If you have been following this blog, you know that I have some pretty big plans for this blog's future!
Part of those plans have been for me to build a WordPress "sandbox" server here in The Dungeon, try to migrate my blog to it, and try to do it in some semblance of order. The idea being that if I'm going to make a complete balls-up of everything, (and I will, trust me!), I'd rather do it down in my basement where I can control the damage, instead of on a live production blog.
Of course, these things are much easier to say than do, and I am sure that the Wright Brothers had the same sense of angst: "Hey! If it's so easy for birds to fly, it should be a real snap for us too, right?"
Nope.
It's taken days, and days, and days, and days, and. . . . Oh futz! It didn't crash, again?!!
Needless to say, it's been a real learning experience, in more ways than one.
One of the resources I have been using is WordPress for Dummies (3rd edition) by Lisa Sabin-Wilson, and if you're even thinking about messing with WordPress, you can do far worse than to read her book.
One of the things I learned about was something called "comment spam".
Comment spam?! Of all the. . . . ! ! !
And yes, it had me scratching my head too.
Here's the deal:
We all know about e-mail spam. That endless stream of scams, frauds, and phishing attacks; not to mention the never-ending advertisements for "Penile Enhancement", Viagra, Cialis, and God Only Knows what else.
This is the "plain 'ole every-day" mail-type spam that we all know and love. It's designed to get us to do something that will compromise us, so that we give away important personal information about ourselves, send money to someone via Western Union or MoneyGram, or open up our systems to being attacked, root-kitted, and perhaps used as a zombie to hack the Pentagon.
Comment spam is a horse of an entirely different hue. And it's even nastier.
Comment spam is a way of getting MY BLOG to help the baddies clobber someone else. The way they do this is by hiding vicious hyperlinks inside innocuous messages, masked in such a way that you don't really know what you're clicking on until after you've done the dirty deed.
An even more vicious form of comment spam is a comment that has, (what appears to be), a perfectly innocent hyperlink that leads you to a seemingly innocent site that will re-direct you to somewhere evil.
Translation:
You like my blog.
You read my postings.
You read the comments.
You click on what appears to be an innocent hyperlink in a comment.
YOU get hammered, and MY BLOG set you up for the kill.
The real epiphany was when I did a trial-import of all this blog's content and comments into my sandbox server. Unlike Blogger, WordPress lets me see, (and do), anything I want with a message or its comments. Nothing is hidden. Nothing gets squirreled away.
Within WordPress, I could actually see the vicious bulldogs hiding behind the pretty flowers within some of the comments left on my site. And it was scary! Needless to say I was PISSED.
As a result I have had to do two things that I really did not want to have to do:
- I no longer allow "anonymous" comments on either of my blogs, since virtually all the nasties were hidden in anonymous comments.
- All comments, without exception, are now moderated.
As unpleasant a task as it may be, I have no choice but to require every stinkin' comment to be quarantined until personally vetted by me. And because I can't create a "white-list" of trusted posters, it's an all-or-nothing deal.
Translation:
If the comment has an embedded hyperlink, it get's trashed. Period.
Why?
Because I just spent the last half-day-or-so going through every single message on this blog, comparing every single comment here with the nasties I found when looking at the comments on WordPress there, and removing, one-at-an-effing-time, any suspicious comments that I found; sanitizing the comment stream so that no one who comes to my blog gets hammered.
And why is that necessary?
Because Blogger won't let me edit comments or view hidden content. And because I can't view hidden content, I can't see what might be hiding behind an embedded hyperlink without clicking on it, and I won't risk what loyalty my blog may have for the sake of a few hyperlinks.
One potential exception is the plain-text in-line hyperlink that is visible to everyone. I might be convinced to allow in-line hyperlinks that are plain-text, after I have personally tested them and verified that they are not harmful - if they are germane to the topic of the post.
It's a sad day when I have to spend more time babysitting the few baddies out there, then I spend actually creating useful content. However, I'd rather do that than see those of you who read my blog get hammered because I'm asleep at the wheel.
What say ye?
Jim (J.R.)
Here is a comment about this from my friend, Alan Sharkis, along with my reply, illustrating the entire issue:
ReplyDeleteHello Jim,
What about those of us who don’t use any of the services that you say you need to publish a comment? I just closed my Facebook account because I seldom used it, and I was tired of getting “friend requests” from people I don’t know. As for the other profiles, I’ll be darned if I ever get to use them, even if I sign up for them. For example, I have a Google account. But every time I’m tempted to use it, and that might be every two years or so, I have to reset my password because I’ve forgotten it. I promise you that I will most likely never put a hyperlink in any comment. On the rare occasion that I might do that, I’d rather email the link to you so that you can check it out and insert it if you so desire and find that it’s benign. But again, I just can’t see myself needing to put a link into a comment.
====================
Alan,
You don’t need to use any services to post a comment, all you need to do is register as a member of the blog itself. Since you already HAVE a Google account, you’re already registered. All you need to do is reset the password, (again), and write it down somewhere so you remember it the next time you want to post something. Svetlana keeps a “little black book” near her computer for just that kind of thing.
I totally understand about Facebook, Twitter, Linked-in, etc., as I bailed on them awhile back too. They were just too noisy, and were too much of a time-sink.
Re: My inserting the hyperlink for you. . . . .
As I said before: I can’t do that! This is why I am thinking of leaving Blogger.
Not only can I not insert hyperlinks, I cannot even see what is inside an embedded hyperlink! And I’m not talking about just anyone here, I’m talking about the administrator and owner of the blog itself. Blogger will neither let me edit, nor even see inside of, a posted comment. All I can see is the exact same thing YOU can see, the visible text itself. No more, no less.
What I mean by an “embedded” hyperlink, is not something where you see the hyperlink’s “http://such.and.such” in plain vanilla, un-clickable text. I am talking about active, clickable, links that say something like “Here’s my blog site!”, where the link itself is hidden inside the clickable text. Blogger does NOT let me see what is inside those links, which is where the danger lies. And I cannot ask Blogger to quarantine only those comments with hyperlinks, ergo my angst with it all.