Blog - 4

It seems that out-of-the-box Serendipity does not support X-Forwarded-For -header. It means that any proxy in between loses original client information.

Here is my suggested patch to fix the issue:

--- serendipity/include/functions_comments.inc.php.orig 2013-01-25 14:10:03.058973150 +0200
+++ serendipity/include/functions_comments.inc.php      2013-05-14 11:34:35.302389894 +0300
@@ -782,7 +782,13 @@

     $title         = serendipity_db_escape_string(isset($commentInfo['title']) ? $commentInfo['title'] : '');
     $comments      = $commentInfo['comment'];
-    $ip            = serendipity_db_escape_string(isset($commentInfo['ip']) ? $commentInfo['ip'] : $_SERVER['REMOTE_ADDR']);
+    $ip            = serendipity_db_escape_string(isset($commentInfo['ip']) ?
+                        $commentInfo['ip'] :
+                        (
+                            isset($_SERVER['HTTP_X_FORWARDED_FOR']) ?
+                            $_SERVER['HTTP_X_FORWARDED_FOR'] :
+                            $_SERVER['REMOTE_ADDR']
+                        ));
     $commentsFixed = serendipity_db_escape_string($commentInfo['comment']);
     $name          = serendipity_db_escape_string($commentInfo['name']);
     $url           = serendipity_db_escape_string($commentInfo['url']);

This works on 1.6.2 and 1.7.0.

Looks like running a blog has surpassed e-mail as the means of conveying spam. I wrote earlier about lot of automated comments, but the freemason idiots seemed to stop as they realized that their valuable information is not getting posted.

It does not mean, that I was left alone. Couple of other idiots started the same thing and I had to do something to stop their stupidity. So, I created a personal account at Akismet, there are plenty of information about them and most of the comments are about how using their service stops the spam flood completely. Luckily Serendipity supports Akismet's service out-of-the box and the setup was very simple.

Looks like, they're doing the same thing for blogs as SpamCop is doing for e-mail. And that is, essentially grinding spamming to halt. SpamCop have proven their value, it remains to be seen how effective Akismet actually is.

I got bunch of automated comments to this blog. The comments were very generic about "how great this blog is" and "how fast the site loads", blah. blah. I typically check the moderation box for my blog entries, so they were just hoping to get automated publicity. In my case I just deleted the crap.

The idea of this spam-campaign was to distribute links to freemasonrysecrets.com

WTF?! Who cares about that?

The out-of-the-box experience was ok, but I wanted this blog not to look like just out-of-the box.

There are plenty of nice looking ready-made templates for Serendipity at http://serendipity-templates.org/. I just picked up one that will "catch the eye". I'm expecting comments like "whoa! what's that brown thing". Definitely not eye candy, but not too ugly.