I did a WordPress upgrade today. Another 1.5 beta from CVS. There are new fields in the database that made things go wonky. If you upgraded and you’re having trouble registering users and adding comments, you’ll need to actually run the upgrade.php script in the admin directory.
I also did an upgrade of Mom’s site last night. (Hi, Mom!) I set the Presentation to “Default” so it looks all Kubrick-y. I’m sure it wasn’t a big deal, but putting it back is just a matter of setting the Presentation Theme to “Classic”.
Along with the changes to WP 1.5, I’ve made a bunch of updates to OSA, which is currently the spam protection I’m running here. It seems that the WP devs added a lot of filter stuff to the commenting engine, and there’s really no telling if it will stay stable until release so that OSA would continue to work. That is to say, it doesn’t look like they’re finished updating the code. Last time I looked through trackback, it didn’t even use the code that they’re currently modifying. Hopefully, that’s all up-to-date by now.
The effect of the new comment filtering features is widespread. It seems like the WordPress devs might be inclined to provide a bumper-to-bumper spam prevention solution. I think this is a bad idea.
It doesn’t allow enough diversity in detection for evolution. If they provide a solution that works right now, nobody will work on alternatives, so when the spammers figure out better ways to inject their message into blogs, there will be nobody patrolling the borders to fight them off.
Plus, by not providing rich plugin hooks (because the features you would presumably need the hooks for are already in the software) you eliminate the possibility of alternate presentation or function. If I somehow figured out a way to allow people to talk about poker on my site wihtout triggering the “texas holdem” spam trap, there really isn’t a good way to install it, at least without disabling all of the built-in stuff.
An example of a poorly managed hook is the wp_blacklist_check hook. You can execute code just before the native blacklist check, but you can’t apply any values to what WordPress does on its own. In other words, you could craft a robust blacklist routine, but you can’t override or even supplement the existing code because of the way it’s written. I’m not sure what the purpose of this hook even is. Maybe updating the internal blacklist? It doesn’t even support proper regular expressions.
Even so, a lot of the new work in the WordPress code has negated the need for good portions of spam prevention plugins like Spam Karma, which I’ve recently given up on. All they need to do is automate the downloading of the blacklists, and poof - same functionality.
Indeed, there are only a couple of additional checks that Spam Karma makes that do much good beyond the blacklist support that WP’s core code provides. I don’t really care for the RBL services because they tend to contact email open relay databases rather than comment spam databases. This is slowly changing, but the feed into those databases has got to be slow when there’s no automated method in the blog software to report it.
I’m going to let OSA run for a while and see what that does to spam. If it solves it, good. If not, it’ll hopefully be late enough in the game that someone will have brought some order to the rampant filter hooks appearing in wp_new_comment().
Also- Is the hacker mailing list down or what? I’ve sent several emails and none have come back to me. The list is also pretty dead, so I think others are having the problem, too. Or maybe they’ve finally banned me! :D
