adblock browser captcha comment-spam error extensions firefox How To Innovation MySQL PHP Programming The Internet Web-Development Web Design WordPress

The Best Firefox Plugins and Extensions

Firefox is a great web browser. If nothing else, the large number of people switching from Internet Explorer to Firefox convinced Microsoft to finally update IE. When Firefox added inline spell checking with version 2.0 they boosted the writing quality of every blogger, wiki contributor, and forum post on the Internet. What more can you ask for? Actually, the best thing about Firefox is its extensibility. Anyone with some programming skill and some free time can add features and functionality by building plugins and extensions. There are well over 2000 extensions listed at, so where do you start? You can find a lot of "top 10" lists around the web, but I thought I'd add my two cents as well. Here is a list of some of the best Firefox extensions. 1. Adblock Plus - Adblock is a controversial choice because it allows users to block out the advertisements that many websites rely on for income. This website, for example. But again and again I find myself thanking the Flying Spaghetti Monster for Adblock. Some sites fill their pages with flash-based ads that flash, flutter, crawl across the pages, etc. And those are the ads I inevitably block. 2. StumbleUpon - StumbleUpon lets you channel surf the web. Click on the Stumble button and you'll get a new web site - give it a thumbs-up or a thumbs-down and StumbleUpon will suggest sites more to your liking. I should warn you, though, that this extension is very addictive and a terrible time-waster. 3. Procrastato - Now that I've ruined your productivity with StumbleUpon, I'll give you a little bit back. Procrastato watches for notorious time-wasting sites like Digg, MySapce, and YouTube and reminds you every few minutes to get back to work. 4. Firebug - If you are a web developer and you don't use some combination of these next four plugins, you might as well be writing code blindfolded. Firebug lets you inspect pages to find troublesome elements and edit HTML, CSS, and javascript inline. 5. Web Developer - The Web Developer Toolbar isn't quite as powerful as Firebug but it has some nice features that are easy to get to in a pinch. For example you can resize the browser window to make sure your site still works in 800x600. You can also kill all CSS styles, which actually make MySpace tolerable. 6. Tamper Data - If you ever run into a tricky HTTP header problem, or want to see what all is taking so long to load on a site, Tamper Data is the tool for you. 7. User Agent Switcher - You don't need to be a web developer to appreciate this add-on. There are still a lot of sites out there with buggy old code that tries to look for a certain version of IE and locks you out otherwise. Use User Agent Switcher to tell the site that Firefox is IE, and 99 times out of 100 everything runs perfectly well. 8. Bookmarks - I don't know about you but I have been building my bookmarks lists for 10 years, exporting and importing from one browser version to the next. The list is now way too large to be usable, but makes my bookmarks taggable and searchable. This plugin integrates them back into the browser. 9. SiteAdvisor - I was a little worried when SiteAdvisor was bought by McAffee, since I'm not a huge fan of their anti-virus suite. But SiteAdvisor remains an absolutely necessary tool on the wild web. When you do a Google search, you'll see little green checkmarks next to well-behaved sites and red X's next to spammers and spyware purveyors. Go install this on your mom and dad's computers today. Did I miss any? Let me know about your favorite extensions below.

Comment Spam Deluge – Did our Captcha get Hacked?

Have you been having trouble reading Unsought Input lately? You're in good company – I've been having trouble writing for it.

We've been having issues with MySQL to the point of hanging connections and pleasant, but not very helpful WordPress error messages. It's nice that user-friendly errors are built-in to WordPress, since you never want to give users cryptic, blue-screen-of-death style errors. But I needed to get to the root of the problem.

I quickly put on my detective cap and tried to log in with phpMyAdmin – no luck, but this time the error message was a little more useful:

#1040 - Too many connections

Normally you encounter this error for one of two reasons: either you are being Slashdotted, or you are opening up persistent connections (with PHP's mysql_pconnect(), for example) and they are not being closed properly. In the first case, there are just too many queries at once and it fills up the connection limit, and in the second case they build up over time.

I didn't think possibility number 1 was very likely, since we don't write anything cool and geeky enough to get on Slashdot. The story about the Canadian geologist was probably our best bet. I knew I hadn't written any code to use persistent connections, but what about the rest of WordPress?

No such luck. Not a single pconnect in any of the WordPress or plugin code. Back to the first possibility – is it possible we were being hit but a distributed denial of service attack (DDoS)? More specifically (and more likely), we were being effectively DDoS'ed by comment spammers.

How did I figure it out? The connection limit for MySQL is set in the config file, my.cnf in Apache (or possibly my.ini in Windows/IIS):

[mysqld] set-variable=max_connections=100

The default is 100 and that should be enough for most sites. I needed to see what was actually being run, so I connected as a user with administrative rights and sent MySQL this command:


I got back a list of 200 locked queries, all dealing with selecting or deleting comments!

We have two measures in place to combat comment spam. One is Askimet, which is a standard plugin for WordPress. I have no hard data but I would guess almost everyone uses it. The other is a captcha plugin called Did You Pass Math?

The idea behind captchas is to give visitors a small task that is easy for humans but harder for machines. That's where those fancy images with the wavy letters and numbers come from. I wanted to use something a little simpler, so I went with Did You Pass Math. From what I've read, a big part of the power of captchas is just having something there at all to make your submit form non-standard and break the really naïve spamming scripts (see Jeff Atwood's story about his captcha in Coding Horror). It worked really well for a while.

But not any more. Askimet now reports an order of magnitude more spam blocked than ever before.

Is Did You Pass Math officially broken? It seems like I'll need to upgrade or find something different. Maybe I can hack it a bit to ask about more than just addition.

Jess B was kind enough to look through our logs and she found a ton of hits from the same IP range, and the IPs all went to spammy sites filled with more spam. Ugh.

Has anyone else noticed this with Did You Pass Math, or any other captcha plugin?