Well, it's been a hell of a morning. As you know, Konigi allows registered users to post to the blog, showcase, tools, and wiki sections. Up to now, all user submissions have been appropriate, but last night a registered user posted spam content to the blog. This is largely because I missed one configuration option--spam checking on blog/notebook entries.
That user has been banned/blocked, but for the time being I'm adding a few measures in place to prevent this from happening again:
- All submitted content, whether node or comment, is being passed through both Akismet and Mollom spam modules.
- All submitted node content (i.e. posts rather than comments) is being moderated, and held from being published until reviewed. This means any blog, showcase, and tools entries won't go into published views immediately.
- Posts will no longer make it to Twitter via TwitterFeed. That was just a poor and lazy choice to begin with. I won't use the service anymore.
I apologize for the spam entries that made it into the site and onto Konigi's twitter stream, and thank you for enduring the past few hours. It was my fault for missing one of the checkboxes when configuring my Mollom module and setting user submissions to publish & promote to front page.
In the 7 or so years that I've maintained multi-user blogs, it's been increasingly challenging to keep spammers out. This time it was really user error and the software was not to blame. I'm really vigilant about this stuff, and had I been awake, would have put the above measures in place sooner.
"Illegitimi non carborundum" - Don't let the bastards grind you down.