GreyMatter: Logware |
home |
About the Cookbook
Note that these are really configuration recipes, code changes are considered 'developer talk' and should be restricted to the forums.
Configuration Recipes
Solution: This can be prevented by telling your webserver not to show certain files. Put the following in a file called .htaccess in your 'archives' directory:
<FilesMatch "\.cgi"> Order Deny,Allow Deny from all </FilesMatch>This can also be put in your '<Directory> definition in your httpd.conf file.
Discussion: This prevents anyone from viewing/executing .cgi file in the specified location. This Microsoft Knowledge Base article seems to support the idea that IIS will obey .htaccess files with some caveats.
Solution: GreyMatter comes with the javascript to do this, however, it isn't "hooked up" so to speak. A little template modifications and you are good to go.
First make sure that you have the cookie code variable ({{cookiescode}}) in your Entry Page Template templates (which the standard templates that ship with GM do).
Add these lines to your "{{entrycommentsform}} Posting Form" template:
<SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript"> <!--// document.newcomment.newcommentauthor.value = getCookie("gmcmtauth"); document.newcomment.newcommentemail.value = getCookie("gmcmtmail"); document.newcomment.newcommenthomepage.value = getCookie("gmcmthome"); document.newcomment.newcommentauthor.focus(); //--> </SCRIPT> <input name="bakecookie" type="checkbox" />Save Info?<br />
This goes nicely just in front of the 'Reset' button.
Lastly, modify your submit button to call the 'setGMcookies' javascript function. In your "{{entrycommentsform}} Posting Form" template change:
<input type="submit" value="Submit" class="button" />to:
<input type="submit" value="Submit" class="button" onClick="javascript:setGMcookies()" />
Discussion: As features have been added, not all of them have been documented, particularly with the powerful template system that GreyMatter has. This recipe doesn't require any code modification, yet it is able to significantly enhance the user experience. If every template configuration were absorbed into the code, GreyMatter would quickly become unusable.
Solution: This can be done with simple template trick. You have to
have the avatar image named with the author name (caps have to match) and then
in your entry template:
<img src="{{authorname}}_avatar.png" />
Discussion: While this could be a feature, its really the domain of the templates to determine how the site looks. This is a perfect example of the power of GreyMatter, that the templates can be used to solve this problem. Instead of creating a specialed Template Variable.
Solution: Add these lines to your header template (or to whatever
template will print them on all pages (or just your comment page). Place these
lines somewhere withen your <head></head> tags:
<meta http-equiv="expires" content="31 Dec 2000" /> <meta http-equiv="CACHE-CONTROL" content="NO-CACHE" /> <meta http-equiv="pragma" content="no-cache" />
Discussion: More than likely, your browser is cacheing your page on you, although sometimes its a server doing the cacheing. Page cacheing is when you don't see the current version of the page because the computer trying to save time. The lines above make it clear that the page should not be cached. You can also force your browser to show the most current page (usually) by reloading the page will holding down the shift key.
Solution: Put the {{entrysubjectstripped}} (or just {{entrysubject}} if you don't have HTML in your subject lines) field in the <title> header of the entry pages--that way each blog subject is listed on the page so the search engines can see it. It works well for Google and the standard GreyMatter template file come configured this way.
However, you may wish to actually put "My Weblog: {{entrysubjectstripped}}" in the title tag so that your site identity is not lost. While it may seem obvious, its always good to tell your user where what site they are on.
Discussion: Although Google's page ranking algorithm is complex and works off of linking between pages, this is definitely a good way to give more information to your users and any search engine.
Solution: Two things.
1) Disable in configs and Rebuild site.
2) Alter Entry Archive templates so that {{entrycommentsform}} is not displayed.
Note that removing the template does not prevent someone from maliciously
submitting a comment (its tricky but possible).
Discussion: GreyMatter will check the configuration file to see if comments should be allowed, even if the form isn't present on the html page. That means that a hacker cannot try and post comments if you have them turned off. Note that if you turn off comments but do not rebuild your files you will still see the comment form displayed.
Solution: Try to see if you can find commonanlity in the various i.p.s and you may be able to ban a range of them. For example if you noticed that you have already banned ips 10.0.0.12 and 10.0.0.19 you could enter into the Banlist 10.0.0.1 and you would ban 10.0.0.10 - 19. However, you may be banning legitimate viewers of your site.
Additionally you may feel certain goegraphic regions do not need to see your site, all arguments aside, if you lookup the i.p.s and see the 90% of your spammers are coming from say, Indonesia, you could ban the range of i.p.s that correspond to that group. Try doing a google search for more information about i.p. and global goegraphic location.
Discussion: We are at the mercy of the webserver to tell us the i.p. of the request (through the REMOTE_HOST environment variable. However, the webserver can be 'fooled' and given a bad i.p. (google: ip spoofing) also those users that use dialup or non-premium dsl/cable usually do not have a static i.p. (companies love to charge for this convienence). This means that banning by ip is usually ineffective to prevent spammers, but can usually be usefull against nuisance users (most work places will be using static i.p.s) and if you notice a patter you could ban a range of i.p.s.
Note that banning by IP can block legitimate users from your site. Spammers can 'hijack' i.p. addresses by using i.p.s that they don't own, and if you block that address, you may end up blocking someone who isn't really a spammer.
Solution: The look and feel of a GreyMatter site is controlled by the template settings, stored in the gm-templates.cgi file. If someone gives you their templates file, rename your own to save it, then upload the gm-templates.cgi file.
Discussion: Though it would be easier to be able to switch between themes, its not impossible to share them. A future enhancemnet for GreyMatter is to support multiple themes that can be more easily shared, installed, and switched between.
Solution: All the emoticons are stored in the emoticons directory. A Google search for free emoticons will bring up quite a few sites. Once you have found some you like, simply upload the new ones your server and change the 'Emoticons' path in your configurations. NOTE that you will have to rename your new files to match the old ones, you might even have to resave the emoticons to a new file format.
Discussion: Emoticons are somewhat theme related and it might be easier if they were more closely related. However, it is not a simple task and thought is being given to this issue.