Thursday, January 12th, 2006, 3:13 pm
Akismet Problems
Filed under:
Akismet cleans up your blog spam,
but false positives sometimes go unnoticed
Akismet is a comment spam prevention mechanism. It can tell apart genuine comments from ‘comment bombing’ and used do so almost flawlessly. The Akismet filter has quickly gained popularity among its origins: WordPress blogs. I set up Akismet in my WordPress 2.0 test blog and mentioned this before in a writeup on ending comment spam using collaborative spam flagging.
Akismet can be used only given a key which establishes some trusted identity. Nevetheless, its performance is said to have degraded recently. I have been wondering for quite a while what would prevent a guild of spammers from downloading and installing WordPress 2, getting an API key and then posting comments to self. They could begin marking comments improperly en masse. Only a trusted few need be able to flag messages. It is is a necessity when one wishes for robustness to fraud to ever prevail. I even mentioned this before, roughly a month before the tool was publicly available.
I have an API key for one blog and another test blog that ran Akismet without a key. That was back in the early days when spam-stopper, as is was named at the time, was actively developed and tested by a set of individuals. Ever since, I believe it has reached many hands and became too easy to gain access to, for malicious purposes as well.
There is hope of successfully reverting the learner back to a more reliable state if backups were made of it on occasions.
