Comment Spam Attack

Of late, the blog has been getting 500 hits per day, with 60-ish on the main page and 30-ish on the post of the day. The “Hot Topics” posts (over in the right column, down a bit) account for a scant hundred more hits, with the remaining 300 hits distributed in onesies and twosies along the very, very long tail of 4200 posts.

Then this happened:

Spam Attack - Page Hits
Spam Attack – Page Hits

It seems a spammer noticed my posting activity and unleashed either a script or, more dismally, a stable of low-wage third-world workers to make a comment on every single post in the blog.

The Akismet scanner flagged three dozen comments made on the most recent posts, with the remaining 4500 (!) page views producing zero comments, because, some years back, I had disabled comments on posts older than a few dozen days. I disliked doing so, because I value comments from folks who contribute to the discussion, but …

The IP addresses seem to point back to compromised servers and pwned Windows boxes in the US, with very few foreign sources. The comments themselves consist of the usual gibberish, often run through a thesaurus (known as “spinning”) to improve the odds of evading the detectors. The payload seems to be the URLs attached to the random user names, all pointing to sites touting Vietnamese (!) scams, Russian pharmaceutical sources, online gambling dens, and the like.

And then, after two days, it was over.

Which is why I really really do not want to manage my own blog infrastructure, infuriating as WordPress-dot-com’s editor might be.

Blog Theme Shuffling

Over the next several days, I’ll be screwing around with trying out different blog themes, because WordPress has “deprecated” the theme I’ve been using since about 2011; it no longer works well with their most recent infrastructure. There being no way to tell how any given theme will look, how difficult creating posts may be, or (in truth) anything about a theme without actually running it, I’ll be doing live-fire exercises while posting odds-n-ends projects from the shop.

Some themes strongly suggest require a logo, so you’ll see this monstrosity until something better comes along:

Logo - Isolated 0D3
Logo – Isolated 0D3

Speaking of themes, you’re looking at a “free” blog on wordpress.com, not something I’ve conjured by installing the open-source blog infrastructure from wordpress.org on a server, which means few things you (think you) know about a “WordPress blog” apply. In particular, free blogs on wordpress.com lack access to the universe of themes & plugins applicable to a DIY FOSS installation.

(I think) I’d be perfectly happy to compose posts in Markdown (or some such) and slam them into a static site generator (Hugo / Gatsby / whatever), rather than slog through WP’s GUI editor, but I think my usual post-a-day pace conflicts with the fundamental assumptions of a “static site” generator.

I value blog comments from real people (you all know who you are and I thank you!), but blogspam presents a clear & present danger. Right now, Akismet kills nearly all the hundreds of spam comments per day; it’s obvious any blog comment system must include robust spam filtering. The alternative of, say, running a separate email list for comments seems far more trouble than it’s worth.

I absolutely do not want to sysop my very own blog configuration on a rented server / VPS / Digital Ocean Droplet / whatever. Things like WPengine.com would be attractive, except that this blog’s very long tail generates enough traffic to come very close to the 25 k visit/month upper limit of their “startup” plan; I’m reluctant to pay $100/month for the 100 k visit/month “growth” plan just to host my shop notes.

If you have recommendations / experience / horror stories concerning FOSS blogging software, add a comment or send me a direct note through the form at the bottom of the misleadingly titled “About” page.

For the next few days, remember: there is nothing wrong with your television set.

ACM Poughkeepsie Presentation: Algorithmic Art

In the unlikely event you’re in Poughkeepsie this evening, I’ll be doing a talk on my Algorithmic Art for the Poughkeepsie ACM chapter, with a look at the HPGL and G-Code transforming math into motion:

Superformula - triangle burst - detail
Superformula – triangle burst – detail

The PDF of the “slides” lacks my patter, but the embedded linkies will carry you to the blog posts & background information:

See you there! [grin]

Blog Summary: 2019

Another year of being the Domain Expert of scam-by-mail gadgets, obsolete ABS codes, and water heater anode rods:

Blog Page View Summary - 2019
Blog Page View Summary – 2019

Plotting the log of page views against posts in descending order of popularity gives a power-law relationship of some sort:

Blog Page View Graph - 2019
Blog Page View Graph – 2019

The log-log view has odd discontinuities:

Blog Page View Graph - 2019 - log-log
Blog Page View Graph – 2019 – log-log

Overall page views are down 30% from last year: 205k vs 290k.

WordPress served 1 million ads (vs 1.2 million in 2018) on those 205k page views, nearly five ads per page view, which seems horrifying. If you’re not using an ad blocker, you surely have difficulty finding the blog post amid all the crap.

The implosion of on-line advertising continues apace, however, as WordPress paid only 63% as much per ad: $0.40 (vs $0.70 in 2018) per thousand views. Obviously, ads on WordPress blogs aren’t worth much these days.

Recommendations:

While I could pay WordPress their upgrade ransom to eliminate the ads, it’s better if you defend yourself by eliminating all ads, wherever they may be.

Hiatus

Several home projects of steadily increasing priority will interfere with writing up Basement Laboratory projects through early November:

Mary - R foot - complete
Mary – R foot – complete

Ground truths:

  • No barnacles on her foot
  • No sea creature eating her leg

I’ll be posting infrequently during the next few weeks.

All remains right with our world …

Beware the Domain Squatters

A squatter has taken over a defunct domain at the far end of a link buried somewhere in the 3800 posts you find here. In place of the useful page I saw, you’ll see this stylin’ popover:

Domain Squat - engineeration dot com
Domain Squat – engineeration dot com

The “standard security check” is a nice touch, although you should keep in mind the Dilbert cartoon about unexpected side effects.

The actual URL, which I will not make clickable, includes the domain ffgetsplendidapps, which tells you just about everything you need to know about what’s going on.

Because they’re squatting, “continue directly to your destination” means being dumped into a Google search after they’ve meddled with your browser & system configuration. Clicking the inconspicuous × in the upper right closes the popover and dumps you into the search, perhaps before doing anything.

I have no good (i.e., automated) way to find broken links and, as far as I know, there is no way to automatically detect domain squatting, so you’re on your own.

Trust, but verify!