The Open Web can learn comment moderation from Instagram


Starting today, you can protect your account from unwanted interactions with a new feature called Restrict. Bullying is a complex issue, and we know that young people face a disproportionate amount…

Source: Empowering Our Community to Stand up to Bullying – Instagram


Bullying is about power and perception. When someone cyberbullies you, the idea that other people can see the comments and choose to ignore them, which makes bullying banal, or even someone else’s comedy, that idea is sometimes more hurtful than the comments themselves.

What’s interesting to me is that Restrict is a rehashing of a system that has existed since forever on the Open Web – comment moderation. The ability for a blog to not show a person’s comments has existed forever, and due to the lack of transparency and user-feedback in companies like Facebook and Google, has largely been ignored until they get to it.

However, Restrict is an improvement, depending on how they’ve implemented it. In blog comment moderation, the bully/poster sees and knows that their comment is under moderation. This gives them cause to go and continue their bullying on some other platform.

Restrict seems to make it so that the bully will not find out they are under review. This is a powerful tool, because the perception for the bully will be that other people saw their comment and ignored it, thereby removing the feedback loop that pushes them to bully more. Simultaneously, for the bullied, it will tell their subconscious that their community has not abandoned them in favor of the bully, because the community can’t even see the bully’s comments.

If this is how it’s implemented, and if it is successful, I’d say this is a good thing for the Open Web and for comment systems like Disqus and WordPress to also implement. Taking power from the bully means letting them think that their ‘hot takes’ have been ignored by bystanders. In this case, perception is power, and the bullied should be able to wield it.

To the hacker trying to log into my WP blog

Please, just stop.

Let’s talk about what you want in the comments section?


Update: The hacker has been using an IP – from Kansas City which has been blocked.

Update 2: The hacker has now started using an IP – from Sweden which has now been blocked too. Good luck idiot.

Update 3: My hacker has turned into a spammer. Apart from using the following IPs to try to log into my blog,,,,,,,,,,,,,,,,,,,,,,, (and a lot others)

(use geoiptool and whois to see where these IPs are from and who they belong to)

I am also being bombarded by spam comments and link backs on my blog. Boy am I glad to be running Disqus instead of the default comments right now!

In other news, I found out that Cloudflare only allows blocking of 2 IPs for a free account. That means I’m left to my own devices to reduce this threat. Thank Johanee for the wonderful Limit Login Attempts plugin for WordPress.


Update 4: Ok, I’m kind of liveblogging this. But it’s turning into an interesting nightmare. The more I heckle this hacker, the more I’m being bombarded with spam and the more IPs he’s using to try to log into my account (to avoid the login attempts limit). Here’s a nice map showing the IPs I’ve logged (Shows the number of machines under his control) –

IPs around the world. Most of these are showing as Windows hosts, but some are registering as Mac. That doesn’t look good!

Attribution: The above map is from which seems to be using Google Maps and the MaxMind GeoIP service.


Update 5: It seems that the dictionary attack has come to an end for the day. The hacker used an intelligent list of commonly used passwords instead of just bombarding me with all possible words from a-z. Thanks to the ThreeWP Activity Monitor plugin, I’ve been able to compile a list of IPs, browsers associated and passwords used by the hacker. I’ve created a nice Google Map to pinpoint all the locations of the possibly infected computers used by the hacker. That map is more comprehensive than the image above. I’ve also attached a nice python list of all the IPs, if someone wants to do something with them (for example, if someone from CloudFlare wants to include said IPs in their network).

Google Map

Combined Info on passwords, IPs, user agent info of infected computers.

python IP list

Attribution: Google Maps for the map, Maxmind for the GeoIP API, pygmaps for the library. If anyone’s interested, I’ll upload the python code I used to create the map (though it’s pretty simple).


Update 6: You would have thought this person would have given up after a week of hitting on my blog, but that doesn’t seem to be the case. I receive about 7-8 spam comments a day and 30-50 login attempts a day. I’ve started to hit back. I’m recognizing frequently used IPs and reporting them for abuse to their owner companies. I’ve sent a list of IPs to Cloudflare and asked them to put those IPs in their block lists. I’ve found something called RBLs (Realtime Blackhole Lists) which list IPs used by spammers. Many of these lists already have the IPs that I’m getting hit with listed in their files. Most of these lists do not accept user contribution but some of them do. I’m finding the ones that do and systematically reporting every IP used by the hacker.

Also, I’ve downgraded his level from hacker to spammer and from spammer to script kiddie. From here on out I’ll be referring to this person only as a script kiddie.

Experimenting with a new way of microblogging

Today, someone pointed out to me that my live blog – wasn’t truly a micro blog because there was no way for people to reply to me. This got me thinking. Following the tenets of what a micro blog is from my recent post, I believe that a post, reply model, with no character limit on the post other than the author’s discretion with the ability to include multimedia in the post and the ability to host it on their own server really defines a micro blog.

Towards that, here’s an experiment – Disqus, the famous commenting system, has all of the above features. Though I do not, in the end, control the database of the posts, I can host a disqus plugin just about anywhere. This is where I choose to do it. This is now, a micro blog. Anyone can come and comment here. This allows  for Guest replies, mentions, multimedia attachments, moderation and links in the comments. There is even a mobile theme which will work if you visit this page from your smart phones.

This is just an experiment. I will post here only if people start posting here. My primary personal micro blog will still be on and if anyone wants to reply there, you can do so on the Disqus comments at the bottom of that page.