The European Caper

Our apartment,
Giovinazzo, Puglia, Italy.

This Blog now allows Comments!

Golly Miss Molly… I've finally finished the beta version of the website Comments feature and it is now available throughout the site (i.e. there is now a link at the bottom of most pages that says "Make a Comment"). Probably not exciting for anyone else, but I've been struggling to get this done since before we left Sydney, so I feel very accomplished.

This is going to be another one of my nerdy posts (as if the initial 3 word exclamation didn't give that away), so please feel free to tap or click the stamp above, to move onto something more interesting... And, while you're visiting the site, if you want, maybe you could try using the Comment link at the bottom of an appropriate page to say hello. Just an option... (and if you have any problems with the functionality, please let me know - although you may hear the sound of me pulling my hair out on the other side of the world.)

So the biggest problem was actually getting time to do any coding. I need to get into the right head-space, and while travelling and social commitments make that difficult, Eleanor makes it totally impossible. Fortunately, now that we're settled in an apartment for several weeks, Costanza has been taking Eleanor out for some play-dates with her n'th degree cousins and her grandparents have also been looking after her a couple of times a week. So, I've had a few days (and late nights, now that I've caught up on my sleep) to code.

Why I wrote my own CMS

I decided to write my own CMS / Blogging software because I had been getting frustrated with the alternatives. The simpler ones (Tumblr, Blogger, Wix, etc) didn't give me the freedom I wanted, and so I've mostly been using installed on my various sites (for those that don't know, the blogging site is a multi-user implementation of the software, made available for people who don't want to install and maintain their own version). I'm incredibly impressed with the complexity of WordPress and the combined co-operational effort of thousands of programmers that goes into developing and maintaining it. However, because it is so complex, it took all my time trying to keep track of the plugins I was using. Just when I'd get a website working the way I wanted, one of the essential plugins or theme components would be discontinued, and I'd have a mad rush trying to get things back the way they were. (During the 12 months after Eleanor's birth, many of my sites developed issues and potential security breaches, because I just didn't have time to keep on top of the regular plugin updates and associated cross-system implications.)

So, because WordPress was already taking up so much of my time, I had the stupid idea of writing my own CMS from scratch. I really didn't expect to do more than write a back-end for some of my most rudimentary sites, but somehow I just kept going, and much to my surprise, ended up with this blogging site, which I'm actually quite proud of. It's still held together with string and gaffer tape behind the UI, but it actually seems to be working (he says with fingers crossed – please send me an email if your experience with the website has been less than successful).

A photo from our trip
My admin interface for moderating comments is basic, but it does the job.

Don't get me wrong: my advice to most people would be to use an established system (and WordPress really is very good). However, because I just happen to have some abilities within a certain set of skills, and more importantly, actually enjoy tinkering with this sort of thing, it was right for me. Why struggle to keep up with a vague understanding of how my WordPress sites worked, when I could write my own system and know it inside out (at least until I look back at some old code and kick myself for not having written more thorough comments and documentation)?

My take on the Security Implications

Of course the big question is security, and only time will tell whether writing my own code has opened up my server to all manner of security breaches...

WordPress has several security plugins, plus it's own security measures, all maintained by a host of people with far more expertise than me. Corporate websites are likewise maintained by whole departments of people. Facebook, Google, etc, spend billions on protecting their websites. How can I even think of doing it all myself?

On my side of the equation, I have:

  1. Anonymity – Who would even know my websites exist, with their estimated readership of three?
  2. Novelty – I would assume that the experts working at the big companies all follow similar methods for securing their sites (probably taken from several schools of thought prominent in books and educational facilities). On the other hand, my home-spun systems are no doubt vastly inferior, but there is presumably an infinite number of ways for my system to be inferior, as opposed to someone assuming it must follow a typical formulae. (Is it naive of me to believe that someone thinking "there's no way they'd have secured the site using this method, I won't bother checking" is a valid form of protection? Probably, but hopefully it will at least present a minor hurdle.)
  3. Lack of reason – Why spend time breaking into my site (which I, possibly over-optimistically, assume would take at least some minimal effort), when there is little to be gained?
  4. And again, lack of reason – There really is little reason to break into my site, so what do I have to lose?

It's worthwhile breaking into a corporate system because they are likely to have data that can be used for other purposes (e.g. get someone's date of birth for identity fraud, get someone's mother's maiden name for breaking past those ridiculous "personal questions" that have become fashionable in security circles, get someone's password for a minor site, because they just may have used the same password for their bank account). It's worth spending time breaking into a popular CMS system, because once you can get into one implementation, you may be able to break into them all (e.g. WordPress apparently has more than a billion websites running on its code).

My main concern is that someone could take over my site and use it as part of a Bot network (anyone want to help elect a President?). So, I spent most effort trying to protect against that sort of thing, strengthening any element of the site that has user input (e.g. comments and the contact form) to the n'th degree. And of course, my hosting provider also has its own methods for protecting its servers (which presumably includes kicking me off their system if my code causes them too many headaches).

So, to side-step these issues, I avoid having anything that's worth accessing on my site. Things such as:

  1. It would be handy to let people log-in for additional privileges and access, but then I would have to be certain I could protect their email addresses and passwords, in case they use the same credentials on more important sites.
  2. It would be nice to send people a notification when their comment had been approved or a reply added, but to do that, I would need to store their email address. (The "Contact Us" form requires a return email address, but this is used immediately and not retained by my website system.)
  3. There would be some benefits to having a hugely popular site, with a readership in the thousands, but I have decided not to do this because (a) it would make me a target for criminal advertisers and virus writers wanting to hijack my front page, and (b), perhaps more pertinently, I have no idea how to create such a site.
  4. It would be nice to use Cookies to keep track of visitor interaction with the site, but because of the (arguably excessive) EU rules and paranoia about Cookies, I've found it easier to do without them.
  5. Likewise, it would be nice to use Google Analytics to track site usage, or Google advertisements to pick up a few cents commission, or the various "like" and "share" buttons available to encourage interaction with social media sites; However, the third party code for these widgets, badges, etc, all require various degrees of JavaScript and Cookie usage. I trust these companies to do the right thing, but their code will slow down the display of my web pages and means that my sites use the "dreaded" cookies (not that most other sites don't). So, I've found it easier to do without Google, Facebook and Twitter's free offerings of widgets.

For my own access to the site, I do require a few password type log-ons, but unlike the commercial sites, I can have my code automatically shut-down the site (or at least its interactive features), if anything dodgy appears to be happening. No need to ask people to provide a 20 character password with upper and lower cases in three languages, while standing on their heads, if I can just block the username after 5 incorrect attempts.

So, I'm reasonably confident that there is no user data to steal from my site, or ways the site can be used to spam or DDoS other sites.

My third and least concerning security issue, is whether the site's interactive features can be used to spam me personally (through the hard-coded admin email address). I haven't figured out a way to entirely stop me getting spam (no more than I have managed to stop telemarketers phoning me), but I have implemented some strategies to minimise junk messages.

My original "contact us" page included all sorts of overly complex methods to make it difficult for bots to continually send me messages. However, most of them were never used, presumably because no bots bothered with me. Most attacks seem to be targeted at the popular third party contact forms, rather than custom jobs.

So, for the comments form, I dropped the IP address message count (aimed at identifying a clearly non-human rate of message sending), and the blacklist data file (for tracking dodgy IP's), and a few other features aimed at identifying an automated sender. The amount of processing going into weeding out flooding by bots, seemed more likely to overload the site, than just letting them have their way.

Now anyone or anything can submit a form, and I rely on just the basics for defense — A simple CAPTCHA check (which is home spun, and hopefully fools the bots who are expecting the standard ones), an easy way for me to delete anything that does get through (very little to date) and an automated shut-down of comments and/or the contact form if the site starts getting a suspicious rush of activity.

As an additional advantage, my own dedicated code runs a hell of a lot faster than the (necessarily bloated) all-things-to-all-people WordPress core, with multiple plugins.

Anyway, I guess that was just a way of documenting the reasoning behind the Comments and Security aspects of this and my other websites. In the extremely unlikely event that anyone other than me actually reads the above, please feel free to share your thoughts. I would be more than happy to have any of my assumptions corrected or shot down, but please use the new Comment link below, rather than breaking in and plastering your views across the homepage. ☺