Another Opinion Among Many

Balance

I’ve been trying to figure out the best balance between Spam filtering and freedom to comment on this site. The day before yesterday, in the evening, I decided to conduct an experiment and see what the results were.

What was here

Before conducting the experiment, I’d been using the same solution that I had before. Akismet and Tan Tan Noodles Simple Spam Filter had been my trusty resistance fighters who tirelessly kept my site pretty much free from comments made by that scourge of the earth known as blog spammers. I’ve been reasonably happy with this dynamic duo as the amount of work required by me was pretty low and people who wanted to could comment freely on this site and see their comment appear right away. I didn’t have to manually approve the comments and the person who commented didn’t have to do anything elaborate to have their comment appear here.

The Experiment

I had decided to see what would happen if I disabled Joe Tan’s Simple Spam Filter.I wanted to know two things – how many comments actually do get moderated because of their spammy nature, and, how many of those comments are legitimate. I’ve been quite lucky so far. About once or twice a week, there’d be a comment added to the list of spam comments in my moderation queue – and, it was put there because it should have been.

As I alluded to with my previous post, I enabled first comment moderation, in case Akismet wasn’t up to the task. Over night, I had received 14 comments that had been sent to the queue and they were all sent there with good reason. They were illegitimate crapola and should have been set on fire and fed to their owners. That part of the experiment seemed to have gone well.

Then, for the bigger risk. I disabled first comment moderation to see if Akismet would handle everything and do it correctly. I didn’t really want to have to go through a pile of comments and delete them from the published site. Over the next 16 or 17 hours, I received 64 comments that were marked as spam. They were waiting for me in the spam queue. I read through them all and determined that they had been legitimately flagged as spam comments.

So, Akismet had saved me from the spammers. This is great! On the face of things, there was no real difference to those who read the content here.

The Conclusion and My Action

I’ve concluded that Akismet can be the only spam moderation solution that you really need on your site. It seems to filter the illegitimate comments properly and doesn’t flag any false positives. The things that get filtered are queued for me to review, if necessary, in case they were put there in error. It does a great job.

I’ve enabled Simple Spam Filter again, though, as the way it works is a great compliment to Akismet. It was not decided as a single solution, but rather a prefilter for Akismet. This task is handled well. With SSF enabled, I don’t have to search through the spam queue to see if any comments there are legitimate. And, don’t kid yourself, if you have a list if quarantined comments, you’ll go through them, just to be sure.

With SSF, comments with more than 5 links get stopped and any comments with Regex code in them gets stopped. As well, comments with words commonly used by spammers are stopped. The good new is that, if someone gets stopped by the filter, they have a chance to moderate their own comment as approved by clicking the button on the page showing them why their comment was blocked. Then, the comment goes through. I don’t have to worry about reading through the Akismet queue often, as the really obvious robot-generated spam is deleted automatically, as the robot doesn’t click the button to allow their comment to be read. Once a spam commenter gets past the SSF by clicking through the first block, they get caught by Akismet. The positive thing for me is that I don’t have to actively pore through several comments just to find out they’re spam and need deleting. The robots’ inaction at the gateway is enough.

The potential is there for every comment to pass SSF, as the moderation is handled by the commenter. I think that this is pretty good evidence that there is a problem. My little site gets more illegitimate comments in one day than the number of articles I publish in a whole year.

This experiment has solidified my feeling that I’ve chosen the best solution for my needs. So, SSF and Akismet remain as my dynamic freedom fighting duo. I did remove a few words from the potential list (ones that I find that I use a lot). I figure that if they’re used by a spammer, Akismet will stop them or SSF will due to them using another tactic that is blocked before publication.

After consideration, I’ve updated the terms of use on this site relating to comments. Click the link in the menu above. The addition will remain the color red for a while.  If your comment is on topic but your link is to a website that I don’t like (for payday loans, porn, link farms, etc…), I will remove your link and leave your comment. My site.

I tried something interesting to see what would result.  For one day, I turned off the Simple Spam Filter plugin, written by the most excellent Tan Tan Noodles coder, Joe Tan.  I wanted to see how much SPAM it was actually prefiltering.  Now, my site gets pretty low traffic, as far as sites go.  Depending on the stats program I use, either 160ish or 700ish visitors came to see me per day on the highest traffic months.  My total bandwidth usage has grown to about 3.5GB per month (thanks in part to the low number of videos and pictures that I host).

After entering some new keywords into the “banned words” list, I stopped having to moderate any comments at all through the Akismet moderation panel.  Anybody who has commented has probably been stopped by SSF and asked if they are indeed human at least once, as there are some pretty common words that show up in spammers comments as well as normal ones done by humans that care to engage in a REAL conversation.  I hope that you’ve enjoyed my attempt at humourously presenting the verification button to you.

What I was worried about was that legitimate commenters weren’t getting their point accross, as no spam to moderate is a bit strange.  Hopefully all you real, live commenters realize by now that you just have to click the button to have your comment appear without any further moderation.

So, what was the result? Of the comments that came through that Akismet hasn’t learned yet and auto-deleted, I got 48 comments in my spam moderation queue.  There were no false positives.  I turned SSF back on and the spam comments stopped getting through.  Thank you, TanTan Noodles!

Well, I found a directory on my Wordpress install that I didn’t install the contents of.  My wp-content/uploads/ folder had a directory /2007/12 in it, which, in itself, wouldn’t be much to raise concern, but it wasn’t “owned” by me.  My web host confirmed that all files should be owned by me.  I couldn’t delete the folder, it seems.  I sure wanted to, because it contained 100s of html pages that were all redirects to scummy splogger sites.  So, I guess that I got hacked.  Folks, upgrade your Wordpress as soon as you’re advised of a security release.

When I changed my cPanel password, some wierdness occurred.  If you were browsing my site this afternoon, you might have caught the moment where there was no database connection.  You see, when you change your cPanel password, it changes your mail, ftp, and mySql passwords as well.  It took a minute for the system to all get working again.  When I was checking the mail to ensure that it still worked, I noticed that I had almost 8,000 emails sitting in my default mail account.  I’ve not actually configured an email account, as I use Google’s Gmail redirect service, where I can forward mails received by corey@ to my Gmail email and send as corey@.  Why not use their spam filtering, rather than manage my own?  So, these were the emails that were being sent to any whatever @coreythompson dot com since October.  I am sure that all of it was SPAM, so I set up squirrelmail to show 1000 mails per page and used “toggle all” and sent them to my trash folder and then purged the folder.  I then set up my mail settings to bounce all email to addresses without forwarding with a “no such recipient” message.  Hopefully, this will keep the unwanted emails off my server.

What a sucky happenstance.