Oikosulku.net

Notice anything different about Weblog Tools Collection? The name of the post probably gave it away. This blog is rocking in speed and deliverability! How you ask? Thanks to the fine work of the people over at Cloudflare.com

CloudFlare is a free(mium) service that was recommended to me by our own James. He had heard about it in conversations with some folks over dinner and wanted us to try it out. While this blog has gotten loaded over the years with JavaScript from various sources and code cruft of years, it has also gotten quite slow as a result. It is not the server (though Spam storms never help) and MySql running on the same server does not help. I had added caching thanks to WP Super Cache and had tweaked most of the settings to be tolerable on the server. I had even tried a CDN at one point but backed out because it turned out to be such a touchy beast.

The free CloudFlare product, which is what we use on here, is substantial enough to depend upon and is easy to set up. I might upgrade to their paid version once I am more comfortable with the results and have let it bake for a month or two. Signup was easy and it really took just under a few minutes to setup this blog. We have been running it for about three days now, with positive results and zero downtime. Let us go over some the details.

It takes just a few minutes to add your site to CloudFlare.com. Add it in, watch a video while it figures out all the details of your DNS, and then turn around and make the name server changes it asks you to make. There are instructions included on the page and it tries to help you make the best choices. It is worth noting that only self hosted WordPress blogs are capable of using CloudFlare. Since the actual change needs to happen at the registrar and name server level, TTL reduction will not help propagate it faster. While Go Daddy seemed to push the changes through quickly for us, it can take up to 48 hours for everything to work properly.

CloudFlare.com

Once the name server changes are made, you just sit back and watch. The free service from CloudFlare performs a bunch of automated magic, including using location aware technology to redirect your visitors to the right cache of your content. I know that the content is still live and interactive, but the seamless nature of the change makes this so easy and attractive. It speeds up your site using a variety of caching technologies and a CDN, including automatically minifying your scripts, reducing extra items in your HTML. It eventually reduces the amount of bandwidth you consume on your server and the number of requests actually hitting your server.

• It works with static and dynamic content. Direct access is no sweat since a subdomain is created that goes directly to your site! For all of you using virtual hosts, let me calm your fears. CloudFlare works fine with virtual hosts.
• It is always online, even buffeting traffic surges and reducing downtimes. (I have a concern about this. I turned off the MySql server by mistake and the blog displayed a DB error. I assume that if my server is down due to spam storm, the same thing will happen. I will have to investigate that.)
• Reduces slowdown effect of third party tools and scripts such as FaceBook, Google AdSense or Analytics and Twitter. We have a lot of those!
• Protects against network threats such as spammers, uses previously reported information for protection. This is fantastic, if it works.
• Provides visitor analytics that are better than those based on JavaScript. I see a huge difference between thee results and those provided by StatCounter.
• Provides a host of other third party plugins that can easily be installed. I use a couple of them.

Some recommendations for WordPress users:

• There is a WordPress Plugin, use it to be safe. http://wordpress.org/extend/plugins/cloudflare/ Once it is installed, there is a setup page (which is not linked from the plugin page, fix?) that asks you to put in an API key and then lets you optimize your database.
• Continue to use Akismet and any other Caching plugin you have. Instructions are everywhere. Be sure to mark spammers etc. All of it helps the ecosystem.
• Be patient. In my case, the changes were up within an hour. It might take longer for you.
• If all else fails, switch your name servers back and ask for help.

If you’re a WordPress user, you probably noticed an option at Settings -> Discussion, which states “Before a comment appears, comment author must have a previously approved comment.” This was pretty much the bulk of our anti-spam measures here, and while not a single bit of spam made it through, the sheer volume of pending comments (almost all spam) were driving us nuts. A few days ago, we shifted gears with tremendous results, and I though you folks might be interested.

We decided to do away with the above setting and rely entirely on Akismet, Cookies for Comments, and the built-in moderation list and blacklist at Settings -> Discussion for any that snuck through. Prior to this change, we had an average of 5 pending comments each hour, and an average of 4.8 of those were spam. Now, we don’t have to monitor pending comments, and we only see an average of 2 comments an hour making it through. Of course, an average of 1.5 of these are spam, but that’s still one heck of an improvement, and we should eventually knock that down with the moderation list and blacklist. So far, the advantages outweigh the few that are making it through.

• As mentioned, we have much less posted comments to deal with now than there were pending comments before.
• Checking each comment as it comes in forces us to accept more comments that really ride the line between legitimate and spam comments. In the past, we would have probably bulk-spammed these when checking the pending comments.
• Legitimate commenters can see their comments immediately without waiting for us to get to them.

A word of warning about the moderation list and blacklist. They will both block anything that matches the string of letters you enter. So, be mindful of collateral damage when blocking a word. For example, one of the most commonly blocked words is “cialis,” but this will also block “socialist.” The blacklist will automatically mark any matching comment as spam, so use the moderation list for any words that could be used legitimately.

If you find yourself interacting too much with spam on a daily basis, it might be time to consider a new strategy.

Spam is not limited to just comments. If you leave your WordPress blog open to new user registration, you could be hit by a wave of spam bots or rather nefarious individuals registering with hopes that you’ll give them a chance to post spam on your blog.

First of all, do you really need open registration? If not, uncheck “Anyone can register” from the Settings area of your Dashboard.

So, what if you need open registration? First, stop the bad bots from even visiting your blog with Bad Behavior.

Now, you could certainly use a CAPTCHA on your registration form, but I wouldn’t bother with that. Several CAPTCHA have been broken by a simple program, and they just aren’t accessible. Instead, use Ban Hammer, which compares registration email addresses with your comment blacklist (just add them if you notice a trend) and the collective blacklist at Stop Forum Spam.

Like comment spam, registration spam will be a constant battle, but Bad Behavior and Ban Hammer should at least make it easier on you.

So, you’ve got WordPress, Akismet, and more spam comments than you can keep track of. Wouldn’t you like to know which posts are drawing the most spam attention? Well, Ozh has the perfect script for you!

Update: The script is now a plugin.

Simply upload the script to your WordPress root directory and enjoy a listing of your most prominent spam magnets, complete with “a pretty interactive pie chart.” Use the script to track down and close off your spam magnets, research the keywords catching the spammers’ attention, or just do it for fun.

When I ran this script on my blog, I found two spam magnets that shouldn’t have had open comments in the first place, and all of my posts mentioning the WordPress Support Forums were drawing the most attention from spammers.

Here are the results from Weblog Tools Collection (spam comments are deleted on a regular basis, so this only includes the most recent spam comments):

• 404 - Should You Remove Post Dates from Your WordPress Blog
• 161 - WordPress Support Forum All-stars
• 114 - WordPress and the Fatal Memory Error
• 110 - Lorelle’s Mind Blowing WordPress Plugins
• 101 - WordPress Mobile Apps for Android and BlackBerry Updated
• 100 - WordPress Theme Releases for 08/26
• 82 - WordPress Theme Releases for 08/30
• 69 - 300,000 Biggest Websites, Visualized With Their Icons
• 66 - WordPress Plugin Releases for 09/05
• 61 - WordPress Plugin Releases for 08/28

What did you find?

If you run a social network or any kind of online publishing service, you will be hit by spam, if you haven’t been hit already, and Akismet wants to help.

When most people hear about Akismet, they often think about WordPress, but Akismet is actually available for over twenty additional systems and platforms, including Movable Type, Drupal, phpBB, PunBB, and libraries for PHP, Python, and .NET.

If you’re running, or planning to run, a social network or online publishing service, the Akismet team wants you to know that they can not only protect you from direct spam, but from parasite spam as well, as long as you can give them a way to contact you.

Akismet’s pattern and volume monitoring abilities make direct spam easy to filter, but ever since the dawn of forums, spammers have opened accounts for the sole purpose hosting their spam on your site. Thanks to Akismet’s pattern monitoring, the Akismet team can easily track the source of these parasite spammers and notify the site’s owner, but there’s little they can do if they can’t get in touch with you. Since contact forms can break without warning, the Akismet team recommends that you provide a traditional abuse@yourdomain email address. If you don’t want to make this email address public, at least contact Akismet and have it placed on file.

Are you using Akismet on your social network or online publishing service? With so many options available, why not try it today? Parasite spam can hit almost any site driven by user content, so don’t forget to offer your contact information to the Akismet team.

In a blog post titles “6 Steps to Kill Your Community“, Matt listed “Allow Spam Through” as the second step and “Don’t Participate in Comments” as the fourth step to killing your community. We treat comments and reader participation very seriously at Weblog Tools Collection. We highlight commenters, try to identify the frequent comments who participate willingly and heuristically remove nofollow tags from the links of commenters who participate in the community. I have personally chosen and thanked frequent commenter by providing them deeper access and rights to the various portals, elevating and applauding their presence within the community and have chosen most of my co-authors based on their participation and passion within the communities that I purvey. In short, I agree with Matt in that relevant comments and passionate participation are the lifeblood of any community.

But our little blog gets a lot of attention from spammers. We are listed on web pages that pin point nofollow blogs for spamming, splogs regularly repost our content and send us trackbacks and well disguised comments are often adorned with links to completely unrelated sites. Moderating comments takes a lot of effort from all of us (we are working on making this process simpler, stay tuned) and even then, some weirdness and mistakes slip past us. We have recently started noticing a lot of comments that seem mildly relevant but link to SEO sites or completely unrelated content that keeps changing.

Do you change your commenters’ URI often when posting comments? Are you under the impression that leaving comments with different links will give those links more exposure? Do you use Short URLs to get around comment spam restrictions? More importantly, how many of you force yourself to comment to just spread your links around? Have you ever left a comment just to increase your comment count? Are you an SEO professional who regularly comments on blogs for SEO purposes? You might be doing yourself (and us) more harm than good.

While we try our best to allow any and all relevant comments to be posted, we do actively remove suspicious comments. We make spam/spammer judgment calls every day, but spam is annoying and nasty and in my opinion, spam is like a leech that sucks off the goodness and leaves the host with nothing in return. It often clogs up the conversation and reduces relevancy. Just look at the latest comments on any old(er) blog with a popular post that has not been pruned and taken care of.

We do however, actively promote, reward and encourage passionate comments. If you feel that we have missed a comment that should have been posted, please contact us. However, if you are changing your link on every comment and linking to various websites around the internet who have paid you for your SEO services, please do not send us an email asking us to approve them. Mostly, dont be evil and smug!

How do you treat suspicious comments that have not been caught by Akismet? We manually visit every comment waiting for moderation and actively remove suspicious comments and any older ones that might be related. It takes time but it is worth it.

How do you reward your commenters? We use Highlight Author Comments and hacked up versions of various plugins for heuristics.

Do you import comments from other places on the web? No. We do not import comments from anywhere. The conversation is much more focused and we concentrate on quality versus quantity. We hope that our content, subject and demeanor encourage and crystallize commenting and participation. Other conversations about our posts on apps such as Digg, StumbleUpon and Twitter add nothing but noise wherein the real conversation in live comments get drowned out. I used to think that Trackbacks belonged in the comment flow. I have since changed my opinion after dealing with some posts with hundreds of comments.

Do you turn off comments on old posts? No. Old posts are gems. Conversations can get started on old topics and need to be allowed.

What do you do?

It was not meant to be. I had high hopes for Intense Debate but the drawbacks outweighed the positives in our case. I was really looking forward to a few of the features that I thought might bring more interactivity to the blog and encourage readers to have meatier discussions. As you notice below, we have turned off Intense Debate and gone back to the original comment form. Below is a list of the some of the features I was really looking forward to and our experiences with them.

I would like to preface this discussion by saying that I screwed up the install by adding this blog onto the wrong account and that added to some of our woes. The account bug that followed (we received some help via the support email) was caused by my fat fingering.

• Better overall look and feel of the comment section of a blog: I liked the look and feel. The AJAX interface is spiffy and quite versatile.
• Commenter reputation: I really like this feature and this was one of my top priorities for installing ID. I like it and it worked well. Add this to “last post of commenter” and it is a killer feature to give good commenters some free publicity.
• Comment voting: Useful for readers who want to join the discussion. Also very useful to determine spamminess of a comment. I found it to add to the community feel and found myself looking for votes on comments in hot posts.
• Social commenting: I saw a bunch of people use various types of profiles to log in and comment. I think this feature added interesting bits of information about commenters and might have prompted more readers to comment. I cannot say for sure. I had trouble staying logged in because of my fat fingering and caused myself some headaches.
• Reply to comments by Email: Useful feature. Did any of my readers use it? I have no clue. Did I use it? No.
• Automatic folding of threads: Does it work? Yes! Does it have the desired effect? No. On Weblog Tools Collection, automatic comment thread folding meant that a lot of relevant comments were overlooked by readers who ended up saying the same things over again and missing much of the conversation. It just did not have the right feel.
• Comment synchronization with the blog: We were able to roll back to the default commenting system because of this feature and are thankful for that. But the comments on hot/active posts were not quite at par with actual activity on the posts. This lack of real time updates resulted in less comments and conversations.
• Ability to add polls to comments: Cool feature in concept, barely used in reality. A relevant poll added to a hot post might get a few results but readers don’t use that kind of interactivity unless they want to come back and check the results, which is often not the case. Can be done with a plugin.
• Better spam filtering and moderation features: ID adds the ability to use their own filters in addition to Akismet. But I found these to be cumbersome and Akismet not as responsive. I can’t quite explain this gripe but I can say that too many comments were ending up in moderation and not enough of the ones that I marked as spam were then treated as spam on subsequent attempts. I don’t think the WordPress feature that allows previous commenters’ comments to be posted without moderation works with IS. Blacklisted words did not appear to work as well as I have come to expect them to work. There is also no way to “remember me” on the ID login page, which is annoying.  Having to add co-authors on as admins of the blog on ID meant they got bugged with all the Spam and also meant that they had to be registered users. These reasons were probably the most annoying to me and my fellow authors and resulted in us backing out.
• Ability to record video comments: Cool feature but not used at all on this blog. I see some video comments on TechCrunch but our readers just did not care.
• Better comment curation for multi-author blogs: There is no way to send moderation emails to individual authors (which is a pain for multi-author blogs) and the moderation emails were just unfamiliar and not easy to get used to. Again, not fast enough in moderation and approval of comments.

In addition to the good and the bad above, I also received some disturbing feedback which suggested that some people would not comment on a blog that runs Intense Debate. I have no such qualm and would really like to hear from folks who feel this way. Why this angst?

In conclusion I have to say that I think Intense Debate was a mixed bag for us. If you are not thoroughly used to the WordPress comments system and do not have tens of thousands of comments, it is worth a shot. The ability to roll back is fantastic for buyers’ remorse and I think there is a lot of potential.

UPDATE: And deactivating the plugin was not enough to stop it from acting upon incoming comments. Comments were borked since ID was deactivated yesterday. The plugin files have now been deleted and that seems to allow comments to flow back through. Sorry for the trouble.

Spam in any form is annoying at its best. As a internet user, every one of us has to deal with spam. It may be in the form of emails, instant messages or comments.

As a avid always-on internet user, I deal with tons of spam everyday. However, in the time (more than 11 years) I have spent on the internet, I can tell you one thing: No spam protection is perfect, it just works 98% of times. There is always a 2% chance that it will flag legitimate messages as spam or spam messages as legitimate.

Also Read: Setting up Akismet on your WordPress blog

Relying on spam engines is not always 100% accurate. To overcome the issue of the “legitimate messages marked as spam” (some of which may be really important) I follow a certain rule. This applies to spam comments marked on my WordPress blog as well, which is protected by Akismet.

1. I never let the spam queue grow over 100. Above this anyone will lose interest in even looking at things beyond the first page (Hint: Set the comments page to show you 100 comments instead of only 15).
2. I make sure to delete the spam queue after I have looked over it.

Now, this may seem like a tedious process. Of course looking over spam is useless too, but let me tell you this, you will be glad you did look over your spam messages. There are chances that some messages which are not only legitimate, but also important are marked as spam.

Dealing with spam is not easy. I get perfectly insane spam messages in my inbox/comments. Looking at the subject of the message or the name used for commenting, I can weed them out and send them to their right place. Most of the times it is because of the practice I have had over the years.

If you are using WordPress with Akismet, when you mark a message as spam or pull out a legitimate comment from the spam and mark it as good, you are helping others. Akismet is centrally managed so everything you do will be noted and used for a better experience for other users.

This in turn helps you too, when other users do the same. However, I must also elaborate on a point that, spam for one user maybe perfectly alright for another user.

For example, “nice post” “well written post” “I liked the way you write” kind of comments will be well received by some people. However, others may mark them as spam. If you ask me, I simply mark such comments as spam. Before I do that, I look at the name and URL the commentator used. Usually they deserve to be in spam. More often than not when you look closer at such comments, you will find the URL leading to a shady website.

Another form of spam I come across regularly is when I write a article that is popular in search engines. I get several comments for them. I do get a few which are beautifully written and definitely deserve a Oscar for commenting, if there was one. However, take a look at such comments very closely. The guys who commented are obviously trying to take advantage of your search engine rankings and insert links to competitors of the product you wrote or to paid products.

Now that would not be bad, but this is a paid form of black hat SEO where they insert links with beautifully written comments into posts for high ranking keywords, which they would never come close to achieving with their own hard work.

Thanks to WordPress for adding “nofollow” to links in the comments, these guys won’t gain much Google love, but they will definitely make money out of your well written and higher SERP post.

I can go on and on with how I deal with spam and weed out the wants from the not and vice versa. In the end it matters how you eventually follow your own process and deal with spam, comments or otherwise.

If you do follow a process or have anything to say about my opinion, I definitely look forward to it.