I cleaned out the site IP blacklist over the weekend.

This removed the many thousands of IP addresses that had been blocked since I initially implemented some anti-spam safeguards several years ago.   Lets see what builds up from here.

There are currently three ways to have your IP address automatically banned:

1. Comment Spam   I'm currently checking inbound comments against a blacklist of banned keywords (Mostly various penis pills and prescription drugs).  
2. Forum Spamming  This site runs on PhpNuke and does not have the forum module enabled.  This doesn't seem to stop the multitude of automated robots that attempt to post things there.  Accessing any of the forum modules or forum admin modules (none of which are linked from the rest of the website) will get the offending IP banned.
3. Bad Robots  There are several places on the site where I've included a small invisible link to a dummy webpage.  This link is marked with all of the appropriate markers to keep legitimate robots away from it.   Any robot that does index it is immediately banned.

The links take you to the current lists of banned IPs. 

Update:  A few thousand blocked requests since yesterday.  There seems to be a single libwww-perl based botnet doing the forum spamming.  The comment spam also seems to be coming from a single source and is following its standard pattern of picking out a single page and spamming it exclusivlty for a day or two.

I added 1 additional safeguard.  There is now a mod_rewrite check to block requests that contain "http:" in the URL or query string.  This blocks a http injection attack that is attempting to spam for a russian chat website.

Update 2:  Now also blocking POST requests with no referrer via mod_rewrite.  You'd think the spambots would at least populate the referrers, but many don't.

Update 3:  Replaced the comment keyword checking with a call to Akismet.  That seems to be working quite well.

Update 4:  Akismet has been successful in blocking 100% of the spam with no false positives thus far.  I've gotten comment spam from 500 unique IP addresses in the past week.  The forum spammers seem to be isolated to a dozen IP which were all picked up and blocked in a day or two after implementing the above check.

Update 5:  A new botnet started getting through Akismet so I added some new hidden form fields validation to the comment page.  One I'm expecting to be blank and the other I'm expecting to have a specific value.  Still have Akismet in there if it passes these 1st 2 checks, but so far this has been 100% effective and nothing has made it to the Akismet layer.

Time once again for the yearly review post.  I didn't get much hiking done in '07 so reviewing this year seems a bit like a band releasing a greatest hits compilation after only a single album.  I'm planning on working much less and hiking much more in 2008.

2007 Highlights

Back on the horse- Return to Yosemite Valley for a successful reattempt of the route I had been doing when I broke my ankle:

Sierra Point and Liberty Cap, Yosemite

My first and second 30 milers since breaking my ankle:

   
Ventana Double Cone, Ventana Wilderness  &  Buena Vista Pass, Yosemite

Most viewed pictures of 2007

2007 was a freak year for Half Dome fatalities and this picture of the cable route got linked from a number of discussion forums on the events

Half Dome from Clouds Rest, the previously reigning top photo

Waiting for Yosemite SAR after breaking my ankle back in 2006

Half Dome from the Clouds Rest Summit. 

Most viewed albums of 2007 (2006 rank)
Only one album from this year cracked the top ten

1. Clouds Rest and Half Dome (3)
2. Pico Blanco (1)
3. Broken Ankle (2)
4. Kaiser Peak (10)
5. Emigrant Wilderness Backpack (4)
6. Lost Coast Backpack 2003 (9)
7. Ventana Double Cone 3x (new) 
8. North Dome (-)
9. Lost Coast Backpack 2005 (-)
10. Hetch Hetchy Waterfalls (8)

- Top referers were Google, Yahoo, and Microsoft
- Top non-search engine referers were Tom Mangin's Two Heel Drive (thanks Tom), Summitpost, and the VWA forum.
- Top search engine key phrases were "clouds rest", "fedak, lost coast trail", john fedak, and kaiser wilderness.

Traffic to fedak.net came in at ~250k page views- flat with the prior year for the first time in the site's 5 year history.  This was probably partially due to the lack of new content in the latter half of the year, a honeypot that I implemented, and a gradual shift to people using the rss feed.  Non-human page views added another 344k, up substantially from the prior year.

As some of you have noticed, the site has been down for the past few days.  I've been tending to the long overdue task of upgrading my home server.  (If you're here looking for my latest backcountry outing, you should probably skip down a post- this is going to get geeky)

The upgrade was more of a strip-and-rebuild, as I only kept my case, DVD drive, and one of the IDE drives from my current system.  The remaining parts are going to be reassembled into a PC for my brother.

Here's the pile 'o parts prior to unpacking everything:

The new stuff included the following:

Asus P5N32-E SLI Motherboard: nVidia 680i chipset.  The tagline on the box touts this product as "Heart Touching", witch seems a bit unlikely
Intel Core 2 Duo 6600:  My first Intel chip this decade.  Nice to see them finally producing something price/performance competitive with AMD
2×500mb Seagate Barracuda 7200rpm SATA drives:  Amazing how cheap a terabyte is these days.  Arranged the disks in a RAID mirror, so the 2nd drive is effectivly a backup.  Carried the 250mb IDE drive over from my old server
2×1G Corsair XMS 800mhz DDR26400 RAM:  One of these sticks turned out to be bad and I'm having it replaced
PC Power Silencer 750w Power Supply:  Old supply didn't have the SATA and SLI connectors and was a bit underpowered.
EVGA 8800 GTS Video Card
Arctic Cooling Freezer 7 CPU Heatsink
Soundblaster XFi Fatal1ty Soundcard
Microsoft Windows Vista Home Premium (System Builder Edition)
Logitech MX3200 wireless keyboard/mouse

Everything stripped out of the old system (including an alarming amount of dust) and the new power supply and motherboard mounted:

Getting ready to install the CPU and heatsink.  SATA drives now installed. The SATA cables were much easier to run than the IDE connectors.  I would have to remove one of the two IDE drives, as the motherboard only came with a single IDE port.  I went and got a new cable so I could connect both the DVD drive and the remaining IDE drive to the single IDE connection- the standard cable wouldn't reach both at the same time. 

First boot of the new system. Graphics card now installed
(initially forgot to run the SLI power line to the graphics card)

The Vista upgrade took a bit longer than the hardware- much of the software I'm running isn't quite compatible with Vista yet.  (Not terribly impressed with Vista at the moment, and wondering if I should have just stuck with XP) 

Anyhow, things should now be back up…

Looking through the server logs as another year draws to a close:

Highlights:

• fedak.net had 267k user page views in 2006.  This was an 18% increase over 2005.
• Robot page views increased a whopping 58% and now account for half the overall site traffic
• 40k access attempts were blocked from IP addresses of known spammers
• RSS readers now account for 6% of the site traffic
• Google generated 17,000 referrals to the site, Yahoo 1,700 and MSN 277
• June was the busiest month, Mondays the busiest weekday, and noon is the highest traffic hour

Most viewed individual photos:

1. Pico Blanco Map  (frequent comment spambot target)
2. Lake Wilma Trailsign (another spambot target)
3. Half Dome Cables (linked to from the Whitney Portal Store board)
4. My Broken Ankle (sigh)
5. Tents near Guitar Lake (linked from a tarp tent thread on Backpacker.com)
6. Clouds Rest/Half Dome from Clouds Rest 
7. Emigrant Backpack Map
8. Half Dome from Clouds Rest
9. Hetch Hetchy Backpack Map
10. Broken Ankle Splint

Most viewed photo albums:
(Curiously, with the exception of my broken ankle album none of these were from 2006) 

1. Pico Blanco (1709 views)
2. Broken Ankle (1531 views)
3. Clouds Rest & Half Dome (1221 views)
4. Emigrant Wilderness Backpack (968 views)
5. Hetch Hetchy Backpack (804 views)
6. Mount Dana (780 views)
7. Ventana Double Cone (710 views)
8. Hetch Hetchy Waterfalls (703 views)
9. Lost Coast Trail (687 views)
10. Kaiser Peak (679 views)

Top key phrases from search engine referrals:

1. fedak 
2. clouds rest
3. lost coast trail
4. kaiser wilderness
5. john fedak
6. wapama falls
7. junipero serra peak
8. chilnualna falls
9. cloud's rest
10. ventana double cone

29,535 page views in July, down from the 34,500 record set in June.  On the 20th, I installed Bad Behavior which was partially successful in blocking some of the spambot traffic that I've been geting.  It blocked 1,100 access requests between 7/20 and today.

The most popular pages were the same as last month:  The RSS feed, the backcountry page, the blog, the homepage, and the guestbook.
The most accessed photo albums were My Broken Leg, Clouds Rest/Half Dome, Emigrant Wilderness Backpack, Mt Dana, and Pico Blanco.

 Top search engine keywords were:  clouds rest, kaiser wilderness, emigrant wilderness, sierra point yosemite, and fedak.

June was a record traffic month for fedak.net.  The site got 34k non-search engine page views which handily broke last September's record of 26k. 

At least some of this traffic pickup is due to a spambot attack that is repeatedly attempting to leave comment spam in the guestbook.  The attackers appear to be using a distributed bot net so IP banning has been ineffective in stopping it.  Instead, I've modded the guestbook code to silently ignore comments with multiple URLs.  This hasn't stopped the attempts, but it at least saves me from having to remove dozens of spam comments every morning.

Pages:
- The most popular pages were the usual suspects:  The RSS feed, the backcountry page, the blog, the homepage, and the guestbook.
- The most popular photo albums were My Broken Leg, Celerity PGE Project (thanks to the buzzboard link), Pico Blanco, Hetch Hetchy Backpack, and Clouds Rest.

Referrers:
- Google was the top referrer, followed by Google Image Search and Yahoo Search
- The top search engine phrases were:  clouds rest, wapama falls, mount dana, lost coast trail, and fedak

Thanks for visiting everybody.

When someone links to my photo album, its usually from an outdoor related site and I'll typically get a couple dozen or so referrals in my access log. 

On Saturday, someone dug up this 5 year old photo of Bryce and posted it to the Buzzboard.  The Buzzboard seems to be quite popular as I've gotten several hundred referrals from the posting. The forum and and the parent Haircut Site are both rated PG, but one gets the feeling that the folks are a little too into the topic.  (Particulary the "haircut action" movie guide)