Schonhose

Since yesterday Defensio reported they were having technical difficulties. About the same time some of the forum members over at Pixelpost were complaining about slow loading times of their site. John Hess identified the Defensio addon as the cause of this slow loading.

As the author of the Defensio plugin I’ve conducted a small investigation myself. It didn’t take much time to connect the problem with the downtime of the Defensio Service. However, finding the cause of the problem took some more time.

The majority of the code is only executed when needed. So basically Defensio is only activated when a comment is called. However, I managed to identify the source of the problem. The problem lies within the code for the widget.

That particular piece of code has a cache of two hours. If the stats are older than two hours it will try to pull down new stats and store it in the database. However, if the service is down for more than two hours it will repeatedly try to fetch the stats (failing each time). The addon will do this on every call to the page, slowing down the loading of the page in question.

The good news is I’ll fix it asap, but you can easily fix it yourself (assuming you have the latest version of the Defensio addon):

Open up admin_defensio.php and look at line 94 (or about):


// widget support
$defensio_widget = defensio_counter($defensio_conf);
$tpl = ereg_replace("", $defensio_widget, $tpl);


Change this code to:


// widget support
//$defensio_widget = defensio_counter($defensio_conf);
//$tpl = ereg_replace("", $defensio_widget, $tpl);

This will disable the widget code while storing unprocessed comments in the Defensio queue (so your spam won’t get through).

Look for the official patch in a few days (as I am totally swamped this weekend).

UPDATE:the problems with the Defensio service have been solved. All should be working again.

Today I’ve released the 1.2.0 version for the Pixelpost Defensio addon. You can download the new version at the Pixelpost Extend and at Defensio.

Changelog:
Version 1.2 (14 December 2007)

• Added information about the learning status to the stats overview
• Fixed a small bug with an if statement (use == to test and not =… >_< )
• Unprocessed comments are placed in the Defensio queue and displayed with a blue color. These comments can be reprocessed by clicking the appropriate link.
• Cleanup of the code (Removed some testing code as well)
• Replaced the signup url with the correct one

Please update your addon to use the new features.

Today the best new anti-spam measure is finally out of beta. That is right, Defensio is finally live. This is what Carl had to say about it on the Defensio blog:

If you’re a blogger, you are likely already intimately familiar with the “spam problem”. Spammers have been waging war on the blogosphere for months now, bombarding the comments section of blogs with literally millions of spam messages per day. This creates a lot of work for blog owners, who have to wade through hundreds if not thousands of messages every week, just to make sure their comment garden remains weed-free. It’s become such a problem that many simply don’t bother anymore, preferring to let the odd legitimate comment disappear; and an increasing number of bloggers are even opting to shut down comments altogether — an unfortunate, and unnecessary, concession to the cold-hearted spammers’ cause.

We felt that the time was ripe for a better spam management solution; so we built Defensio.

Currently they support WordPress 2.1+, Umbraco and PixelPost 1.7+. So if you use WordPress, head on over to Defensio, sign up and download the plugin.

If you use Pixelpost, you have to wait a few more days. Pixelpost 1.7 is really near. If you really cannot wait: check out the Pixelpost Forums where you can download the Release Candidate for Pixelpost 1.7.

Well, here are the stats for another week of Defensio (in conjunction with the Project Honey Pot a.k.a. the HTTP:bl addon) for my photoblog.

• Recent accuracy: 100.00%
• 523 spam
• 1 legitimate comments
• 0 false negatives (undetected spam)
• 0 false positives (legitimate comments identified as spam)

Funny thing is I got 6 comments which were not rated by Defensio. Both parameters for each comment were empty (e.g. NULL). I’m still figuring out how this has happened.

In the mean time I’m resetting my SPAM flood protection, the token support and the maximum # of URI allowed in comments because 523 spam comments a week is ridiculous (That is 75 comments a day ).

In case you were wondering: the Project Honey Pot a.k.a. the HTTP:bl addon blocked nearly 230 comments this week.

As mentioned earlier I wrote an addon for Pixelpost which uses Defensio for blocking spam. It’s been about a week and time to evaluate how it has worked.

Well, without further ado here are the stats for my photoblog for the past week (please remember I disabled all other anti-spam measures):

• Recent accuracy: 100.00%
• 173 spam
• 2 legitimate comments
• 0 false negatives (undetected spam)
• 0 false positives (legitimate comments identified as spam)

Quite impressive, there was only one comment placed in the moderation queue and you might consider this as a false negative (undetected spam). The comment in question:

Thanks for the post.
Great info.

You can imagine why Defensio didn’t flag it. All in all I’m quite satisfied with the performance (and indirectly with my coding ). The next step is to evaluate how it works combined with the Project Honey Pot a.k.a. the HTTP:bl addon.

Based on data collected from honeypots (spamtraps) set on sites you can block certain ip-addresses to access your site. So basically, if a known spammer is trying to access your page, they are directed to the honeypot. This also reduces spam and the best part is: the spam never makes it in the database.

Now, if you all excuse me, I have a quarantine I need to empty.