You may have noticed that it’s no longer possible to post comments here. And in fact comments have been disabled on all ArtsJournal blogs. That’s because the hackers who infected ArtsJournal entered the site by posting spam comments, which have flared up lately, sometimes gigantically. One day last week this blog got 42 of them. Readers probably didn’t see that, because the comments were posted, apparently randomly, to a variety of very old posts.
But still, there they were, serving (with the use of hidden code) both as beacons to attract more spam and as seeds for malware. ArtsJournal is now free of malware, thanks to heroic work by its founder and leader, Doug McLennan. If you’re still getting malware warnings when you come to ArtsJournal or any of its blogs, that’s because Google — which issues the warnings — has (as of yesterday) been taking its time in certifying that ArtsJournal now is clean.
There’s an interesting question here about Google, which in effect becomes the owner and watchdog not just of its own sites, but of the entire Internet. Certainly it functions that way, if it blocks access — as it’s been doing here — to sites not its own that it thinks are infected. A public service, yes, but also a move toward supreme power. What makes it troublesome is that (or so I’m told) you can submit evidence that your site is now clean, but there’s no way to communicate with Google about it. They receive your evidence, and then act (or for all we know don’t act) on it, at their own slow pace.
But back to the comments. They’re disabled for the moment, so that more malware won’t get into ArtsJournal. (Note that the bad guys are able to get through the captchas — the pictures you have to render into text, before you can post your comment — not by using fancy software, but simply by hiring people in the third world to solve them manually, just as a legitimate commenter would.)
I’m sorry for this. The comments, and the discussions they provoke, are just as important as anything I post here. When they’re reenabled, we’ll very likely have to impose some kind of one-time registration, as a way of verifying your identity before your comments can post automatically. You won’t be forced to register, of course, but if you don’t, you’ll have to wait for me to approve your comments before they show up online.
Again, I’m sorry for all of this.
Comments appear to be enabled again.
I am sorry your site was a target. But surely there is an alternative, short of forcing registration by each commenter … If your ISP/Blog Provider were to transfer only plain text, or only a few rich text tags (say, italics and bold), how could malware make its way into your site? This may be a case of the techies deciding what’s easier for them, rather than what’s best for the customer.