28 Days Later
Posted (December 1st, 2008 at 6:59 pm PST) by Jason CTo cut down on the amount of spam that Akismet has to sort thru the DreamHost Status blog (which you’re reading right now) will stop accepting comments on entries older than 28 days. You are still totally welcome to comment and commiserate with fellow users on new issues, but we thought it might be nice to give our filters a break as an early christmas present.
To give you an idea of how many spammy comments are submitted to the blog on a daily basis, Akismet has filtered out 111,468 messages for us between the time we’ve implemented it and now. That might not sound surprising to some of you, but we only started using it as our spam filter in June.
That’s right, June! Of 2008! Crazy, right?
So why are we taking away the ability to comment on these older entries? Well, for starters, once an issue has been resolved, there’s not a lot of chatter surrounding it. In fact, the conversation dies down pretty quickly. On top of that, sifting thru the spam queue for this blog shows that most of the junk comments happen on the older entries. This is a tactic used by spammers in the hopes that the site operator isn’t savvy and won’t pay attention to a bunch of junk piled into an entry from a year or two ago. And it works pretty well — which is why they keep doing it.
So instead of encouraging poor behavior on the part of the community of blog spammers out there — and that’s kind of what we’ve been doing up until now — we’re going to not even give them the opportunity to be jerks. I’ll be keeping an eye on this entry, so if you have any constructive criticism on this countermeasure, I’ll do what I can to take it into consideration moving forward. Thanks!
22 Responses to “28 Days Later”
I think 28 days is certainly long enough for us legitimate commenters to complain about how our websites are down. After that, we can hijack a newer post. 
Thanks, Dreamhost!
Hi,
a few extra ideas:
Check your server logs. Some of the spambots are quite easy to identify meaning you can block them via .htaccess early and completely skip starting Wordpress and Akismet to handle the request. You could even redirect them to a honeypot like Project Honey Pot (see http://projecthoneypot.org/).
Which leads to a second idea. If you join Project Honey Pot you get access to their http:BL (see http://projecthoneypot.org/httpbl_api) which is solely based on honey pot data. IIRC there is a Wordpress plug-in.
A third idea is to try an alternative to Akismet called Mollom (see http://mollom.com/). Mollom is similar to Akismet in some ways but they are going further in the quest of distinguishing HAM from SPAM using poster reputation for one (see http://mollom.com/features for more). I do not know if Akismet and Mollom can be used simultaneously.
Regards,
Christian Larsen
Just a quick follow up…
There is a http:BL plug-in for Wordpress. See http://wordpress.org/extend/plugins/httpbl/
Regards,
Christian Larsen
28 days is more than enough.
Why not both Akismet and WP-Hashcash? I use both and Akismet barely gets a hit after being blocked by Hashcash.
Actually, we use Akismet coupled with WP-SpamFree - which I put in place a couple of months ago - and it works pretty well. In fact, the graphs made a pretty drastic drop after I did.
If WP-Hashcash works better tho, I’m up for giving it a try.
28 days seems sensible, but I’d be wary of Tomas’ suggestion about even closing comments on resolved issues earlier - there are always a few stragglers that still seem to be effected by issues even after they are supposed to have been resolved…
Don’t worry Quiff Boy. While Tomas’ suggestion was thought provoking, we’ll stick with a blanket 28 days policy. No need to confuse people unnecessarily.
I used to use wp-spamfree but it kept blocking outgoing pingbacks so in the end I switched to Hashcash as well. I think if you combine hashcash with another one like Cookies for Comments or Bad-Behaviour it should be enough so that Akismet does not receive anything. For my small blog hashcash is enough though. I very rarely get anything.
I think it’s a smart idea. Will you make a small How-To explaining the procedure? I’d like to implement the same date filter on my wordpress blog.
Regards,
– Wayfarer
I’m not sure if you are getting people actually typing comments in - or if it is a bot. If it is a bot - there is a nice piece of code on WP Recipies that I read right after reading this entry. It redirects form submissions to the comments form that did not start on dreamhoststatus.com
URL: http://www.wprecipes.com/how-to-deny-comment-posting-to-no-referrer-requests
Not my blog. Maybe this is helpful (or implemented already).
Tom
@ La Bitácora del Caminant: i seem to recall there’s a wordpress plugin that closes comments automatically after a given period… will see if i can dig it out for you.
Good idea.
@La Bitácora del Caminante: it’s actually a built-in feature of the new wordpress (2.7-rc1)
Out of curiosity, around what percentage of spam was getting through Askimet’s filters? That’s nice of you giving Automattic’s servers a present.
Keep up the good work, you guys rock, but fix my slow website, damn it! Just kidding, you guys are awesome.
I’d say 10 - 14 days would be plenty… the only time I know of that people were commenting after 14 days was the “fat fingers” post.
Kitchen is right - closing comments is built in to the software. As soon as they release the stable version of WordPress 2.7, we’ll make it available in the one-click installer. It’s got some very nice features that I’m sure most folks will appreciate.
Bad Behavior supports http-bl now too, in the newer version, so no need for a separate plugin.
I think that you ought to cut off comments completely. There are forums for bitching and if one has a real problem, he can file a ticket. So far in the 2 years that I’ve been here, support has been superb.
I volunteered for the early changeover and though I had some (expected) problems, they were resolved quickly and my sites were never down more than a few hours. With one exception (forgetting to turn off cron jobs on the old server that interfere with the new host) this was a superbly planned and executed move.
A few persistent public bitchers can give the whole service an undeserved bad rep. I think it does more harm than good to DreamHost, which is what this particular blog is about.
Hi,
Well, seems you guys are running Wordpress. Well, as Christian Larsen pointed out: you could try Mollom. I’m the developer of the Wordpress plugin for Mollom (http://mollom.com/download)
Important note: you use WP 2.7 RC1 already? The problem is that the plugin isn’t up to speed which causes some minor known issues I need to take care of.
You might try it when version 0.7.1 of the plugin gets released.
Excellent response to the problem - an even shorter period might be better for resolved items.