Spam

Aan al mijn Skype contacts die deze morgen dit berichtje van mij ontvingen: mijn excuses.

Blijkbaar zijn spammers er dan toch in geslaagd mijn wachtwoord te raden om in mijn naam foute boodschappen uit te sturen. Niet erg fijn.

Deels is het mijn eigen fout. Deels is het de schuld van Microsoft. Skype werd een tijd terug overgenomen door Microsoft. Men heeft toen een halfslachtige poging ondernomen om de Skype databank met gebruikersnamen te koppelen aan de Microsoft Live databank. Het idee is dat je dan met je Microsoft account Skype kan gebruiken.

In de praktijk komt het er op neer dat je als gebruiker zelf manueel een aantal stappen moet ondernemen om de twee samen te voegen. Zolang je dat niet hebt gedaan, ben je kwetsbaar. Bibi zal daar waarschijnlijk wel instructies in een mailbox van hebben ontvangen, maar die nooit hebben opgevolgd.

Volgens The Verge ben ik niet de enige:

This entire process seems messy, but it appears to be the best way to secure your Microsoft account. If you’ve already linked a Skype username then I would suggest doing this extra merge process immediately, to secure your account. If you haven’t linked Skype and Microsoft Accounts at all, then you should be safe to link and merge with the new process.

Afin. Ik heb het nodige ondernomen. Bovendien meteen ook mijn wachtwoord veranderd én 2-Factor Authentication ingeschakeld. Vanaf heden dus terug (de illusie van) veilig.

’t Moet ergens van eind 2009 geweest zijn dat ik ogenschijnlijk nog gewerkt heb aan WP Mollom, een plugin voor WordPress die toelaat om comment spam te bestrijden via Mollom. De versie die op mijn blogje staat heeft sindsdien geen updates meer gekregen. En dat laat zich duidelijk voelen. Ik krijg af en toe te horen dat het niet zo eenvoudig is om commentaar hier achter te laten. En daar ben ik me maar al te bewust van.

Hoog tijd voor een nieuwe versie dus.

In het laatste anderhalf jaar heb ik, samen met anderen, af en aan gewerkt aan een opvolger. Er is nog geen eerste, stabiele versie van uit, maar ver zitten we er niet meer van af. Ik hou aan het principe eating your own dog food en dus heb ik bij wijze van test de opvolger op mijn blogje ingezet. Het idee is natuurlijk dat spam geblokkeerd blijft, maar dat jullie, lezers en lezeressen, een pak minder zullen worden gehinderd.

Voor de geïnteresseerden: je kan al eens neuzen in de code (gebruiken op eigen risico!). Pas als alle bugs er uit zijn geijzerd, komt de eerste stabiele versie uit. Nog even geduld dus.

We zijn razend benieuwd hoe de testversie presteert!

Davy started a meme: show off how well Mollom has been performing on your site over the past weeks, months or even years. I picked it up at Wim’s place. Here is the lowdown for my own blog.

To be more exact: Mollom was activated 703 days ago. Until now, 1,355 submissions were accepted and 23,999 rejected. Yesterday, Mollom blocked 12 spam attempts and accepted 0 ham messages. So far, Mollom blocked 13 spam attempts and 0 ham messages today.

Quite impressive.  The least I can say is that Mollom took away a big nag of mine. The gap in Q1 of 2009 was due to a critical bug which needed fixing in my code.  I ran Mollom in developer mode which means no real life statistics were recoreded during that particular timeframe. Apart from that, Mollom has been protecting my WordPress blog for the past 2 years and held on to it’s own.

Of course, you’re all probably eager to know whether I’m still maintaining the plugin. Yes, I am. Over the past few months, I’ve been working off and on to get a new version a the plugin ready. It will be a total rebuild with lots of improvements. I’m covering what’s to come and my own developer experience in depth in a future blog post.

So stay tuned!

Mollom blocked over fifty million spam attempts since its inception. Just over two months ago, that was little over twenty-five million. Just in the past 24 hours, Mollom caught 480,000 attempts. This shows how important it is to get the best protection that can guarantee a clear user experience. It also shows that Mollom is getting more and more traction with over 7,000 sites protected.

As for the WordPress plugin, the development has been on the slow side in the past weeks and months. The plugin can  use more fine tuning. It still doesn’t support WordPress MU (well, there’s a hack). I’m planning to revisit the code to give that some more attention.

Anyway, I would love to hear how the plugin is performing on your site and what I can do to make it even better!

I just tagged version 0.6.1 of WP Mollom in the WordPress Extend repository. Which means in a few moments, you’ll be able to download the latest installment of my plugin.

So, what has changed? Well, this is a bugfix release which means no new features. Here’s the changelog:

• Fixed: division by 0 error on line 317
• Fixed: if ‘unsure’ but captcha was filled in correctly, HTML attributes in comment content would sometimes be eaten by kses
• Improved: the mollom function got an overhaul to reflect the september 15 version of the Mollom API documentation
• Changed: mollom statistics are now hooked in edit-comments.php instead of plugins.php
• Added: _mollom_retrieve_server_list() function now handles all getServerList calls

Although almost all basic functions are up and running now, there’s still a long road ahead. Today, I’m happy with what I’ve accomplished technically so far, but such things as usability, performance, flexibility,… still need more work. For instance, there’s still no WordPress MU version, i8n support is still missing, the backend needs more simplifying and much more.

But then again, if spam annoys you as much as the mosquitos in my room did me last night, then this is the plugin for you. Download the package, drop wp-mollom.php in your plugins folder, register with mollom.com to get your keys, just configure them in the plugin and you’re all packed with some serious spam stoppage power.

Happy blogging!

So, Dries and Benjamin put out t-shirts to all those who contributed in a way to Mollom. If all went well, and Belgian postal services did their job, a package with a tee would be waiting for me at home right now. A big thank you!

Over the past days, there were some hiccups with the plugin not working that well. First, crack groups of rogues still get the better of the plugin. I also got spam in the moderation queue on a daily basis. The service is still under development and strategies are being devised to counter these attacks as we speak. Second, during debugging rounds in the past days, I encountered some anomalies against the API which will be fixed in the next version.

Yesterday, Dries, Benjamin discussed, amongst other things, Mollom over dinner in Antwerp. How s/w/could the service evolve in the future? I came home with a lot of ideas and todo’s. Bottomline is that the current version of the plugin is only the start.

I know, Mollom news isn’t what most of my regular readers interests. I got several remarks from people who rather like the lifelogs, the photos, the videos or the links. So I’m working on a plan to move all the techy stuff, not just Mollom, to it’s own seperate personal techblog in due time.

It took me the better part of June to prepare a new version of Mollom. But today I released version 0.5.0. You can download the package here.

So, a lot has changed since version 0.4.0…

• I rewrote the SQL after this suggestion on Pressed Words. Mollom now uses it’s own table to store all it’s data instead of fumbling with the WordPress data model.
• I fixed the incompatibility issues with WordPress OpenID plugin.
• Improved the error handling.
• Status messages are now a lot more verbose
• Added the mollom_moderate_comment($comment_id) tag for use in templates and themes. This allows direct moderation of a comment without first having to go to the dashboard.
• … a lot more!

So download, go forth and protect your blog against those vile spammers through Mollom!

So. I scheduled a first public beta release of my Mollom plugin somewhere tonight (CET/UTC+1). The plugin runs quite stable on my own weblog and spam is happily being blocked. I didn’t receive major complaints from testers or users on my own blog in the past week. Yesterday, I cleared the code with Dries who took a glance at the major functionality.

Of course, it wouldn’t be a first beta release if there aren’t still some irks lurking around in the code. This morning, Leo Arias mailed me that the plugin won’t work together with the WP OpenId plugin. Having toyed with my own OpenID implementation for WordPress, I’m not a great proponent of this technology. The way you have to design a plugin implies using several shortcuts. I’m not going to push my release back now, though. I will try to fix this issue in the next release.

My code will also be thoroughly reviewed by the Mollom people.

Thanks to all the testers and those who just listed to become a tester!

Because numbers and graphics can express so much more then words: a visualisation of how Mollom is protecting my blog against spam. I’ve been testing my plugin on and off for the past 2 weeks on my own blog.

The new beta release is almost ready by the way. Just need to pack and ship it to the testers tonight. So here’s what’s new:

• Decoupled moderation from the CAPTCHA test. Moderation is now optional. If you fail to complete the CAPTCHA, your comment is not saved to the database.
• Major improvement of the error handling. I dove into WordPress’ error handling. I think people should make more use of the WP_Error class in combination with wp_die(). Maybe I’ll do a small item on that one.
• I added trackback support. Of course, displaying CAPTCHA’s for trackbacks isn’t going to work. So after discussing it with Dries, instead of trying to solve the CAPTCHA problem, those trackbacks are blocked as well.

As things get finalized, I’m thinking about doing a very first public beta release sometime next week. I had very few feedback from testers so far in fact. If people are still interested in joining me for a last spin: drop me a line!

Hum. The plugin in WordPress doesn’t support trackback checking yet. No big deal? Well, I have 24 spams in my moderation queue, the majority of them are trackback spam.

So… yet another feature to implement. Just wondering how the flow of operations should look like. Moreover: how/where do I implement a CAPTCHA? Is it necessary to do this implement? Given the 99.8% accuracy Mollom claims, is it a bad thing if a trackback would be identified as a false positive and the CAPTCHA step is skipped altogether? One can retrieve the false positive through the moderation queue altogheter, no?

Anyway, adding trackback support should be fairly simple.