james mckay dot net

Astute readers of my blog will note that I turned off my Comment Timeout plugin at the start of this year. I had begun to suspect that its effect on spam was minimal, while at the same time there were still some posts that, according to Google Analytics, attract a bit of attention — in particular, my posts about SharePoint seem to feature rather prominently in searches by people who find the subject even more confusing than I do.

Sooo… now you can even leave comments on my very first blog entry if you are that way inclined.

In the end, I found that turning it off did not result in a noticeable increase in spam comments. I am now using only three plugins to manage spam on my blog and together they put in a stellar performance. Akismet and Bad Behavior stop almost everything dead in its tracks, and beyond that, a blanket rejection of comments that contain BBCode or more than two hyperlinks keeps your spam queue short, makes it easy to check for false positives, and reduces the load that it places on Akismet and your bandwidth consumption. As far as I can tell, 80-90% of spam comments contain either BBCode, or three or more hyperlinks.

However, this raises a question: what is the future of Comment Timeout?

Unfortunately, I have had quite a lot on at work recently and I have other projects that I want to move on to that I simply haven’t had time for so far, so since I am no longer using Comment Timeout myself, maintaining it further now has a very low priority.

There are some things that could still be done on it, such as localisation, but as far as I can tell, it is stable, it works with any version of WordPress since 2.0, and pretty much all the bugs that have been brought to my attention have been ironed out. I haven’t tested it thoroughly against WordPress 2.5, but as far as I can tell it should work properly.

If anyone would like to develop it further, I have no objections. It’s dual licensed under both the GPL and the MIT/X11 licence, so you don’t even need to ask for permission, though it would obviously be nice to get a heads-up.

Comments closed (1) »

Posted at 13:06 on 5 April 2008.
Tagged: Comment Timeout, spam, WordPress

I received an unsolicited e-mail from MySpace this morning. Looks like it’s one of their usual circular newsletters. What makes this very strange is that I do not have a MySpace.

Okay, granted, I did have one once upon a time, but I never actually used it, and in the end I cancelled it. I was actually quite forthright in the comment box on the cancel my account option: I said that I have no time for an ad-ridden monstrosity that violates every accessibility guideline in the book and encourages you to parade a total absence of web design skills while encumbering your blog with search engine hostile URLs. They also have a fiendishly complex system for cancelling your account. You have to click through about seventeen “Are you sure?” links, and then they send you an e-mail message, after which you have to click through another “are you sure?” link, then they tell you it will still take 48 hours.

The newsletter very helpfully gives you some instructions on how to stop receiving further e-newsletters from them:

At MySpace we care about your privacy. If you don’t want to receive future MySpace newsletters, change your Account Settings to “Do not send me MySpace newsletters.” Click here to change your Account Settings. You can also contact us with any questions or concerns regarding your privacy at: privacy@myspace.com or write: MySpace.com, 6060 Center Drive, Suite 300, Los Angeles, CA 90045.

Very helpful, I don’t think, given the fact that in theory I no longer have an account at the e-mail address that they sent it to and therefore I can’t log in to change my Account Settings to “Do not send me MySpace newsletters.” I’ve sent an e-mail to privacy@myspace.com asking what they think they are playing at and I await a response. If it mentions viagra, cheap mortgages, OEM software or Britney Spears, I shall be rather upset.

Update 23 Feb: It appears that I am not the only person who has been spammed by MySpace recently. A report by someone else hit the front page of digg.com a couple of days ago.

Comments closed (2) »

Posted at 09:54 on 21 February 2007.
Tagged: MySpace, spam

Following a recent flood of comment spam last week, I’ve decided to tighten up on my blog commenting policy. I’m now limiting comments to two hyperlinks each, which must not be in BBCode format. WordPress doesn’t use BBCode anyway, and I’ve never seen a genuine comment on anybody’s blog which contains more than one hyperlink, so I don’t think this is going to be a problem.

I’m also going to close comments and trackbacks right across the board to any IP address which has three comments pending moderation in my spam queue or which gets trapped by Bad Behavior three times in a week. In practice, it’s not likely to affect you unless you are running a spam bot on your computer or network.

If you want to do something similar on your own blog, it’s handled by the the latest version (1.3) of Comment Timeout. Note that this is still in alpha, so use it at your own risk. It’s configurable as before, so you can set it to allow three — or more — hyperlinks if you prefer.

Comments closed (2) »

Posted at 22:50 on 4 February 2007.
Tagged: Comment Timeout, spam

WordPress 2.1 comes with a new version of the Akismet plugin, which has an option to silently discard comments that it considers to be spam on posts older than a month.

Personally, I don’t like this approach, because it silently nukes bona fide comments that register as false positives on older posts. My experience of Akismet is that it flags about ten percent of bona fide, non-spam comments as false positives: out of the twenty-three comments and trackbacks that I’ve had over the past month, I’ve had to rescue at least two of them from the spam queue. Furthermore, just before Christmas, the Akismet service started trapping all my comments on other people’s blogs that were labelled with my own domain name (jamesmckay.net). This was very disconcerting at the time, though it righted itself after a few days. Apparently several other people have reported the same problem. I don’t know quite to what extent this is replicated worldwide, but it’s enough to warrant keeping an eye on what is being flagged as spam and what isn’t.

The other problem is that the time delay is not configurable. It may be fine on popular blogs which are updated two or three times a week, but it isn’t suitable for the vast majority of bloggers, who only write once or twice a month and whose readership is relatively small. It also fails if you write a popular, classic post that gets linked to from, say, a Wikipedia article, and would benefit from a longer lasting, ongoing discussion. That’s why I included an option in Comment Timeout to allow you to keep a discussion open for longer if it has had some recent comments.

What we need are better tools to help get to the false positives quickly and (relatively) easily. One way of doing this is to reduce the number of comments that gets as far as Akismet. I use it in conjunction with Bad Behavior and my own Comment Timeout, and the two in combination seem to reduce the spam to ham ratio in my case from about 30:1 to 3:1. I have also tried Spam Karma, though I’m not actually using it at the moment.

The other thing that we need is a better interface to the comments that have been flagged as spam. The Akismet WordPress plugin is rubbish in this respect. It lists the whole body of everything it reckons is spam, sorted by age, with no options to apply any other sort order. If in spite of using Bad Behavior, Comment Timeout, and Spam Karma, you still end up getting hit by a hundred spams with a hundred links each in the space of half an hour, sorting out the false positives can be an absolute nightmare. What we need is an interface that shows us an overview of all the comments in the entire queue, allowing us to sort and selectively bulk delete by age of comment, age of post, IP address, length of comment, number of hyperlinks, and so on. We need to be have the comments collapsed down to just the first line or even only the comment metadata, and then expand them when they’re clicked using Javascript/DHTML. And it would also be good if the Akismet service could return an indication of the level of spamminess of a comment, rather than just a binary yes/no value as at present, so we could sort on that as well.

Comments closed »

Posted at 21:05 on 25 January 2007.
Tagged: Akismet, Comment Timeout, spam