New Akismet revision available for testing

Those who like to live on the bleeding edge might like to download and test the latest revision of the Akismet WordPress plugin from Subversion:

http://plugins.svn.wordpress.org/akismet/trunk

If you don’t know what Subversion is or how to use it, I’d suggest waiting for the next official Akismet release, which won’t be far away.

The new revision includes a new diagnostic feature on the Akismet Configuration tab that’s intended to address a problem with some web hosts.

We’ve known for a while that some web hosts and servers have firewall rules that block outgoing connections — including connections to the akismet.com API servers, which are necessary for the Akismet plugin to work. Usually the host administrators will add some firewall rules to permit the Akismet plugin to connect to akismet.com. But recently we’ve discovered that some hosts have created incomplete firewall rules, with the result that some Akismet connections succeed, but some fail. This caused Akismet to seem like it was working, when in fact only some spam was checked, and only some reports ever made it back to Akismet.com.

The problem is caused by the host’s firewall rules – it’s not something that Akismet can fix. We can detect the problem, however, which is exactly what the new revision does.

The new feature adds a Server Connectivity section to the Akismet Configuration tab. The new section will check for any problems connecting to any Akismet servers, including the partial firewall problem, and recommend a course of action if there is an issue.

There’s more code in the new revision than we would typically add in an Akismet update, so testing and feedback are welcome.

Some technical details for those who are interested:

Akismet uses round-robin DNS and load balancers to distribute the work of checking comments for spam across multiple servers. A DNS lookup of rest.akismet.com (the domain used for Akismet API calls) returns not one but several IP addresses, corresponding to the multiple servers. When your blog uses Akismet to check a comment, it will (more or less) randomly choose an Akismet server IP to use. Each time it checks a new comment, it might use a different Akismet server IP.

If a web host blocks all connections to all Akismet server IPs, the Akismet plugin can easily detect the problem and report an error. The plugin has always included a connectivity check as part of its configuration process, that will warn the user if Akismet servers are unreachable.

If a web host allows connections to some Akismet server IPs, but blocks connections to the others, the connectivity check might succeed (if it happens to connect to one of the allowed IPs), while some subsequent connections will fail (when they try to connect to one of the blocked IPs). Result: the plugin appears to be working fine, but in fact only some API calls are working. Users often won’t notice anything wrong, because some spam is caught.

The new revision expands the connectivity check to include all known Akismet servers. It displays a status message or warning to the user if some servers are unreachable. It also stores a list of server IPs and their status, with a 24 hour expiry. That list of IPs is used when checking and reporting spam, to ensure that only servers that are known to be reachable are used. The list will be refreshed after 24 hours so as to adapt to any changes in availability – such as when a web host changes their firewall and blocks or unblocks an Akismet server. (Which is something that a few hosts have been known to do without warning, unfortunately).

NB: feedback about this new revision is welcome here, but please don’t post general Akismet support requests in comments. Post them here instead.

5 comments

  1. I run my own dedicated box, and I want to make sure I’m getting everything right on my end. I’m using cPanel with Config Server’s Security and Firewall — which I absolutely love because it automatically updates and automatically blocks tons of nasty “attempts.”

    Anyhow, I’m excited about the new feature that’ll tell me which IPs need to be allowed because I can make sure that my firewall is actually allowing them.

    Keep up the awesome work!

  2. Yep, I’m using this test version, and I can confirm that awardspace is obstructing all the connection attempts. I have been wondering for the last month why Akismet has been failing me, and now I have the answer! It wasn’t always the case – my wordpress blog hosted on Awardspace used to work nicely with Akismet.

    I have sent them and email + screenshot of the akismet error. I’m waiting for their response.

    thanks.

  3. Excellent news… I got this response very soon after:

    Hello,

    Due to security reasons all TCP outbound connections from the paid servers your account resides on are blocked by default.
    However we have enabled them for your account so you should be able to connect to external IPs/servers without any problems.

    Best Regards,

    I checked Akismet, and it cleared up 226 spam comments straight away. Thanks for the diagnostic tool!

  4. “If you don’t know what Subversion is or how to use it, I’d suggest waiting for the next official Akismet release, which won’t be far away”.

    I know what Subversion (I Guess) but its no true that you need to know about it for grab this version of AKISMET, I just did it and its working like a charm, hope this grab some nasty SPAM which arent been caught.

    Best regards, really thank u

  5. Pingback: Akismet is up. « Akismet

Comments are closed.