I've activated it. You can log in using various methods, including registering a local account. This will let me "trust" regular commenters so their posts don't get flagged as spam or held for approval (something I can miss). It may also let me implement certain other "features" in the future. Feel free to test.
Update: BTW, registration is not required (yet). You can still comment in the regular way, or use other authentication methods like Typekey and OpenID.
It's spam. Spam is so insane these days that the bots simply look for forms to fill out and pound away at them. A lot of it, like some of the stuff you've seen that's slipping through the spam shields, doesn't even have a link or any readable advertising text -- it's almost a DDoS attack on the entire internet. Even if they get a link through, every comment link has a rel="nofollow" attribute attached, so it helps their search engine rankings not one iota. You should see my server and blog logs with all the blocked comment and trackback attempts that never get through. If I ever removed my spam shields I'd be filled up with hundreds of messages a day.
We weren't seeing much at all until a couple of months ago as I was using a little Javascript scheme to keep it out -- good, but not foolproof wither -- but it had drawbacks, so I've gone for the complete built-in solution. Every message and trackback is checked against Typepad's database (as well as the usual services that track spammy ip's) and only then goes up.
Once two messages are marked as spam from a particular IP, that IP is blocked via htaccess, but the spammers have so many compromised boxes at their disposal that some are bound to get through. I could enable a turing test (type in these letters...) but I'd rather keep it as simple as possible for the end user to comment, so I'll keep deleting a few spams a day for now. I may surrender on that soon, though. I really don't want to require registration (or login via Typekey, OpenID, LiveJournal, or Vox as I could) quite yet. Like I said, I'd like to keep barriers to entry low.
I am completely unaware of all the problems you have to deal with to maintain your blog.
Is there a website you can recommend that discusses in greater detail all the problems bloggers, or users of MoveableType or other blog hosting SW have to deal with and solutions.
I like your decision not to require people to register to post.
Does "Captcha" help to cut down on the gibberish posts?
It all depends on what platform you choose and whether you do it yourself (like here), or just sign on to a ready-made solution like Typepad or Blogger.
Of course you have to deal with a bit more if you do it yourself, but I enjoy a lot of the tinkering and design and versatility of having my own space. I've learned a lot from it and have a unique site as well.
A captcha would certainly be another barrier to the spammers. Generally though, any automated scheme is only good until someone decides it's worth coming up with a specific hack for that solution. So...I was on Movabletype with the ccode/tcode javascript plugin to prevent spam. That slammed the door on it at first...until someone noticed and decided it was worth implementing a specific solution for that combination...then they could get through.
[an error occurred while processing this directive]
[an error occurred while processing this directive]
Thanks for a thought-provoking blog. I especially appreciate the Carlson excerpts.
Signed up anyway, but if I'm still trusted will use this as it is less stressful on the memory :-)
Oh, Joy! Joy!
Solomon, why are you getting comments filled with jibberish words?
Do you know where they are coming from?
It's spam. Spam is so insane these days that the bots simply look for forms to fill out and pound away at them. A lot of it, like some of the stuff you've seen that's slipping through the spam shields, doesn't even have a link or any readable advertising text -- it's almost a DDoS attack on the entire internet. Even if they get a link through, every comment link has a rel="nofollow" attribute attached, so it helps their search engine rankings not one iota. You should see my server and blog logs with all the blocked comment and trackback attempts that never get through. If I ever removed my spam shields I'd be filled up with hundreds of messages a day.
We weren't seeing much at all until a couple of months ago as I was using a little Javascript scheme to keep it out -- good, but not foolproof wither -- but it had drawbacks, so I've gone for the complete built-in solution. Every message and trackback is checked against Typepad's database (as well as the usual services that track spammy ip's) and only then goes up.
Once two messages are marked as spam from a particular IP, that IP is blocked via htaccess, but the spammers have so many compromised boxes at their disposal that some are bound to get through. I could enable a turing test (type in these letters...) but I'd rather keep it as simple as possible for the end user to comment, so I'll keep deleting a few spams a day for now. I may surrender on that soon, though. I really don't want to require registration (or login via Typekey, OpenID, LiveJournal, or Vox as I could) quite yet. Like I said, I'd like to keep barriers to entry low.
Thanks for your detailed reply.
I am completely unaware of all the problems you have to deal with to maintain your blog.
Is there a website you can recommend that discusses in greater detail all the problems bloggers, or users of MoveableType or other blog hosting SW have to deal with and solutions.
I like your decision not to require people to register to post.
Does "Captcha" help to cut down on the gibberish posts?
It all depends on what platform you choose and whether you do it yourself (like here), or just sign on to a ready-made solution like Typepad or Blogger.
Of course you have to deal with a bit more if you do it yourself, but I enjoy a lot of the tinkering and design and versatility of having my own space. I've learned a lot from it and have a unique site as well.
A captcha would certainly be another barrier to the spammers. Generally though, any automated scheme is only good until someone decides it's worth coming up with a specific hack for that solution. So...I was on Movabletype with the ccode/tcode javascript plugin to prevent spam. That slammed the door on it at first...until someone noticed and decided it was worth implementing a specific solution for that combination...then they could get through.