Comment Spammers Suck (I know, I know, they don't read this...)
Written by
on
in
Vindaloo.
Dang comment spammers keep pounding the blog here with their auto-generated garbage. Looks like they just have a series of scripts that are creating garbage web-sites on free hosting services then comment spamming blogs to drive up the page rank of the free pages. Would be nice to add the spam-checks on the submit page so that the comments would be dropped *before* they got into the database, but that would require altering the CoreBlog product.
Oh I wish I had time to migrate the blog to something I would be able to alter the code for. When I finally sat down to migrate to pybloxsom a few months ago its web-site was down. Tim has a script to migrate to some PHP system or other that I suppose I could try to use... but I really don't feel like mucking about with PHP code.
Guess I'll just kvetch a bit and then get back to my tutorial...
Comments
Comments are closed.
Pingbacks
Pingbacks are closed.
Mike C. Fletcher, the VRPlumber, is a philosopher of design turned computer programmer based in Toronto, Canada. He works primarily in the Python programming language, and maintains a large number of Open Source software packages. You can reach him at: mcfletch@vrplumber.com.
Luke Plant on 02/16/2008 9:31 a.m. #
I feel your pain. I have recently managed to cut my comment spam down to zero, without captchas, but it took me a while, and several different strategies:<br />
<br />
1) I discovered that a lot of spam appeared to be coming from botnets -- the same spam from different IPs -- so IP banning wouldn't work.<br />
<br />
2) I tried akismet, but it worked erratically for my host (never managed to debug what was going on), and didn't catch enough.<br />
<br />
3) I added a hash based on IP address, so that any script would have to fetch the page first, parse the form for the hash, and include it with the form submission. This stopped some, but not all.<br />
<br />
4) I figured out that the remainder, which were not slowed by tactics such as changing the names of fields, decoys such as invisible text fields etc, must actually be automating browsers. So I added a Javascript delay -- just a 10 second wait before a vital hidden field is added via javascript into the fields that have to be submitted. Most people have javascript turned on, and most take more than 10 seconds to compose a genuine comment, so this works pretty well.<br />
<br />
With these approaches, I seem to have eliminated the script approach, and the browser automation approach, and I'm down to zero spam. But, man, it *really* annoyed me.