JasonMorrison.net

With all the comment spam, trackback spam, and pingback spam out there, developers have created some pretty powerful anti-spam tools. So why did I create a small, not-so-powerful anti-spam Wordpress plugin like O RLY?

Here’s a screenshot of my pending comments a little while back. Notice the second comment, which slipped past Akismet:

Apparently some dude named Casey Fronczek wanted to let my readers know about his fishing trips. I clicked on the O RLY button, and here’s what Google had to show me:

This spam comment showed up about 17,000 times!

This is an interesting case because it shows that spammers aren’t always looking to place links or pass PageRank. They are always looking for some kind of payoff though, and you can see the roundabout technique here. Hopefully anyone interested in fishing trips in southern Florida will Google this guys relatively unique name and result in a sale. You may also see phone numbers, ICQ or other IM accounts, and similar contact information in some comment spam.

This is a little tougher to automatically delete because a spammy link is a really good signal for an automated filter. Hopefully if people have enough little tools, we bloggers can improve the state of the web as a whole. Get the plugin from WordPress.org, and please let me know of other good anti-spam plugins in the comments.

I’m looking for some help and suggestions, but first a little background on my latest project.

I’m a bit of a map geek – I’m fascinated by maps and how data can be illustrated with maps. I periodically post things on this blog but I actually run across a lot more cool map apps than I can share in mid- to long-form blog posts here.

I use a number of different social bookmarking and social news sites – it’s a research interest of mine, so I probably have accounts on far too many of them. When I come across a blog post on a cool old map or some interesting new real estate geodata site I’ll save/share it in a number of places, including StumbleUpon, Delicious, Reddit, and sometimes others. I also share things via Google Reader.

This is far to diffuse, so I thought I might make a separate mini-blog just for map geekery. But I already spend more than enough time with the blogs and services I’m using now – I’m only able to support another blog if I can automate some part of this giant messy workflow.

This would be pretty similar to how I manage my microblogging / status updates now. I have my Google Reader items posted to FriendFeed, which updates Twitter, which updates Facebook via the Facebook Twitter app. Convoluted, but now that it’s set up I can post something once and have it seen by friends on different services.

I’ve played around with a few different services:

Tumblr – Tumblr makes it very easy to import feeds, which is great for what I’m looking for. The only drawbacks are that so far I can’t narrow down some feeds to really target map bookmarks and I don’t see any easy way to add geodata.

Vox – I’ve only played around with it a bit, but I’m not sure what sets Vox apart from other blog hosts.

Wordpress.com – Actually, I thought this would be perfect given the right plugins, but wordpress.com doesn’t have plugins. Setting up and managing yet another Wordpress instance doesn’t sound too appealing.

Blogger – Blogger is great, and I should probably use it a bit more considering it’s a Google product. Unfortunately everything I saw in a quick search about posting to Blogger from RSS showed up on somewhat questionable SEO blogs, so I’m wary.

So I’m still looking. Any recommendations on what would be the easiest tiny-blog system to use?

One of the great things about having a blog is getting comments on your posts. It’s particularly gratifying when someone takes the time to tell you that your post was helpful, entertaining, or well-written.

Spammers know this and exploit it by generating compliment spam. They’ll put together a few lines of general praise and slather them across the web, hoping that bloggers will fall for the trick and post their spammy links.

Abusive social engineering like this really annoys me, so when in doubt I always do a Google exact phrase search to see if the compliment is really for me and not from a bot. This is tedious, so I created a simple WordPress plugin: O RLY Comment Spam Search.

You can get the plugin directly from WordPress.org, where you can also give it a rating to tell other webmasters how great (or non-great) it is. By the way, the plugin browser/installer added in WordPress 2.7 is very cool, and makes it much easier to try out plugins.

Judging by the thousands of blogs my O RLY searches have found, this sort of spam works. But why do spammers do it? Since WordPress (and most major blog systems) nofollow links in comments by default, the spammers can’t expect to gain any PageRank from these links. My guess is most of this spam is either intended to get traffic via clickthroughs or is generated by naive site owners, SEOs and marketers who don’t really understand how things work.

Take a look and let me know if it’s useful in the comments below. Also, let me know if it’s breaking on certain comments or otherwise buggy.

We’ve hit well over 2000 votes on our baby name survey, and so far my blog has held up well (thank you, WP Super Cache). The traffic has been enough at times to slow the Google Docs form and graphs. To get slightly back on track for this blog, here’s a quick usability lesson – as a form becomes less responsive to users, double- and triple-submissions will increase.

Votes have been coming from all sorts of interesting places:

• Many, many Googlers contributed votes. Obviously I can’t link to any internal company discussion, but I can assure you it was equal parts amusing, helpful, and nerdly. I had a fun time explaining all the programming jokes to Ann, particularly why we won’t be naming the baby after little Bobby Tables. Wysz supplied the very first votes, for Erin and Isaac.

• The MOMformation blog at ParentCenter wrote (somewhat disapprovingly) about our search for baby name assistance.

• Someone posted the link in a thread on Salon.com’s Tabletalk forum. Tabletalk is bizarrely non-searchable, which they could fix with a quick update to their robots.txt file.

• Neatorama picked up the story, which resulted in a flood of votes.

• For some international perspective, The Telegraph wrote about the survey in their “How About That?” column. If anyone has a copy of today’s print edition, I’d love to see if the story made it’s way on to dead trees, given my former journalistic predilections. I really got a kick of the headline, “Google man asks Internet to name his baby” – now that I’ve been publicly outed as Google Man, I’ll need to start wearing my cape to work.

If I’ve missed any, please add them in the comments below. And if you’re having trouble voting or seeing the charts and graphs, try again a little later – I think I my use of Docs and Spreadsheets is somewhere between “statistical outlier” and “abusive” at this point.

Blogs are great because they give you a creative outlet and let your readers comment on you posts, making it a much more social experience.  But spammers take advantage of comment forms, using scripts and bots to fill the web with links back to their site.

What can you do about it?  Even with captchas, systems like Akismet, and other automatic techniques (you can read more about these here), some spam will slip through.  Specifically, compliment spam.

What is compliment spam? Spammers know you and I like to be told what great writers we are, how helpful our posts are, and that we are brilliant geniuses.  So they set their bots to spam you with complimentary comments that just so happen to link back to their crappy blog, online casino, or fake viagra store.  Here’s an example:

Typolight
http://www.typolight-blog.de | info@typolight-blog.de | 82.146.49.61

Thanks, you nice post that helped me alot.

From Keep your Wordpress site from being hacked with automatic upgrades, 2008/09/06 at 9:27 AM

So, at first glance this looks like a legit comment.  The post in question was a “how-to”, so it would be nice to hear that someone found my instructions helpful.  But, do a Google search with the comment in quotes (an exact phrase search) and you’ll see the problem:

http://www.google.com/search?q=%22Thanks%2C+you+nice+post+that+helped+me+alot.%22

At the time of this writing, we see 168 instances of this exact comment.  By this same Typolight person.

So that’s my tip – if a comment seems a bit too randomly complimentary, throw it in quotes and do a Google search. Then, if it’s spam, make sure to spam it – systems like Akismet only work because we’re all reporting spam.

If you really want to go after the spam poster, you can also give their site a bad rating on Web of Trust, StumbleUpon, and other reporting systems.

Maybe if I get some time I’ll throw together a WordPress plugin to make this easy to do.  If you’d like a plugin like this (or have other tips), drop me a comment and it will help motivate me.

The web has evolved into this amazing place filled with user-created content, blogs, wikis, photo sharing sites, and users can enter comments on just about all of them. But there’s a problem – commenting in Blogger, Flickr, and some random self-hosted WordPress blog requires you to create user accounts or type in tedious contact information separately in each one.

As a user, you probably want to spend your time commenting rather than remembering usernames and passwords.  As a blogger, you no doubt want to make it as easy as possible for your readers to comment on your posts.  What we need is some really powerful identity management system to make this all possible.

OpenID is an attempt at creating such a system that seems to be growing quickly.  Instead of hundreds of usernames and passwords you have a simple URL that you control.  I just added it to my WordPress blog to see if it’s helpful, and I’ll walk you through the steps you need to take to use it and allow your commenters to use it too.

How to use your blog as your OpenID

First off, you need to get an OpenID.  Luckily, you probably already have one.  Major sites like Blogger, LiveJournal, Flickr, and Yahoo are supporting OpenID so you can just go with what you have.  You can also go with a specific provider.  Which one should you use?  It doesn’t really matter, since you can use your site’s URL as your OpenID and switch providers whenever you want.

Now that you have a URL, you need to use delegation to allow your site’s URL to stand in.  In WordPress, this means opening up the header.php and adding a few lines to your <head> section.  If you’re using Google’s Blogger (like me), the links would look something like this:

<link rel=”openid.server” href=”http://draft.blogger.com/openid-server.g” />
<link rel=”openid.delegate” href=”http://blogname.blogspot.com/” />

One side note – if you view the source of this page, you won’t see these lines.  I’m using my root domain instead.

For more information, see this post by Sam Ruby.

How to use OpenID for comments in WordPress

This part is simple – like everything else you want to do with WordPress, there’s a plugin.  Just download and install the WP-OpenID plugin and activate it.

You should notice a little OpenID icon in the fields for the comments below this post.  Go a head and test it out.

You may have noticed the snazzy poll I posted on my blog the other day.  There’s a number of different survey and poll plugins for WordPress but all the ones I’ve looked at have caveats and limitations.  You can also use a service like SurveyMonkey but it has some data limitations for free accounts.  Instead, I used Google Docs and Spreadsheets to create a survey quickly and easily.  Here’s how to do it.

1. Getting to Google Docs and starting your form

We’re going to assume you have a Gmail account or have signed up for some other Google service already.  Go to http://docs.google.com.  Click on New -> Form

2.  Creating your form

This is actually pretty easy, and the online help does a pretty good job explaining what to do.  You have a number of options when creating a question – you can make it multiple choice, full text, or even a numerical scale, and you can mark some questions as required.  If you’re looking for the “Add question” button, it’s up at the top of the page rather than below the last question.

3.  Publishing the survey on your site

After you’ve created your form, use the More Actions button to find the Embed option.  Just copy this iframe into your blog post – it’s that simple. You’ll get code that looks something like this:

<iframe src=”http://spreadsheets.google.com/embeddedform?key=ppevxmL24UqnRb77Xy3AOWg” width=”310″ height=”1044″ frameborder=”0″ marginheight=”0″ marginwidth=”0″>Loading…</iframe>

You can change the height and weight to better fit your blog template.  Keep in mind that some blogging software will not let you post HTML code and others, like WordPress, require you to use the HTML view.

If you can edit your template or sidebar you can even include the poll on every page, instead of just putting it in a post.

4.  Getting data

Here’s where it gets really cool – the data is automatically collected into a spreadsheet that you can share, edit online, or export to Microsoft Excel.  It’s pretty easy to export CSV for a statistical package like SPSS too.

There’s an optional fifth step, creating a chart or graph to let your users see the results, that I’ll cover later.  If you can’t wait just jump back to my post about urban usability and read about how I created the time-series chart there.

A little while ago I added the Sphere Related Content plugin to my blog, and I’ve been using the ShareThis plugin for social bookmarking links for a while now.  The former should theoretically benefit users who want to read more about a topic I’ve written about, while the latter should make it easy to share my articles with others.

WordPress makes it easy to add plugins but I wonder if these are actually useful my readers.  Please take a moment to fill out this survey and let me know.

I used a Google Docs and Spreadsheets form to make the poll.  Later I’ll post about how you can do the same on your blog as well.

Everyone has tag clouds all over the web, but are they really useful?  Altocumulus is an attempt to use tag clouds as a real navigational system in Wordpress blogs.

Install the plugin and it will automatically put a cloud of related tags at the top of all your Category and Tag pages.  Hopefully this will serve two purposes:

1. Users who end up on a general category page can click through to a more specific (or more relevant) tag page, and
2. It should give users a general idea of the topic of the posts on that archive page, increasing the information scent.

Next version I’ll add an options screen where you can change the number of tags, placement, etc.

Please drop me a note if you run into any bugs or are using it on your blog.  Let me know if you have any ideas you’d like to see implemented, too – I am all about implementing and studying folksonomies.  The more folks who are interested, the more likely I am to add features.  Thanks.

Download the Plugin Here

Just a quick note – if you’re about to install the Wordpress 2.6 upgrade, make sure you don’t just check your homepage and then call it a night. On a site I help manage for some friends I ran into a huge bug – the upgrade went smoothly, the homepage looked fine, but all the posts returned 404 errors.

It’s apparently very common if you are using “index.php” in your URL structure, which many sites use because IIS doesn’t have an equivalent of Apache’s mod_rewrite or because their host doesn’t allow mod_rewrite for some reason.

The solution can be found in this thread on the WordPress support forums. Basically the solution is to get the latest copy of rewrite.php and copy over the version for 2.6. Here’s another post with a technique for category and tag pages.

There’s a lot to like about WordPress… the open-source codebase, the templating system, the extensible plugin architecture. But I’m starting to feel like I’m squeezed between a rock and a hard place – delay an upgrade and you run the risk of getting hacked; go forward with an upgrade and you run the risk of throwing 404s for your entire site.