BerkeleyLUG site/WordPress migration
5 views
Skip to first unread message
Michael Paoli
Aug 28, 2019, 9:07:49 PM8/28/19
to BerkeleyLUG
So, ... not quite done yet 8-O ... I was theoretically to be
done/completed by 2019-08-27T09:53:17Z[1]
But getting fairly close :-)
In "worst case" scenario, I could always migrate/"promote"
what I've got so far.
One may "preview" it here (not the permanent URL, and that (sub-)domain
will get removed in the relatively near future):
https://temp.berkeleylug.com/
Some of the more notably various remaining issues:
The import causes everything to be attributed to (authored by) one user,
... well, at least pages, looks like comments may have their proper
original attributions. Theoretically on import, one should be able
to (re)map users from import to users on site being imported too,
but I don't seem to have gotten that to work or work fully.
Comments aren't displaying who posted the comment.
Missing the tux logo being displayed on page headers.
I need to properly configure email sends (it semi-works
at present, but may very legitimately get rejected by mail
servers that are persnickety about spam and proper sending best
practices).
Footnotes/references:
0. https://lists.balug.org/pipermail/balug-admin/2019-August/000998.html
1. https://www.wiki.balug.org/wiki/doku.php?id=berkeleylug:digital_resources
"per earlier communcations, intending to migrate of the WordPress.com
hosted by 2019-08-27T09:53:17Z (that would be 6 months after
Michael Paoli was notified of having been granted admin access for the
BerkeleyLUG site on its WordPress.com hosting)."
done/completed by 2019-08-27T09:53:17Z[1]
But getting fairly close :-)
In "worst case" scenario, I could always migrate/"promote"
what I've got so far.
One may "preview" it here (not the permanent URL, and that (sub-)domain
will get removed in the relatively near future):
https://temp.berkeleylug.com/
Some of the more notably various remaining issues:
The import causes everything to be attributed to (authored by) one user,
... well, at least pages, looks like comments may have their proper
original attributions. Theoretically on import, one should be able
to (re)map users from import to users on site being imported too,
but I don't seem to have gotten that to work or work fully.
Comments aren't displaying who posted the comment.
Missing the tux logo being displayed on page headers.
I need to properly configure email sends (it semi-works
at present, but may very legitimately get rejected by mail
servers that are persnickety about spam and proper sending best
practices).
Footnotes/references:
0. https://lists.balug.org/pipermail/balug-admin/2019-August/000998.html
1. https://www.wiki.balug.org/wiki/doku.php?id=berkeleylug:digital_resources
"per earlier communcations, intending to migrate of the WordPress.com
hosted by 2019-08-27T09:53:17Z (that would be 6 months after
Michael Paoli was notified of having been granted admin access for the
BerkeleyLUG site on its WordPress.com hosting)."
Michael Paoli
Aug 30, 2019, 10:25:24 AM8/30/19
to BerkeleyLUG
The BerkeleyLUG site:
https://berkeleylug.com/
has been migrated from WordPress.com hosting, to
being hosted on the BALUG host (virtual machine).
Things should mostly be as they were - differences should mostly be
cosmetic (and speed/availability - not a high availability host nor
hosting, nor high bandwidth).
The old site content may temporarily be accessible at:
https://berkeleylug.wordpress.com/
but looks like that's presently still redirecting - so
can't (yet) see there to compare, etc.
If you have an account on the site, you should be able to use
the "lost password" functionality:
https://berkeleylug.com/wp-login.php?action=lostpassword
to get an emailed link to reset your password (passwords were not
migrated).
Shorter term we'll probably leave it relatively locked down,
most notably only those with accounts can comment or post or more.
We'll probably start loosening that up more (within reason)
after things are a bit more settled in and tested out (and we
activate some anti-spam bits).
And, ... what did the migration process look like?
There's a pretty good outline of it here:
https://www.wiki.balug.org/wiki/doku.php?id=berkeleylug:digital_resources
https://berkeleylug.com/
has been migrated from WordPress.com hosting, to
being hosted on the BALUG host (virtual machine).
Things should mostly be as they were - differences should mostly be
cosmetic (and speed/availability - not a high availability host nor
hosting, nor high bandwidth).
The old site content may temporarily be accessible at:
https://berkeleylug.wordpress.com/
but looks like that's presently still redirecting - so
can't (yet) see there to compare, etc.
If you have an account on the site, you should be able to use
the "lost password" functionality:
https://berkeleylug.com/wp-login.php?action=lostpassword
to get an emailed link to reset your password (passwords were not
migrated).
Shorter term we'll probably leave it relatively locked down,
most notably only those with accounts can comment or post or more.
We'll probably start loosening that up more (within reason)
after things are a bit more settled in and tested out (and we
activate some anti-spam bits).
And, ... what did the migration process look like?
There's a pretty good outline of it here:
https://www.wiki.balug.org/wiki/doku.php?id=berkeleylug:digital_resources
Michael Paoli
Sep 2, 2019, 9:35:38 PM9/2/19
to BerkeleyLUG
So, ... I went ahead and enabled anti-spam (most notably for
comments) and enabled essentially "anyone" to comment,
and opened up the registration / sign-up.
Although the site gets a fair amount of traffic and ranks pretty well
with Search Engine Optimization (SEO), seems in earlier times it was
more "active" - not only with posts, but comments. Hopefully opening
that up more will breathe a bit more life/activity into it.
"We"'ll just have to keep a reasonable eye on spam (most notably
in comments and the like) ... I'm guessing that's what got the stuff
clamped down earlier. I'm hoping the anti-spam "plugin" is good enough
that it handles most all of that pretty well. We shall see.
I did also put an updated post on the main page ... likewise for where
the old stuff is hosted on WordPress.com (essentially all that content
was migrated) ... mostly to point folks to where it is now and the
"live" site (same URL as old was), ... and for the other URL,
left it "public", but disabled search engine indexing of it and
the like ... since that never was the "main" site anyway, and just
HTTP 301 redirected before anyway. Mostly just "cover the bases"
if anyone/anything still pokes around there - effectively leaving a
"pointer" behind - at least for now - and also if anyone/anything has
need/reason to compare the content and appearance details, etc. (there
are some minor appearance differences).
We've got a few folks that have Administrator access to the new
(on balug VM) hosting location, at least 2 of which are rather to
quite active in BerkeleyLUG. We also have additional persons/roles,
- roles being: Administrator, Editor, Author, Contributor, Subscriber.
comments) and enabled essentially "anyone" to comment,
and opened up the registration / sign-up.
Although the site gets a fair amount of traffic and ranks pretty well
with Search Engine Optimization (SEO), seems in earlier times it was
more "active" - not only with posts, but comments. Hopefully opening
that up more will breathe a bit more life/activity into it.
"We"'ll just have to keep a reasonable eye on spam (most notably
in comments and the like) ... I'm guessing that's what got the stuff
clamped down earlier. I'm hoping the anti-spam "plugin" is good enough
that it handles most all of that pretty well. We shall see.
I did also put an updated post on the main page ... likewise for where
the old stuff is hosted on WordPress.com (essentially all that content
was migrated) ... mostly to point folks to where it is now and the
"live" site (same URL as old was), ... and for the other URL,
left it "public", but disabled search engine indexing of it and
the like ... since that never was the "main" site anyway, and just
HTTP 301 redirected before anyway. Mostly just "cover the bases"
if anyone/anything still pokes around there - effectively leaving a
"pointer" behind - at least for now - and also if anyone/anything has
need/reason to compare the content and appearance details, etc. (there
are some minor appearance differences).
We've got a few folks that have Administrator access to the new
(on balug VM) hosting location, at least 2 of which are rather to
quite active in BerkeleyLUG. We also have additional persons/roles,
- roles being: Administrator, Editor, Author, Contributor, Subscriber.
Michael Paoli
Sep 12, 2019, 1:10:05 AM9/12/19
to BerkeleyLUG
The anti-spam seems to work quite well enough - at least to stop
spam comments and such.
The only "issue" with opening up registration / sign-up
... we do now have lots of users - 112 - way up from when we opened
up the registration / sign-up, and looks like most of those are
from spambots and the like and not legitimate users.
Anyway, perhaps a general adjustment plan, perhaps roughly like:
o add some captcha or the like to raise the bar sufficiently on
registration / sign-up
o user hygiene - once the above is in place and seems to be working
well enough, ask legitimate users to take some action to reasonably
show they're not something from a spambot ... and after some reasonable
time to respond to such, those not having taken the requisite action -
remove those users ... at least applying that users created after we
recently opened up registration / sign-up.
Anyway, that's the general plan/idea ... at least I think so (and for
lack of a better?). Not an extreme priority - though sooner would be
better. Anyway, cleaning that up will get us better to set of
(legitimate) users on the site - then that + list gives us a better idea
of folks at least interested in following BerkeleyLUG (even if many may
mostly be quiet "lurkers" - or at least most of the time).
spam comments and such.
The only "issue" with opening up registration / sign-up
... we do now have lots of users - 112 - way up from when we opened
up the registration / sign-up, and looks like most of those are
from spambots and the like and not legitimate users.
Anyway, perhaps a general adjustment plan, perhaps roughly like:
o add some captcha or the like to raise the bar sufficiently on
registration / sign-up
o user hygiene - once the above is in place and seems to be working
well enough, ask legitimate users to take some action to reasonably
show they're not something from a spambot ... and after some reasonable
time to respond to such, those not having taken the requisite action -
remove those users ... at least applying that users created after we
recently opened up registration / sign-up.
Anyway, that's the general plan/idea ... at least I think so (and for
lack of a better?). Not an extreme priority - though sooner would be
better. Anyway, cleaning that up will get us better to set of
(legitimate) users on the site - then that + list gives us a better idea
of folks at least interested in following BerkeleyLUG (even if many may
mostly be quiet "lurkers" - or at least most of the time).
Rick Moen
Sep 12, 2019, 4:06:47 AM9/12/19
to BerkeleyLUG
Quoting Michael Paoli (Michae...@cal.berkeley.edu):
> o add some captcha or the like to raise the bar sufficiently on
> registration / sign-up
It usually ends up being a CAPTCHA implementation people add for this
> o add some captcha or the like to raise the bar sufficiently on
> registration / sign-up
purpose, because it's difficult to find a modest, _simple_ plug-in for
WordPress, only baroquely complex ones. But a complete solution would
be anything that asks the user to answer a simple question that isn't
standard across everyone else's WordPress, like 'What is 4+5?' and
require a correct answer before the form submission gets processed.
Bruce Schnier on his blog ('Schneier on Security') has a simple hack
where you are asked to answer the question 'The title of this blog is
"Schneier on ________". What is that word?' (I paraphrase.) Works
perfectly -- because it's not necessary to defeat custom attacks, just
comment-bots aimed at commodity software.
Michael Paoli
Sep 13, 2019, 11:17:37 AM9/13/19
to BerkeleyLUG
I added a simple Math Captcha to registration.
That will likely suffice to mostly, if not entirely,
stop spambots from registering.
As for cleaning up (removing) registered accounts of
spambots - no extreme rush on that, but shall do that over the
coming week(s)/month(s). Probably request that users
update their profile to include something for name
(the spam bots don't bother, and generally looks better if
that's set anyway), may likely manually add that (or at least
partially so) to some older accounts (the few that were present
when site was migrated) ... maybe give user some alternative
means if they're legit, and really don't want to fill in
name field(s) at all, ... and, after some while,
remove the user that have nothing set in any of the name fields,
and haven't taken any alternative means to identify themselves
as legitimate - then the rest can mostly be reasonably presumed
to be spam bot sign-ups.
We're at 113 "users" now - the rate seems to have dropped off, as
most of the spam bots figure out they can't get their spam
content posted. "Of course" spam attempts continue - most notably
comment attempts - but the anti-spam in place seems quite to
exceedingly good at dealing with that (thus far of many hundreds
of attempts, no spam has made it through, and no legitimate
comments or attempts have been flagged as spam - though some
(new users or unregistered?) have been held for moderation.
This Captcha also seems minimally intrusive, should be enough (hopefully)
to stop spambots - but if needed, many other Captcha options are
available. Also, this Captcha doesn't feed some for-profit entity
human intelligence information (like training their AI by using
humans - and without those humans being paid for it!).
> From: "Rick Moen" <ri...@linuxmafia.com>
> Subject: Re: BerkeleyLUG site anti-spam enabled, comments &
> registration / sign-up opened up.
That will likely suffice to mostly, if not entirely,
stop spambots from registering.
As for cleaning up (removing) registered accounts of
spambots - no extreme rush on that, but shall do that over the
coming week(s)/month(s). Probably request that users
update their profile to include something for name
(the spam bots don't bother, and generally looks better if
that's set anyway), may likely manually add that (or at least
partially so) to some older accounts (the few that were present
when site was migrated) ... maybe give user some alternative
means if they're legit, and really don't want to fill in
name field(s) at all, ... and, after some while,
remove the user that have nothing set in any of the name fields,
and haven't taken any alternative means to identify themselves
as legitimate - then the rest can mostly be reasonably presumed
to be spam bot sign-ups.
We're at 113 "users" now - the rate seems to have dropped off, as
most of the spam bots figure out they can't get their spam
content posted. "Of course" spam attempts continue - most notably
comment attempts - but the anti-spam in place seems quite to
exceedingly good at dealing with that (thus far of many hundreds
of attempts, no spam has made it through, and no legitimate
comments or attempts have been flagged as spam - though some
(new users or unregistered?) have been held for moderation.
This Captcha also seems minimally intrusive, should be enough (hopefully)
to stop spambots - but if needed, many other Captcha options are
available. Also, this Captcha doesn't feed some for-profit entity
human intelligence information (like training their AI by using
humans - and without those humans being paid for it!).
> From: "Rick Moen" <ri...@linuxmafia.com>
> Subject: Re: BerkeleyLUG site anti-spam enabled, comments &
> registration / sign-up opened up.
goossbears
Sep 13, 2019, 12:11:47 PM9/13/19
to BerkeleyLUG
On Friday, August 30, 2019 at 7:25:24 AM UTC-7, Michael Paoli wrote:
The BerkeleyLUG site:
https://berkeleylug.com/
has been migrated from WordPress.com hosting, to
being hosted on the BALUG host (virtual machine).
Things should mostly be as they were - differences should mostly be
cosmetic (and speed/availability - not a high availability host nor
hosting, nor high bandwidth).
The old site content may temporarily be accessible at:
https://berkeleylug.wordpress.com/
but looks like that's presently still redirecting - so
can't (yet) see there to compare, etc.
The warning "DNS configuration required" appears in the WordPress.com management page.
Also, the message "berkeleylug.com's name server records need to be configured. Learn more "
also appears for the Domains
Mapped Domain
Michael Paoli
Sep 13, 2019, 2:37:57 PM9/13/19
to goossbears, BerkeleyLUG
Thanks, I'll have a look. May be some vestigial warnings
due to the migration - I doubt there's (much of) anything
needing "real correction" on the DNS.
> From: goossbears <acoh...@gmail.com>
> Subject: Re: BerkeleyLUG site/WordPress migrated!
> Date: Fri, 13 Sep 2019 09:11:47 -0700 (PDT)
> On Friday, August 30, 2019 at 7:25:24 AM UTC-7, Michael Paoli wrote:
>>
>> The BerkeleyLUG site:
>> https://berkeleylug.com/
>> has been migrated from WordPress.com hosting, to
>> being hosted on the BALUG host (virtual machine).
>> Things should mostly be as they were - differences should mostly be
>> cosmetic (and speed/availability - not a high availability host nor
>> hosting, nor high bandwidth).
>>
>> The old site content may temporarily be accessible at:
>> https://berkeleylug.wordpress.com/
>> but looks like that's presently still redirecting - so
>> can't (yet) see there to compare, etc.
>>
>
>
> The warning "DNS configuration required" appears in the WordPress.com
> management page.
> Also, the message "*berkeleylug.com's* name server records need to be
> configured. Learn more
> <https://en.support.wordpress.com/domain-helper/?host=berkeleylug.com> "
due to the migration - I doubt there's (much of) anything
needing "real correction" on the DNS.
> From: goossbears <acoh...@gmail.com>
> Subject: Re: BerkeleyLUG site/WordPress migrated!
> Date: Fri, 13 Sep 2019 09:11:47 -0700 (PDT)
> On Friday, August 30, 2019 at 7:25:24 AM UTC-7, Michael Paoli wrote:
>>
>> The BerkeleyLUG site:
>> https://berkeleylug.com/
>> has been migrated from WordPress.com hosting, to
>> being hosted on the BALUG host (virtual machine).
>> Things should mostly be as they were - differences should mostly be
>> cosmetic (and speed/availability - not a high availability host nor
>> hosting, nor high bandwidth).
>>
>> The old site content may temporarily be accessible at:
>> https://berkeleylug.wordpress.com/
>> but looks like that's presently still redirecting - so
>> can't (yet) see there to compare, etc.
>>
>
>
> The warning "DNS configuration required" appears in the WordPress.com
> management page.
> configured. Learn more
> <https://en.support.wordpress.com/domain-helper/?host=berkeleylug.com> "
Michael Paoli
Sep 13, 2019, 3:14:15 PM9/13/19
to goossbears, BerkeleyLUG
Can safely ignore that. As far as I'm aware:
o That only shows on the *old* site:
https://berkeleylug.wordpress.com/
o That "issue"/warning can (probably) only be seen by
>= Administrator (Administrator/Owner), and only on the control panel
o search engines are already told to go bugger off the old site:
$ curl https://berkeleylug.wordpress.com/robots.txt
User-agent: *
Disallow: /
# This file was generated on Tue, 03 Sep 2019 00:02:23 +0000
$
As we don't want 'em there, we want 'em on the canonical
and new site location (but same URL):
https://berkeleylug.com/
https://berkeleylug.wordpress.com/ was never canonical
(or not in a very very long time) and only HTTP 301 redirected
to https://berkeleylug.com/ anyway (Possibly excepting some
WordPress login/admin/etc. URL pathnames).
o As far as I can tell, it's just WordPress.com complaining that
berkeleylug.com has been ripped out from under it (yes, no longer
under WordPress.com's thumb/control
o As far as I can tell, looks like Owner could probably remove
berkeleylug.com from the WordPress.com configuration, but
looks like Administrator access (which you and I have)
is insufficient to do so ... and probably doesn't matter
anyway and not worth hassling Owner (Jack) to tweak it
just to make that warning go away - as far as I'm also
aware, it's of zero "real" consequences.
We should probably totally drop berkeleylug.wordpress.com
at some point in the future (maybe a month or so from now?).
In the meantime it's still there "just in case" - e.g. if we find
we somehow missed pulling some content, or want to compare the old
content to that of current site for any reason(s). And should
definitely drop it (and have Jack drop relevant bits) before
current (paid) plan is set to expire/renew - but as far as I can
tell that looks like sometime next year (though we could certainly
drop things sooner than that). So ... also looks like probably
only myself, you, and Jack, are likely the only ones that could
even see that warning anyway.
Also not seeing warnings on current site/dashboard:
https://berkeleylug.com/
https://berkeleylug.com/wp-admin/
o That only shows on the *old* site:
https://berkeleylug.wordpress.com/
o That "issue"/warning can (probably) only be seen by
>= Administrator (Administrator/Owner), and only on the control panel
o search engines are already told to go bugger off the old site:
$ curl https://berkeleylug.wordpress.com/robots.txt
User-agent: *
Disallow: /
# This file was generated on Tue, 03 Sep 2019 00:02:23 +0000
$
As we don't want 'em there, we want 'em on the canonical
and new site location (but same URL):
https://berkeleylug.com/
https://berkeleylug.wordpress.com/ was never canonical
(or not in a very very long time) and only HTTP 301 redirected
to https://berkeleylug.com/ anyway (Possibly excepting some
WordPress login/admin/etc. URL pathnames).
o As far as I can tell, it's just WordPress.com complaining that
berkeleylug.com has been ripped out from under it (yes, no longer
under WordPress.com's thumb/control
o As far as I can tell, looks like Owner could probably remove
berkeleylug.com from the WordPress.com configuration, but
looks like Administrator access (which you and I have)
is insufficient to do so ... and probably doesn't matter
anyway and not worth hassling Owner (Jack) to tweak it
just to make that warning go away - as far as I'm also
aware, it's of zero "real" consequences.
We should probably totally drop berkeleylug.wordpress.com
at some point in the future (maybe a month or so from now?).
In the meantime it's still there "just in case" - e.g. if we find
we somehow missed pulling some content, or want to compare the old
content to that of current site for any reason(s). And should
definitely drop it (and have Jack drop relevant bits) before
current (paid) plan is set to expire/renew - but as far as I can
tell that looks like sometime next year (though we could certainly
drop things sooner than that). So ... also looks like probably
only myself, you, and Jack, are likely the only ones that could
even see that warning anyway.
Also not seeing warnings on current site/dashboard:
https://berkeleylug.com/
https://berkeleylug.com/wp-admin/
Rick Moen
Sep 13, 2019, 5:30:21 PM9/13/19
to BerkeleyLUG
Quoting Michael Paoli (Michae...@cal.berkeley.edu):
> I added a simple Math Captcha to registration.
> That will likely suffice to mostly, if not entirely,
> stop spambots from registering.
Assuming it functions correctly as described, I'll bet good money it'll
> I added a simple Math Captcha to registration.
> That will likely suffice to mostly, if not entirely,
> stop spambots from registering.
_work perfectly_ -- in the sense that basically _nobody_ expends the
effort to code a totally site-specific comment-bot. It's too much work
for too little gain, in world where so many ill-defended targets beckon,
elsewhere.[1]
Edge case: If a specific combo of engine (e.g., WordPress) plus one
specific plugin (e.g., Math Captcha) hypothetically ever becomes
overwhelmingly popular, then it would be an economic proposition for
coders of comment-bots to code handling of the admin's artificial
obstacle to automated bulk-commenting. I.e., at that point, overcoming
the roadblock is no longer a site-specific problem for them.
One of the implications of that is that small site-local variations can
be extremely helpful. This is also true in SMTP antispam, e.g., if
using site-wide SpamAssassin (spamd), there's high value in altering the
default spamicity weightings for the various matching rules and
otherwise make your site's heuristics just a bit different from
bog-standard.
Or to put it a different way, genetic diversity is good -- and avoids
the fate of the Gros Michel banana and the Irish Lumper potato.[2]
> We're at 113 "users" now - the rate seems to have dropped off, as
> most of the spam bots figure out they can't get their spam
> content posted.
direct human supervision. The same stupid comment bots persist
attempting the same stupid actions that no longer work. The operators
are not in the business of smart; they're in the business of blanketing
the Internet using overwhelmingly stolen machine resources (zombified
MS-Windows machines comprising botnets) to barrage all of IP space all
the time, in hopes that stuff gets through here or there. The waste and
lack of intelligence is inherent in the basic plan.
[1] As the old joke goes, you don't need to run faster than the pursing
bear, only faster than the other guy fleeing.
[2] After 170 years, the Lumper is being grown again, notably in County
Antrim, Northern Ireland -- but carefully not as a monocrop.
https://www.irishcentral.com/news/great-famine-potato-makes-a-comeback-after-170-years-194635321-237569191
Reply all
Reply to author
Forward
0 new messages