Comments disabled
Ok. this is it. I have enough.
While I value the legit comments of my visitors, I'm deleting over 200 spam comments per day lately. This must stop. NOW.
Unfortunately, no technical measure currently available really prevents comment spam at least not without serious disadvantages.
Let me go into this:
- Use a catpcha: Captchas can be broken and in fact ARE broken all over the place. No point in placing another hurdle that's easily overcome by machines, but can't be overcome at all by some humans. True: I could decrease the readability to make OCRing the thing harder, but what's the point? Once the captcha is unreadable, it can't be broken by machines, but it can't be solved by humans either.
- Use a service like TypeKey to authenticate users and let only authenticated users post: Easy to implement, but unfortunately, noone seems to trust MT (neither do I - fully), so noone is using the service. Unfortunately, it doesn't solve the problem either as machines are well able to create TypeKey accounts (I doubt their captcha is so much better - and even if it currently is: Above problems apply to them aswell).
- Create your own authentication service: While this may be more liked than TypeKey, it means a lot of work to integrate it into MT and has the same drawbacks (machines can create accounts unless you use a captcha, where my first point applies again).
- Use a SpamAssassin-like system to get rid of the SPAM. MT has such a system, but it doesn't really work. Neither seem the blacklists to do their job.
So I come to the only tool that really works to take care of all comment spam: Turn off comments. No discriminating against visually impaired people, no possibility for even the smartest algorithm to sneak a comment into the system. Problem solved.
Personally, I think MT is lacking in terms of counter-spam measures and I will once more have a look at Serendipity which provides more fine-grained control. Until then, I'm sorry, but I have to disable comments on this site.
Spammers: 1, Freedom: 0
A worm named pilif?
I just heard, that my nickname-ever-since has been "misused" by someone in his evil malware-schemes.
At least the second entry in google after searching for "pilif" points to this page
This is very unfortunate. I'm using the name "pilif" since long before the first mail virus (ILOVEYOU) has been written. Pilif has the benefit of being nearly unused in the web so far (very convinient when registering somewhere) and it somewhat contains my name (Philip -> Filip -> Pilif)
I can asssure you that I have nothing to do with this worm or any other worm for that matter.
Besides, if I really wrote a virus I would never be so stupid as to name it after my nickname 
Two years of gnegg.ch
Two years ago, I started to use my spare gnegg.ch domain with this weblog. My first posting was quite the ordinary welcome-posting. Even back then, I promised to create a better layout for the site, which I finally did this february:
As I am not-so-good™ with layout, I kept the default one of Movable Type, my blogging-engine. Maybe Richard will help me here sometime in the future.
And Richard did a really good job with it. Thanks again.
Many times, gnegg was lingering around a bit, but I managed to put myself together all the time and in the last two years, there was at least one post every month. Since around january 2004, post much more often. Currently I've nearly 200 postings on the site, wich means that I wrote the same amount of postings in 6 months that took me a year and a half before: My 100th post was only this march.
With the increased amount of postings, I also got more visits: 2003 there where and average of 115 visits a day producing 184 pageviews. Now it's more like 552 visits producing 12883 pageviews. Tendency: rising. Thank you, my fellow readers, for this.
With gnegg.ch becoming more known, also the problems grew: Currently, I'm filtering about 50 SPAM comments per day. A year ago it was at most one per month.
Posting here still is a lot of fun and I'm certainly going to continue writing here.
And in case your wonder, what "gnegg" actually means: It's nothing. In 2001 I created that word quite by accident by typing around the keyboard to create some blind text and it liked it so much that I reserved the domain... What I liked about the name was that I was quite uncommon in the internet so far. Ok. There's this, but whatever it is, it's funny anyway...
Fix for comment spam?
Yesterday, asterisk* talks about comment spam and an easy fix to do it.
Reading the article gives quite a good insight on how those spammers work: They don't seem to really request the page of your entry, but they only submit hardcoded values in some database.
This gets this seemingly simple trick to work. Inststead of reading the weblog page and submitting the real form, spammers still submit the hardcoded value, missing the additional form-element.
Unfortunately, this problem is easy to fix for the spammer: Just update the database with the new information form the forms. And I promise you: As soon as this hack gets more known (which is bound to happen soon as it's so simple to impelement), they will update their scripts.
The logical next consequence would be to change this additional tag more often, leading to the spammers updating the index more often.
The ultimate consequence would be a script generating some kind of random cookie which is different on every request. This in turn would lead the spammers to actually request the form before sumitting it.
I don't think, I have to name the consequences of that: The spam will stay, but the bandwidth needed will increase greatly. Instead of just posting, the spammer will also request the whole page.
And the spammer will certainly do that on all weblogs. Regardless of whether they deploy this cookie or not.
So in the end, this "fix" just makes the whole thing worse for all us bloggers.
Sorry. No solution. Or ist it? Convince me otherwise!
Explain This!
Would anyone care to explain me this:
I mean: While I can understand that an entry concerning filesharing is very popular and while I really see the sense in the rdf-File being requested often, I can absolutely not understand what's so interesting about suburban railways!
I for myself certainly find it interesting, but none of the people around me share this interest. Who would have thought that there are more fans of railways out there on the net than there are people having problems with their P800 phone...
Reading logfile analysis can be so interesting at times...
Oh and on another note: I would be really interested to know how many people have actually subscribed to the RDF-Feed and thus are coming back regularly to read what I have to write. So: RSS-Subscribers: Stand up and post a little comment here. A "I do" certianly suffices.
As the traffic really peaks whenever I post an entry, there certainly have to be some subscribers.
mod_perl or not to mod_perl
Floating around the net I found a patch for my mod_perl problem I had with MT 3.1, so I have reenabled mod_perl, which actually sped up the wohle system greatly, but forced me to remove MT-Blacklist, as it's not compatible with mod_perl environements (Internal Server Error, here I come!)
"No big deal", I thought - deleting those five SPAM comments a day would not have been so bad - especially since MT 3.1 provides a far better comment-deleting UI than 2.6
Then, today, I had to change my mind: Between 6am and 12pm two of those f***ing SPAMMers actually posted stupid comment spam to nearly every posting in my blog. After deleting them, they gave me a rest just to continue their evil doing during the whole afternoon, forcing me to delete about 2 comments per 20 minutes. Inconvinient when I have to work in between.
So - for me, it's back to non-mod_perl. It seems like gnegg.ch is popular enough for actually depending on MT-Blacklist. Very nice. Thank you stupid SPAMMers!
An experiment
Now that I have some problems with MT (it's so terribly slow when not using mod_perl), I thought to myself: "Let's do a little experiment. Let's try out WordPress and let's see what happens"
This is what happened. And this is the source of the template.
So. Was it worth it? How is it, working with WP?
While I really like the dynamical generation feature and the OPML-Upload, I have some problems with WP:
- It's not as flexible as MT. All those template-functions output much too much HTML (every little bit of HTML-code is too much, actually). I had to change the stylesheet to accomodate wordpresses forced <ul> in the sidebar. And for the links I actually had to patch around in WP for my template
- MT seems much more polished.
Anyway. As WP is written in PHP and contributions are certainly welcome (it's free software after all), maybe I should look into contributing something.
And as for the future of gnegg.ch: I've not deceided yet, what I should do: Adopting the other gnegg.ch templates would take about half a day to one day, which is terribly much time to invest in replacing something that essentially works.
So, as I said here, I'm going to stay with what I currently have - for now. At least until I hear back from MT about my support ticket, as mod_perl is a requirement for me to be running MT.
MT 3.1
As you almost certainly know, MovableType 3.1 has been released.
Reading the feature list - especially the entry about dynamical publishing - I deceided to upgrade.
Needless to say that much went wrong:
- The dynamical generation is of no use to me because I'm using (exactly one) cutom tags in my archive template and custom tags do not work with dynamical generation. Too bad. And too much documentatino to read to port it to PHP
- My beautiful mod_perl setup ceased to work. Somehow MT sometimes (this is completely random) gets a random number back from $q->parse in lib/MT/App.pm. Updating Perl, Apache and mod_perl did not help. The effect of this bug is a randomly occuring "Upload too large" error. Back to CGI then... (I've opened up a support ticket. Let's see how good this support really is)
At least I can now use MT-Blacklist as it does not work in mod_perl. Much trouble for setting up something I dont really like either because of its extremely commercial background. We'll see what the future brings...
Comments working again
OK... there was this... embarassing... problem with the pilif.ch-Domain. Talk about forgetting payment for the registration
The problem is fixed. so the comments and the search function should be working again...
Movable Type licensing
While looking for some documentation for improving my comments-system (later post), I came across a link to this blog entry that announces a revised licensing scheme for Movable Type 3.0.
This time they actually did it right: The (still) free edition is now clearly announced. The personal edition is what quite a lot of users (including myself) have wanted (unlimited blogs) and it is quite affordable. This is nice.
Thank you, Movable Type
JavaScript
