If you have been following this blog, you know that I have some pretty big plans for this blog's future!
Part of those plans have been for me to build a WordPress "sandbox" server here in The Dungeon, try to migrate my blog to it, and try to do it in some semblance of order. The idea being that if I'm going to make a complete balls-up of everything, (and I will, trust me!), I'd rather do it down in my basement where I can control the damage, instead of on a live production blog.
Of course, these things are much easier to say than do, and I am sure that the Wright Brothers had the same sense of angst: "Hey! If it's so easy for birds to fly, it should be a real snap for us too, right?"
It's taken days, and days, and days, and days, and. . . . Oh futz! It didn't crash, again?!!
Needless to say, it's been a real learning experience, in more ways than one.
One of the resources I have been using is WordPress for Dummies (3rd edition) by Lisa Sabin-Wilson, and if you're even thinking about messing with WordPress, you can do far worse than to read her book.
One of the things I learned about was something called "comment spam".
Comment spam?! Of all the. . . . ! ! !
And yes, it had me scratching my head too.
Here's the deal:
We all know about e-mail spam. That endless stream of scams, frauds, and phishing attacks; not to mention the never-ending advertisements for "Penile Enhancement", Viagra, Cialis, and God Only Knows what else.
This is the "plain 'ole every-day" mail-type spam that we all know and love. It's designed to get us to do something that will compromise us, so that we give away important personal information about ourselves, send money to someone via Western Union or MoneyGram, or open up our systems to being attacked, root-kitted, and perhaps used as a zombie to hack the Pentagon.
Comment spam is a horse of an entirely different hue. And it's even nastier.
Comment spam is a way of getting MY BLOG to help the baddies clobber someone else. The way they do this is by hiding vicious hyperlinks inside innocuous messages, masked in such a way that you don't really know what you're clicking on until after you've done the dirty deed.
An even more vicious form of comment spam is a comment that has, (what appears to be), a perfectly innocent hyperlink that leads you to a seemingly innocent site that will re-direct you to somewhere evil.
You like my blog.
You read my postings.
You read the comments.
You click on what appears to be an innocent hyperlink in a comment.
YOU get hammered, and MY BLOG set you up for the kill.
The real epiphany was when I did a trial-import of all this blog's content and comments into my sandbox server. Unlike Blogger, WordPress lets me see, (and do), anything I want with a message or its comments. Nothing is hidden. Nothing gets squirreled away.
Within WordPress, I could actually see the vicious bulldogs hiding behind the pretty flowers within some of the comments left on my site. And it was scary! Needless to say I was PISSED.
As a result I have had to do two things that I really did not want to have to do:
- I no longer allow "anonymous" comments on either of my blogs, since virtually all the nasties were hidden in anonymous comments.
- All comments, without exception, are now moderated.
As unpleasant a task as it may be, I have no choice but to require every stinkin' comment to be quarantined until personally vetted by me. And because I can't create a "white-list" of trusted posters, it's an all-or-nothing deal.
If the comment has an embedded hyperlink, it get's trashed. Period.
Because I just spent the last half-day-or-so going through every single message on this blog, comparing every single comment here with the nasties I found when looking at the comments on WordPress there, and removing, one-at-an-effing-time, any suspicious comments that I found; sanitizing the comment stream so that no one who comes to my blog gets hammered.
And why is that necessary?
Because Blogger won't let me edit comments or view hidden content. And because I can't view hidden content, I can't see what might be hiding behind an embedded hyperlink without clicking on it, and I won't risk what loyalty my blog may have for the sake of a few hyperlinks.
One potential exception is the plain-text in-line hyperlink that is visible to everyone. I might be convinced to allow in-line hyperlinks that are plain-text, after I have personally tested them and verified that they are not harmful - if they are germane to the topic of the post.
It's a sad day when I have to spend more time babysitting the few baddies out there, then I spend actually creating useful content. However, I'd rather do that than see those of you who read my blog get hammered because I'm asleep at the wheel.
What say ye?