Friday, December 25, 2009

Do You Lock Your Doors?

"Key Note" by william.neuheisel
Attribution License
Have you had trouble with spammers, phishers or other internet interlopers? Many of my Professional Learning Network, including me, have recently experienced troubles with our various interactive social networks, including blog comments and Twitter. There is also the less obvious, yet serious problem: thieves that steal your postings without attributing the work to you.

Do You Lock Your Online Doors? In the beginning, I didn't, but now I do. At first, I just tried to avoid the issue of phishing, spamming and theft. I ignored the Direct Messages, deleted the spam comments and stopped blogging. From my own experiences, that makes you more vulnerable which seems to be just what these people want. Just as you do at your own home, I would like to recommend that you take a more proactive stance against personal attacks. To begin with, I'd suggest that you LOCK YOUR DOORS!

The first time a phisher captured my Twitter account, I thought it was an accident. This first phisher was an educational group communicating with me. Eventually, as I discussed the problem on Twitter, they stopped sending their tweets of new blog posts in my name.

Unlocking by Gabriela Camerotti
Attribution-NonCommercial License
Even after that experience, I was naive. I didn't realize that some SEO's follow you with the hope that you will follow them. When you do follow them, they stop following you. They capture your Direct Messages to promote their new products, games, or blog posts. When you call their attention to it, they don't know what you are talking about since they don't even follow you. I wonder if you have had any similar experience?

Finally, I changed my password. That was very aggravating, but it did stop the phishing. I had to remember: "Lock the Doors!".

Another recent problem is spamming comments on my blog posts. Some of my professional learning network recommended allowing comments to go right to my blog, and I believed that would allow people to comment with the least trouble. That worked well for me for over two years, yet "a good deed never goes unpunished". Do you still allow open commenting without approval? If so, how do you deal with spammers?

Over the past two months, I've had at least five different spammers attack my blog comments section. I didn't notice it at first, as they were adding their spam comments to my older posts. Fortunately, I found them in the email notifications when new comments appear on my blog.

I wanted to counteract the spamming, but still allow unrestricted comments on my new posts. These are some of the measures that I instituted for this blog.

I locked down the comment postings on my old posts, and these comments had to be approved before they would be posted. That worked for about a week, but the spammers started direct attacks on my new posts. Has this happened to you?

In the end, I've changed all my blog comments approval system. Your comments must be approved before they will appear on my blog. Philosophically, I'm opposed to that. I want my readers to KNOW that all comments will be posted. I want to assure you that all comments, negative or positive, will be posted, unless they are off-topic spamming. How are you solving this blog comment spamming problem?

The last problem is the most offensive to me personally, just because it is so personal. I use one of the most generous Creative Commons copyrighting licenses available, but some people ignore it. They seem so desperate to appear creative and original that they don't make attributions of other blogger's work on their blog posts. Have you experienced this problem?

How did I discover it? Just as I discover cheaters in my classes, they usually give themselves up. Many are loosely connected to me in my professional learning network (PLN). When they advertise a new blog post about a topic of interest to me, I want to read it. My original intent is to learn more, but then I'm disappointed to find they use the same links that I've found to discuss the same idea from MY perspective. What's worse is the use of direct quotes from my blog posts without attributions. I'm flattered that they take my ideas or my words, but I would appreciate a simple link to my original article.

How are you dealing with this phenomena? My original response was to stop posting. That's a dead end proposal, because I want to write about my ideas, experiences and practices.


williambuell said...

Right now, I am on line in the Ubuntu Linux operating system which is said to be rather immune to malware. I am using the Firefox browser that came with Ubuntu, to which I have added NOSCRIPT, a Firefox add-on which carefully controls link by link which scripts may execute. For example, I could not see the COMMENT function of this page until I allowed all scripts on this page.

On my Windows computers, I use a free firewall called Online Armor together with the free version of Avira Antivir. I have one Windows computer where I purchased a 3 year licence to Avira Security Suite which includes a firewall.

I also use the free scanner from

Never open a suspicious email attachment even if it seems to be from someone you know. Instead, contact them with some separate email and ask them what this is all about, and if they really sent it.

Sometimes, in Windows, some strange message will pop up warning me of something. I hit alt ctrl del to bring up the task manager, and I kill all the Firefox browser tasks. I do this because IF you try to close the suspicious prompt, it might proceed to execute some malicious code.

I use to store my hundreds of passwords to various blogs and forums. Clipperz makes their source code available, so a good programmer could see if they are doing something sneaky. When you join
you choose some nickname you can remember e.g. santaclaus and some long strong password e.g. dOreindeeRreallYknoWhoWtOflY ... you do NOT have to give them your email address or any other identifying info. Everything that you store in is encrypted CLIENT SIDE on your computer before it is sent to SERVER SIDE, so they cannot know what info you store, and if you should FORGET Your name and password there is NO WAY to retreive your data. You may download a READ ONLY version of your clipperz to a memory stick or hard drive, to be used when you do not have internet access. You may also download an encrypted text JSON file, which you can use to restore your passwords to some NEW clipperz account. You may tell clipperz to generate a long strong random password for each new login credit card/bank/myspace/facebook/twitter/plurk etc account. You will only be able to log in by entering clipperz and copy/paste the long password into your login page, but this offers you more security than using the same password for all your accounts, and writing it down somewhere where someone can find it.

The MOMENT you suspect that a twitter or myspace or facebook account has been compromised, you should CHANGE the password.

loonyhiker said...

I also had to change my password with Twitter and must approve all who follow me. I also approve all comments (but like you, I don't want anyone to think that if they disagree with me, I won't post it). The next thing I use is and have it show up in my google reader. This shows me when someone uses my blog posts.

samccoy said...

William, these are excellent tips for using the Internet. I'm sharing them with our network, as there are others who might benefit from this information.

I've cited your Trusting Strangers on the Internet. I believe that will also provide more direction to others learning to use the internet and improve their access and interactions.

samccoy said...

Pat, it helps to know that I'm not the only one in this situation. I appreciate the Fair Share link, and I'm reading it over now. It looks like a very helpful web application to help prevent others from using a writer's work without providing some monetary recognition.