I’ve just upgraded all of my blogs to WordPress 2.6.5. I also upgraded some plugins that were a little out of date. Everything seems to be running along nicely.
If you're new here, you may want to subscribe to my RSS feed. This allows you to read my newer articles without having to visit the site again. Thanks for visiting! Mike
Posted under WordPress
This post was written by Michael Clark on November 26, 2008
Yesterday morning I received a comment spam attempt that had its URL link to a wiki page at the Berkman Center for Internet & Society (at Harvard University). Before approving the comment, I checked out the wiki page. It was full of spam links. I checked out the wiki’s Main Page. A handful of spam links, all gambling related. I sent an email to the generic email address for the Berkman Center. This morning, out of curiosity I looked at the wiki again. Still full of garbage.
Looking through the history of the site’s Main Page, it looks like the wiki was set up on January 3, 2007 at 4:45pm, and last legitimately edited on February 28th. The first spam appeared on April 28th. Since then, the spammers (drugs vs. casino/gambling) have been fighting over the site.
I realize that my notification about this site was sent two days before a major US holiday, but the fact that this site has been allowed to be abused for over a year and a half is frightening. Obviously, this wiki has been forgotten after some long lost project. Did it’s administrator graduate? Did the project not get funding? Regardless, someone must be maintaining the hardware and site. Somewhere there’s a log file needing to be watched. Groups like the Berkman Center need to set a positive example for secured web systems.
Posted under Spam
This post was written by Michael Clark on November 26, 2008
Last summer, WordPress opened their brand new Theme Directory with a whole bunch of themes. Three themes to be exact (Dum-Dum, Tarski, and Monotone I believe), with less than 1,000 downloads the first day. Four months later, after a lot of steady work by designers from around the world, the directory hosts 680 themes, with nearly 1.5 million downloads, a threshold that should be passed sometime later today.
(Click the chart to embiggen.)
Congratulations to WordPress for making the Theme Directory a success.
Posted under Web-design, WordPress
This post was written by Michael Clark on November 20, 2008
Starting on November 10th at 10:29am (EST), running through this morning at 6:30am, I have received dozens of comment spam attempts across most of my WordPress blogs. They all followed the same basic format:
Deneen Carrillo | aejqtb@lobhyi.com | IP: 94.102.60.151
5wj9j1bdvd74zbcv
A real looking name, an obviously fake email address (usually with a non-existent domain name, which should immediately flag the comment as spam if WordPress or Akismet were intelligent), an IP address from 94.102.60.151 94.102.60.152 or 94.102.60.153, and 16 random letters or numbers.
The user agent strings varied widely:
The bot also submitted every form on the page, including the search form and the submit box. Maybe a simple form should be created to auto-block anyone that submits anything to it. And the bot never downloads images or anything other than the page. Maybe a plugin should could check that a user downloaded some other content before allowing a comment to be submitted? Yes, this forms a horserace, but it may work in the short term.
This post was written by Michael Clark on November 13, 2008
I just got a spam from Dell.com, using busenetwork.net. I’m blocking the scum at busenetwork.net. And reporting it to Dell just in case it’s not really from them. Someone else got this as well. Searching through my mail logs shows I’m also getting other messages from busenetwork.net, regarding CareerTrack.
Any time a user has to do anything to stop getting stuff he didn’t ask for, it’s spam. Period. If busenetwork.net can show to me proof that I signed up for this, fine. But they can’t. Therefore it’s spam and illegal.
Posted under Spam
This post was written by Michael Clark on November 3, 2008
