Lately, I’ve been seeing the same thing Alex has—comment spammers using pingbacks from splogs to evade most comment spam mechanisms. In particular, I’ve been getting a lot of spam from the maxblog.eu domain; tonight, I explicitly blacklisted this domain all over rmfo-blogs. Looks like Spam Karma 2 [at 2.3, anyway] sees the positive pingback, adds the +4 Pingback Bonus, and is happy from there. [I can't tell whether it ignores the blacklist at +4 or not; I thought it was, and then I checked the last maxblog.eu spam I just deleted, and it was prior to my explicit domain blacklisting.] Of course, I’m not happy with the spam, but hey … I can delete it pretty quickly. But like Alex noted, it’s a pain, and hey … isn’t that why I grabbed SK2 in the first place?

Let me address two potential objections before they arise: yes, I’ve contacted Dave about this [but admittedly just before writing this post, so he hasn't had any time to respond], and no, I don’t like running Akismet, even though I get how it’s designed to leverage network effects and all that. Man, I just don’t like depending on centralized stuff, and yes, I know that comments get processed on failure. I’ve thought about running Akismet and SK2 as a belt-and-suspenders approach, but honestly, SK2 does such a damn fine job 99% of the time that I don’t feel the need.

I guess the comment spammers weren’t content to ruin trackbacks only, eh?

The rule of any long-running Web site is simple: content moves and old links break as a result. [caedmonscall.net] has been up and running since September 2001; it was, for its first few years, a hand-rolled site. Over the last year or two, we’ve transitioned it to WordPress, and things have been great. That said, doing that broke a lot of links, and until lately, I haven’t had a toolset for fixing those links easily. But here’s what I’m now using, WP plugin-wise, to fix the broken things:

• Alex King’s 404 Notifier. I snarf the RSS feed, and that reminds me that I have new things to go off and fix. [Guilt is good.]
• Google XML Sitemaps. A lot of the 404s I see are from Google and Yahoo! crawling the site looking for links that once were good. Might as well let the search bots know where things really are, no?
• Redirection, which is the true star of the show. John Godley’s plugin is ridiculously powerful—regular expressions for moving an entire directory elsewhere, 410 reporting for links you’ve purposefully ended, the ability to create 301s on the fly when you change a post slug, you name it. I can’t say enough about the awesomeness of this plugin.

If you’re taking an existing site into WordPress and want to re-point things, or if you’re looking to reorganize your WP site, these tools will help you keep the Web from being broken. That’s a good thing.

Holy architecture changes, Batman! I don’t think I’m still breaking anything here, but let me know if you think I am.

Update, 1555 CDT: My apologies to the handful of subscribers of my comment feeds, who’re now seeing the effects of me using the BirdFeeder Pepper for Mint and the BirdFeeder WP plugin.

I know that a lot of people who read this Weblog run their own WordPress-powered Weblogs. As a result, I will make the rare WP post here on IJSM.org [with its far superior Google-juice to my WordPress-oriented Weblog, which rarely gets posts, much less views] and encourage you to scan your Weblog with BlogSecurity’s WordPress Scanner.

I went to bed last night about 10:00 p.m.; when I woke up about 20 minutes ago and blinked my way out here to the office, I asked the air in here, “Why do I have 98 overnight emails?” The answer was simple: a splogger had hijacked my content into a WordPress install at cafeturk.net and had pingback every link … which meant that I got lots of email.

My apologies to you if you got splogged in this attack as well. There’s not too much that you can do pro-actively about such things, at least that I’m willing to do. [Offering summary-only feeds, copyrighting my work, etc.]

Thanks to a poke from Weblog Tools Collection, I’m using Mark Jaquith’s Clutter Free plugin for WordPress, and I like it. I don’t need a lot of the frippery that shows up on the Write Post page, man. Purportedly, I’ll get some bandwidth savings out of this … may come in handy when I’m next using my Treo as a modem on the road and want to post.

Back in late June, I was at 100k spam stopped by Spam Karma. Now I’m at 260k. Things are definitely getting worse here, but I’m still withstanding the onslaught.

So … who knows anything about migrating a whackload of standalone WordPress Weblogs to a single Wordpress MU installation?

This is your standard “I’ve upgraded, please report bugs” post.

And yes, I know about the ob_gzhandler issue, folks. It’s intermittent, and I haven’t even begun to have the time to debug.

I’m doing my personal WordPress upgrades right now; I’m also doing a long-planned move of WordPress files to their own directory while I’m at it. I’m starting with my own stuff not out of a concern to have my stuff not be broken but, rather, because I don’t mind breaking my own stuff as I do the upgrade path.

I’m using the Landing Sites plugin to help visitors here who drop in from search engines. While none of my regular readers should ever see this, maybe some of you will be interested in using it on your own.

I’d say that, with over 100,000+ spam stopped [and maybe .3% leaked through and fixed thereafter], Spam Karma 2 is pretty doggone awesome. I was lurking around 20k at the beginning of the month, and then this month has just been outrageous. SK2 hasn’t so much as blinked, though.

Thanks again, Dr. Dave.

I haven’t written about comment spam in forever, mainly because I have a toolset that works for me. I’m writing this morning, though, because I’ve gotten ~4000 spams hitting IJSM.org in the last day. Overnight? 2600+. Clearly, someone is paying some enterprising coders pretty well this week.

Never forget: comment spam isn’t personal, and it is a money maker for the spammers. That’s their whole motivation.

UPDATE at 15:04:

There are currently 0 comments in moderation

There have been 4877 comment spams caught since the last digest report 1 day ago.

The beautiful thing, though, is that my server is not even batting an eyelash. My load average is consistently <1 [and 4.0 is full utilization on this box].

Matt Read’s Installer Plugin—a plugin that aims to install WordPress themes and plugins directly from the WordPress interface, rendering SSH and FTP logins obsolete—is a wonderfully ambitious project. I wish it the best of success!

… I will. Thanks, Ryan, for running down my bug and fixing it.