A spammer tried to hack my blog this morning. Comment moderation has been turned on temporarily as a safeguard. I don’t plan on using comment moderation permanently however; only until I can look at the attack in more detail later today.
Update: Everything should be hunky dory now. I strengthened the security of my site a bit, upgraded to WordPress 2.3.1, and changed around some plug-ins and options. I don’t think anyone was successful in actually hacking into my WordPress account, but some spammer managed to slip by my comment spam guards overnight and bombard my blog with comment spam.
I’m reluctant to use too many anti-spam techniques that place the burden on you, the commenter. An example of that is the popular anti-spam technique called "captcha." With captcha, the person leaving the comment is shown a series of letters and numbers. He must then type the series in a box in order for his comment to be accepted. While highly effective, I have lost too many comments I’ve tried to leave on other blogs because I accidentally transposed a number or letter (maybe I’m mildly dyslexic… or just an idiot who can’t type). To me, losing a comment that I wrote is extremely annoying. It’s rare that I will rewrite the comment again when that happens. I don’t want that to happen to you all when you try to leave a comment on my blog, so I’ve never put in place a captcha system.
I’m also reluctant to institute across the board moderation of comments. I like to see the comment I’ve left on a blog go live immediately. Using the moderation technique seems to diminish the back and forth spontaneity of the conversation in a comments thread. I’ve seen some blogs where the blog owner doesn’t get around to approving the comments until days later. By then most people have stopped checking back to see if any new comments have been left.
That being said, I am making one concession to fight spam: If you have never left a comment on my blog before, your first comment will go into moderation until I approve it. Once you have at least one approved comment on my site, all your future comments should go live immediately. Also, all pingbacks/trackbacks will go into moderation since these are the largest source of comment spam on my blog. I certainly hope that instituting this change won’t hurt the lively discussions we sometimes get into in the comments on something I’ve posted. If you feel that it does, I’m open to your feedback.
BTW, for those of you using WordPress (not the hosted-version at WordPress.com), I highly recommend using this plug-in to automate all your WordPress upgrades. It worked like a charm for me.
Entries (RSS)
Gah, wha? This is suddenly scarier than Halloween.
Sorry to hear of your hack attack!
I love the blog and I love your visual design.
Keep up the good fight!
That is absolute BS. I can’t believe people! Would you please email me & tell me how you could tell?
I’ve never lost a comment using word verification, but that’s always been on a Blogger-hosted site. Even if I type the word wrong three times, the comment is always there. I HAVE lost comments numerous times on haloscan, though, without any verification. That has driven me to rage more than a few times.
I hate those “Capthcha” things. They often make them so hard to read. And why, I ask you? It’s not like the computer programs that spammers use can see the graphic. The letters and numbers can be clear as day and the technique would work just as well to block spam.
I hope you’re able to figure out this hacker attack, Scott, and prevent future ones as well. Good luck!
lol
thankiossp!