So I woke up today to find this e-mail in my inbox:
Dear Defensio user,
We have reasons to believe that a few of our api keys might have been compromised and our research indicates that your key(s) might be among them.
Don’t worry, YOUR ACCOUNT WAS NOT HACKED AND YOUR PERSONAL INFORMATION IS SAFE. However, in order to protect your privacy, we thought the best thing to do was to regenerate new api key(s) for you.
As of now, DEFENSIO IS NO LONGER FILTERING SPAM on your website or blog. To re-enable it, please login to your account at http://defensio.com and then go to “My API Keys” where you’ll find newly generated keys. You should then update your website or blog settings with the new key(s).
When an API key is invalid, apparently it’s supposed to go to the moderation queue, but it didn’t for me which meant I got 400-500 spams overnight on my blog. Lovely.
So, I just spent the last few minutes deleting page after page of spams from my blog. I thought I skimmed through each page looking for legit comments, but I know I missed at least one (of mine specifically). If you found one of your comments from the last 24 hours has gone missing, please post it again. I probably accidentally deleted it. Sorry.
As for Defensio, I’m still happy with their spam accuracy, but I really wish they’d fix that bug in their plugin. It was hugely annoying to wake up to so much spam on my blog. That’s the whole reason I use Defensio — to avoid that. *sigh*
I started using Defensio instead of Akismet after reading about it on here. I think it’s great. Hate to hear about the mishap, but maybe they will get that all sorted out. How did you get the Defensio Spam Count to show? Is that something built-in, or something you did?
Clay on April 28th, 2008 at 9:18 PM wrote:
Built in. I tweaked mine a bit (to make it produce valid XHTML), but the basic function is
<?php defensio_counter('dark/light', 'left/center/right'); ?>. It defaults to dark and left.
Awesome, guess I was just too lazy to look for it. Any word on how your API key was compromised?
Clay on April 29th, 2008 at 6:27 AM wrote:
No clue. I assume it was something on their end because I’m on a dedicated server of my own. No hacking going on here. 🙂