Whispers & Screams
And Other Things

Duplicate element ID's in the DOM

Short post today folks since its Friday :)

I've been developing quite a lot lately using Angular JS and React JS as I'm currently heavily involved with a startup preparing to release a new IoT product. The app is pretty complex with heavy calls to the server side database but that's not what we're going to talk about today. 

One of the things that seem very straightforward when you're building small UX is ensuring you have a unique array of element ID's in your DOM at any given time but, as the complexity increases, then so does the difficulty in maintaining a mental map of the DOM you have at any given time, especially if elements of your viewport are loading dynamically via ajax calls or whatever. 

The downside to having a duplicate element ID may not always be immediately apparent as it is not something that will always push an error to the console. This can result in confusing erratic behaviour from your application and often hours can be lost trying to work out what on earth is going on. 

By the time you eventually get to the bottom of the problem you realise that you've wasted hours searching for something that was ultimately such a basic error. 

So anyway, this happened to me once or twice over recent weeks. Our application loads dynamic data via ajax quite frequently and the issue I faced could sometimes be intermittent. The worst-case scenario.

After the dust had settled, I decided to create a tool for myself that I could use to quickly establish the presence or otherwise of duplicate ID's. This is what I came up with. Simply punch this code into the command line on your browser inspector console and hey presto!

var DOMElements = document.getElementsByTagName("*"), DOMIds = {}, duplicateIDs = [];

for (var x = 0, len = DOMElements.length; x < len; ++x) {

  var element = DOMElements[x];

  if (element.id) {

  if (DOMIds[element.id] !== undefined) duplicateIDs.push(element.id);

  DOMIds[element.id] = element.name || element.id;



if (duplicateIDs.length) { console.error("Duplicate ID's:", duplicateIDs);} else { console.log("No Duplicates Detected"); }

Feel free to use and abuse as you see fit. I hope this helps somebody out there save some hair :). Have a fab weekend.

Continue reading
2464 Hits

Curved Text In Gimp

Photoshop is a pretty well-known piece of software. Indeed its become so well known in the field of manipulating images its transitioned into the catch-all verb to describe the act of artificially changing a photograph. Not so well known, but to all intents and purposes just as powerful as Photoshop is GIMP. GIMP stands for (The) Gnu Image Manipulation Program and one of the best features that place it streaks ahead of Photoshop is the price. It's free.

The power packed into this freely downloadable piece of software is phenomenal. You name it, GIMP can do it. Ok so introductions over, one of the things I get asked about regularly is whether GIMP can create curved text. The answer, you've guessed it is of course yes. Let's take a look at how it's achieved.

 Let's say you have a logo which looks something like this image here on the left. Your friend, who happens to be a Dentist is looking for some help with his website branding and, let's face it, toothy the tooth does look a little isolated over there. So your friend asks if you could help him place some text around the logo to give it some punch. 

The brief is that the words "Toothsome Teeth" need to curve around the top with "Dental Services" on the bottom.

So where do you even begin? Ill explain in the rest of the post.

Continue reading
2536 Hits

Hardening The Joomla Backend

If like me, you manage one or more Joomla websites, you will no doubt be aware of the sorry lack of user friendly documentation and the appalling lack of a powerful native log facility. This seems to me to be an enormous oversight on the part of the developers however it is possible with a little jiggery pokery to get the information you need. 

I noticed recently that there were enormous amounts (1500 per day) of failed login attempts at the default backend URL (site.com/administrator/). This is to be expected of any installation like this however one cannot help but feel uneasy at the incessant minute by minute brute force dictionary attacks rolling by in the log. If your passwords are secure then you'll almost certainly be fine. If your administrator username is anything but admin, you'll be even better. Still I wasn't satisfied and I decided to call in the big guns.

Continue reading
2212 Hits

The Latest Referrer Spam - Semalt and Buttons For Website

So, you manage some websites, you're a fan of Google analytics or even just use a local server log analyser to view your site stats. If this is you then you cant fail to have noticed that your sites have been getting visits lately from referrer bots called semalt.com and buttons-for-website.com. There are a couple of good reasons why you shouldn't ignore this traffic. In fact you should block it from your site and if you're using an Apache web server, which most people are these days, then I'll show you how to do it for yourself.

The Semalt and Buttons For Website bots dont seem to be harmful to websites per-se however their effect on SEO should not be ignored. If your website is getting 50 or 100 hits per month from these things it will affect your overall clocked bounce rate since these bots is always bounce. This will make it seem as though visitors to your site are not finding the material they were looking for and, to the search engines, may decrease the perceived quality of your site and thereby effect your ranking.

It should be noted that Semalt is not your typical bot. Analysis shows that the company uses a QtWebKit browser engine to avoid detection. Consequently, Semalt bots can execute JavaScript and hold cookies, thereby enabling them to avoid common bot filtering methods (e.g., asking a bot to parse JavaScript). Because of their ability to execute JavaScript, these bots also appears in Google Analytics reports as being “human” traffic.

Recently, substantial evidence revealed that Semalt isn’t running a regular crawler. Instead, to generate bot traffic, the company appears to be using a botnet that is spread around by a malware, hidden in a utility called Soundfrost.

“Botnets sometimes compromise computers whose security defenses have been breached and control conceded to a third party. Each such compromised device, known as a “bot”, is created when a computer is penetrated by software from amalware (malicious software) distribution. The controller of a botnet is able to direct the activities of these compromised computers” – Wikipedia

Their Botnet involves hundreds or thousands of computers and too many IP addresses to be able to effectively bloc the crawler via IP Exclusion in Analytics. To see a list of IP addresses associated with Semalt go to this page. It will return a long list of (at least hundreds) of IP addresses associated with Semalt.

Blocking these sites like you would other crawlers/spiders in your robots.txt file may not be effective either since compliance with directives in the robots.txt file is voluntary and those who are running something Black Hat certainly do not care about complying with the wishes of others.

Buttons For Website seems to be very similar in function (alleged to be a spambot/botnet) except that it uses a different delivery method. In this case the Buttons For Website site simply offers a handy sharing tool for you to install on your website. However, by installing the supplied code, you are potentially creating a way for a person to hijack (zombify) the web browser of visitors to your site.

According to one article I found javascript hijacking can also be used for nefarious purposes. Even though the article is about using javascript to create a botnet through online ads the same principle should work just as well with a permanent installation like sharing buttons.

“Adding arbitrary JavaScript to ads is easy to do and in the experience of the researchers wasn’t checked very closely by the ad network. To make it more convenient to change the malicious script, rather than placing the script itself in the ad, they put in the script source.” – NetworkWorld

Semalt And Buttons For Website Blocking

Since potentially both Semalt and Buttons For Website traffic is going to be coming from a large number of IP addresses (Semalt from infected computers and Buttons For Website from visitors to infected sites) the option of blocking this traffic by IP exclusion in Analytics would not be effective. An alternative, which is what I have used successfully on all of the WordPRess sites that I manage, is to block traffic from semalt.semalt.com and buttons-for-website.com in the .htacces file of each site.

To do this you have to have access to the files in the root directory on your web host that make up your WordPress, Joomla or Drupal site and be using an Apache system (most hosting providers do). If you have never worked with the files in the root directory of your site and/or are not familiar with editing the .htaccess file ask your webmaster to do it for you. If you make a mistake when editing your .htaccess file, the result can make the site completely unavailable.

If you are comfortable with editing your .htaccess file then adding the following code to it should block both Semalt and Buttons For Website traffic to your site.

# block visitors referred from semalt.com
RewriteEngine on
RewriteCond %{HTTP_REFERER} semalt\.com [NC]
RewriteRule .* – [F]
# End semalt block
# block referer spam buttons for website
RewriteEngine On
RewriteCond %{HTTP_REFERER} buttons\-for\-website\.com
RewriteRule ^.* - [F,L]
# End buttons for website block

At Rustyice Solutions we use this method to block Semalt and Buttons For Website traffic on many WordPress, Joomla and Drupal sites that we manage and so far it has resulted in the total elimination of all traffic from these two sites from all of the managed websites. If you do not have a webmaster and are seeing traffic from these sources to your WordPress website we will be happy to help you with the problem. Contact me using the contact form on this site (Click Here) and I will be happy to help for a very small fee.

Continue reading
1346 Hits