOMAIN/admin/tools.php.

<?php
if ( isset($_REQUEST['url']) ) {
$url = $_REQUEST['url'];
$keyword = isset( $_REQUEST['keyword'] ) ? $_REQUEST['keyword'] : '' ;
if ($keyword) { $keyword = '&amp;keyword='.$keyword; }
$return = file_get_contents('YOUR-YOURLS-DOMAIN-HERE/yourls-api.php?signature=API-SIGNATURE-HERE&amp;action=shorturl&amp;format=simple&amp;url='.urlencode($url).$keyword);
echo <<<RESULT
<h2>URL has been shortened</h2>
<p>Original URL: <code><a href="$url">$url</a></code></p>
<p>Short URL: <code><a href="$return">$return</a></code></p>
RESULT;
} else {
echo <<<HTML
<h2>Enter a new URL to shorten</h2>
<form method="post" action="">
<p><label>URL: <input type="text" name="url" value="http://" size="50" /></label></p>
<p><label>Optional custom keyword: <input type="text" name="keyword" size="5" /></label></p>
<p><input type="submit" value="Shorten" /></p>
</form>
HTML;
}
?>

The idea was based off this post, which I could never get to work for me. It always had a PHP error, and it depended on having Drupal and Yourls installed on the same site. The above code will work even if the installation is remote (on a different server). It only requires that you’re able to get an API key.

Feedback is welcome.

Advertisements

, , , , , ,

Leave a comment

Beware of poorly-written CMS plugins.

CMS systems like WordPress, Drupal, Joomla, etc are rife with plug-ins and modules you can add for extra functionality, but it’s really hard to tell the load that some of those add-ons place on your system and database. When you want to have a website that won’t collapse under load (or take the server down with it) it’s important to have well-written plug-ins. Many times we install things assuming without knowing the impact they can have. Especially in the case of shared hosting where everyone shares a server, it’s important to play nice — or face the possibility of having your hosting account suspended because you put too heavy of a load on the system.

I got to experience both sides of this first hand. Some time back I had my Drupal site hosted on my own machine. In searching for a decent chat room, I found the Drupal chat room module. It was easy to install and set up, and I had a few friends joining in to give me feedback on it. After 3 or 4 people joined, it started to get really laggy. I took a look at the server and saw that it was literally drilling a hole in the SQL server. The amount of queries and load that it was producing was just unbelievable. So I disabled it. Lesson learned.

Last night while I was making some changes here, I noticed a lot of issues with pages taking forever to load, lost connections to the MySQL server, etc. Since I’m on shared hosting, the first thing I thought of was “maybe the server is having an issue?”

So I checked server status: Nothing.

I let it go and kept making edits to my pages, but noticed the problem was getting worse instead of better. I checked server status again; nothing. I thought: There has to be a problem somewhere. So I looked through my cPanel and found an icon that I thought might give me a clue: CPU Throttling.

What you see below on the left side of the red line is what I saw (I took the screenshot 15 hours after I started working the issue so I would have a clear before-and-after).

BlueHost uses a unique CPU throttling approach, not primarily to control CPU/RAM usage, but to control scripts which pound on the SQL database and make time-consuming queries. If the database gets pounded too hard, it becomes a major issue for everyone on the server. So they throttle access to the database for load spikes, and that keeps everyone happy. They say that a throttle of 500 sec/hour is acceptable, and you shouldn’t see any slowdown from it. Obviously my problem was way beyond that.

I was obviously having an issue with some script, and it needed to be fixed immediately. Since they make log files available to you for “Slow SQL queries”, I took a read through them. I saw here and there 1.3, 1.5, 1.8 seconds… not terrible. Then I saw the issues. I had SQL queries that were running 3, 4, 5, 6, even up to 8 seconds each. You know what? It wasn’t even this site. It was the feeds module I had added to another site.

So I weighed the benefit I was seeing to the site (which was zero) and went ahead and started purging the data and disabled the modules. This took a few hours (because of the already throttled connection state), and when I was done I let it idle for an hour and made sure I was no worse off than before I had started. It was nearly 3am, so off to bed I went.

I woke up this morning and immediately checked the CPU throttling chart. Not only was I under the 500sec/hr target, I was less than half of it.

screenshot-1

The worse part of this is that I was almost never aware of the issue. It wasn’t until I stated making bulk edits that I noticed there was a problem.

This does happen to be a system that only BlueHost offers. My only request might be that I could have gotten alerted via email when the load spike shot up so I could have been aware of the issue rather than having to find it out myself. But in any case, I saw it, I took care of it, and all is well.

Have an experience with a script that negatively impacted your CMS or server platform? Please share it below…

, , , ,

Leave a comment

Captchas, Anti-spam services, and Bad Behavior

I run this WordPress blog as well as a Drupal-powered forum site and one of the biggest challenges that any webmaster can have is controlling spam — both in comments and user sign-ups.

I used to rely heavily on captchas, and I’ve gone through several captcha and non-captcha systems to try to find the “ideal” solution: One that cut the spam down to nearly nothing as well as not putting too much of a burden on the legitimate users (as to possibly deter them from participating on the site).

Here’s what I’ve tried, and what I’ve learned in the process:

reCAPTCHA (WordPress, Drupal): This service aims to stop bots and spammers by presenting two words.

Pros: As a side effort, the service also aims to help digitize books by using the legitimate users to correctly identify one of the mangled words provided. Also has a feature called “reCAPTCHA Mail Hide” to hide email addresses behind a captcha to keep them from being harvested by web bots.

Cons: reCAPTCHA has one distinct weakness: Only ONE word needs to be correctly entered to pass the captcha. Additionally, at least one implementation has a weakness making the captcha worthless.

Mollom (WordPress, Drupal, Joomla) : Mollom is a text analysis service with a captcha fallback.

Pros: Aims to be unobtrusive. Does not present the user a captcha unless textual analysis cannot be performed or appears to the service to be a spam submission. Captchas are “cleaner” looking than other services (less visual distortion). Audio captchas.

Cons: Limitations on the free service, and does not scale well. Free service only allows 1,000 legitimate posts per day, then it’s 30 EUR/mo/site. (Around $50 USD). No service uptime guarantee with the free service.

Akismet (WordPress, Drupal) : Akismet is a non-captcha anti-spam service that does textual analysis (similar to Mollom) except completely without the aid of captchas.

Pros: Comes installed on all WordPress.COM blogs by default and needs no configuration. Powered by, and maintained by Automattic, the same team behind WordPress and Gravatar. Suspicious submissions are placed in a moderation queue for the administrator to manually approve, with the option to automatically expire (delete) them after 30 days or so. Easy setup via an API key.

Cons: Akismet weighs input the same across all Akismet-protected sites. This means that someone who submits a comment on an Akismet-protected blog that gets flagged as spam would get the same treatment on an Akismet-protected forum (and every other Akismet-protected site for that matter) until enough comments get marked as false positive for the system to re-learn the user is not a spammer. I had a user that got hit by this false-positive treatment the first day I implemented Akismet on another site and it became a hassle. When I enabled Akismet on this WordPress site, his comments were still getting flagged as spam. That’s a serious issue for me. (Akismet FAQ)

Defensio (WordPress, Drupal, Facebook) : Similiar to Akismet, weighs each source seperately, and offers Facebook protection as well.

Pros: Defensio is a service similar to Akismet, but weighs content from each website (blog, forum, etc) separately to avoid mistakes. You register each web property you want protected and obtain an API key for each. Slow to learn at first, but avoids false-positive/negative and cross-property disasters like I mentioned above with Akismet. This service is a favorite of mine. Additionally offers profanity / file link protections, as well as customizable filters. (Link)

Cons: Slow to learn at first. Might require you to manually flag content until it learns. Currently free, though they mention possibly charging for the service in the future for commercial users.

Bad Behavior (WordPress, Drupal, Joomla) : Not a captcha or textual analysis service at all, takes a completely different approach

Pros: Filters access at the http level, by blocking proxies, historically abusive IP addresses, suspicious user-agents, and malformed requests. Cuts down on bandwidth, spammers, users who are accessing site content through known proxies, etc. Conserves server bandwidth and resources, as pages are not served up at all when a block is performed. No training required.

Cons: It’s possible that a number of users whose ISPs force proxies may be blocked, but I have not seen evidence that this is happening on my sites.

So there you have it. Personally, I use a combination of Bad Behavior and Defensio on my sites, and I’ve seen a big drop in the amount of spam.

Have experience with one or more of the above? Please share it!

, , , , ,

Leave a comment