Do you appreciate Akismet?

If so, please take a moment to leave a short comment on this post letting us know!

We’re working on a new site design and would love to include some new testimonials whether you just started being protected by Akismet or if it’s been safeguarding your site for 5+ years now.

Downtime

This morning around 9 AM CST there was a database error that ended up causing API slowness for 3-4 minutes, which could have manifested itself on your end as timeouts or spam getting through.

Although the downtime was short it did alert us to a weakness in our system we’ll address so this won’t happen again.

Our last major downtime was in September 2007, one thousand and twenty eight days ago. These things usually happen in threes but hopefully we can head off the next two.

Akismet plugin 2.2.9

Version 2.2.9 of the Akismet plugin for WordPress is now available.

This version fixes a conflict in 2.2.8 that could potentially lead to spurious spam or ham reports on blogs that use other spam filtering plugins in conjunction with Akismet. The conflict does not affect accuracy, but may in some circumstances cause incorrect stats.

Users of modern WordPress versions can upgrade by following the prompts in the wp-admin dashboard.

Akismet plugin 2.2.8

Version 2.2.8 of the Akismet plugin for WordPress is now available.

Changes in this version include better diagnostic checks, and fixes for a bug that prevented false positive reports from being submitted in some circumstances.

Users of modern WordPress versions can upgrade by following the prompts in the wp-admin dashboard.

State of Web Spam

We all know spammers change their methods frequently. But there are also some broader trends that slowly emerge over long periods. The economics of spam has changed considerably since Akismet first started back in 2005, and that has led to some new trends and changes in spam patterns recently. Here’s a quick summary of some of the most important changes in web spam we’ve seen over the last year.

  1. Human-posted spam has been on the rise for some time. Low-paid workers are hired by “SEO” firms to post comments on blogs and forums, advertising their clients’ web sites (typically small local businesses). The workers generally operate out of internet cafes and universities, particularly in India, South-East Asia, and Turkey. The quality of comments varies, with the best written spam usually coming from SE Asia. There are now sophisticated marketplaces set up specifically for hiring manual workers to do this kind of spam.
  2. Good old-fashioned pill, porn and malware spam continues to center around Eastern Europe and the Russian Federation. They have well established willing hosts in the Netherlands, Latvia, Russia, Germany, and the USA, and hacked servers elsewhere.
  3. Several Eastern European spammers control large ranges of IP addresses. One in particular has dozens of /22 and /21 networks. These are rented out to spammers as a distributed proxy network, or in some cases sold as a hosted spambot service.
  4. Chinese wholesaler spam is becoming more frequent and organized. In addition to the usual comments and forum posts advertising counterfeit fashion and miscellaneous goods, the spammers are now creating networks of fake blogs and web sites on free hosts including Blogspot.com, Weebly.com, Tumblr.com, Ning.com, and WordPress.com.
  5. Other spammers are abusing proxies at ISPs and universities, and national censoring proxies such as those in Saudi Arabia and Singapore. They do this to mix their spam with legitimate traffic and thus make IP blacklisting impossible. (Akismet, of course, is not a blacklist).
  6. Autoblog pingback spam is now so bad that many blogs are refusing to accept any pingbacks at all. There’s no single source or group behind this – rather, gullible people are following “make money on the internet” instructions that recommend creating fake blogs on discount shared hosts and running ads. They use packages of WordPress plugins that copy content from other blogs or article publishing sites, and send pingbacks to many blogs try to get backlinks and traffic. There are large numbers of people doing this, and most of them have many such blogs. Needless to say it doesn’t work — the only people who make any money from autoblogs are the ones who sell the “make money on the internet” scams.
  7. Some well-meaning but careless bloggers are unwittingly annoying other blogs with large numbers of pingbacks. They’re using plugins that add “related links” sections to each post, with an automatically generated list of links to posts on other blogs, and send a pingback to each of them. Unfortunately the plugins usually do a poor job of selecting relevant links, and the recipients of those pingbacks often regard them as spam (which is not unreasonable as the pingback is often totally unrelated, and autoblog spammers use the same plugins). Some bloggers have configured their plugins to include 50, 100 or more of these links in each post, which is further exacerbating people’s frustration with pingbacks.
    (For an example of a related-link plugin that does a good job of selecting relevant links and limiting pingbacks to a reasonable number, give Zemanta a try)
  8. Trackbacks have become so unpopular that even many spammers have abandoned them.
  9. Parasite hosting – such as hacked wikis, forum profile spam and hijacked blogs – used to be solely the realm of porn/pill/malware spammers. But recently Indian and Asian SEO spammers have adopted the same tactics – so where it used to advertise penis pills or bogus antivirus programs, now it’s dentists, roofing, and pet food.

Akismet Services Were Uninterrupted

As you’ve probably heard, WordPress.com had a major network issue today. Fortunately, Akismet was not affected — all Akismet API services were operating at full capacity. (Some tweets and blogs incorrectly reported that Akismet was down too.)

We are of course monitoring closely for signs of any aftershocks. As always, if you have any Akismet problems or questions, please contact our support.

Details of the WordPress.com downtime are posted in this announcement on the WordPress.com blog.

Akismet on GoDaddy

One of the biggest challenges for Akismet is most people don’t know there’s a commercial option, and even if you do we use a Paypal subscription method that’s a pain in the butt. (For now.)

On the first front we have a lot of work to do on awareness, but on the latter it seemed like most people already have a billing arrangement with their web host so if we could work with them directly it would remove a lot of the friction from the upgrade process.

Probably the largest WordPress web host in the world is GoDaddy, and they’re also the first to make Akismet Pro Blogger license keys available directly on GoDaddy.com. Should you desire to do so, you can now get a commercial Akismet key with a single click from your GoDaddy account which will make you kosher if you have a commercial blog or want priority support and spam checking.

If you’re a GoDaddy customer and already cool with Akismet, please take a minute to leave a review on their site. It amazes me that some people still blog without spam protection.