Comments disabled

You may have noticed that it’s no longer possible to post comments here. And in fact comments have been disabled on all ArtsJournal blogs. That’s because the hackers who infected ArtsJournal entered the site by posting spam comments, which have flared up lately, sometimes gigantically. One day last week this blog got 42 of them. Readers probably didn’t see that, because the comments were posted, apparently randomly, to a variety of very old posts.

But still, there they were, serving (with the use of hidden code) both as beacons to attract more spam and as seeds for malware. ArtsJournal is now free of malware, thanks to heroic work by its founder and leader, Doug McLennan. If you’re still getting malware warnings when you come to ArtsJournal or any of its blogs, that’s because Google — which issues the warnings — has (as of yesterday) been taking its time in certifying that ArtsJournal now is clean.

There’s an interesting question here about Google, which in effect becomes the owner and watchdog not just of its own sites, but of the entire Internet. Certainly it functions that way, if it blocks access — as it’s been doing here — to sites not its own that it thinks are infected. A public service, yes, but also a move toward supreme power. What makes it troublesome is that (or so I’m told) you can submit evidence that your site is now clean, but there’s no way to communicate with Google about it. They receive your evidence, and then act (or for all we know don’t act) on it, at their own slow pace.

But back to the comments. They’re disabled for the moment, so that more malware won’t get into ArtsJournal. (Note that the bad guys are able to get through the captchas — the pictures you have to render into text, before you can post your comment — not by using fancy software, but simply by hiring people in the third world to solve them manually, just as a legitimate commenter would.)

I’m sorry for this. The comments, and the discussions they provoke, are just as important as anything I post here. When they’re reenabled, we’ll very likely have to impose some kind of one-time registration, as a way of verifying your identity before your comments can post automatically. You won’t be forced to register, of course, but if you don’t, you’ll have to wait for me to approve your comments before they show up online.

Again, I’m sorry for all of this.

Share on FacebookTweet about this on TwitterShare on RedditEmail this to someone


  1. Tim says

    I am sorry your site was a target. But surely there is an alternative, short of forcing registration by each commenter … If your ISP/Blog Provider were to transfer only plain text, or only a few rich text tags (say, italics and bold), how could malware make its way into your site? This may be a case of the techies deciding what’s easier for them, rather than what’s best for the customer.

    No techies involved here. Only Doug McClennan, the founder of ArtsJournal, who’s tech-adept but much more a creator/reader of tech content than a techie.

    He says that the malware buried in the spam comments was amazingly sophisticated, and couldn’t have been blocked by any simple means, short of preventing the comment from appearing in the first place. Even once he knew the malware code was in the comments, it was almost impossible to find. I’ve had plenty of dealings with techies who had no idea what the rest of the world needed from technology, and planned everything for their own convenience. But Doug’s proposed solutions come from a very different place.