Copyright 2006Michael Bartonpalrich@gmail.com2012-02-05T07:31:20ZWeirdLooking.comhttp://www.weirdlooking.com/images/feed.pnghttp://www.weirdlooking.com/Michael Bartonhttp://www.weirdlooking.com/blog/i-dont-like-comment-spam2005-12-23T06:06:20Z2005-12-23T06:06:20ZYou know, all of the comment spam is coming from the servers of Web hosting companies.&nbsp; Which makes sense; they rarely monitor or charge for outgoing connections.&nbsp; I assume that <a href="http://www.weirdlooking.com/blog/4" style="position: relative; padding-left: 8px; zoom: 1;"><span style="position: absolute; top: -5px; left: 0px; width: 16px; height: 16px; background: URL(http://www.weirdlooking.com/exticon?http%3A%2F%2Fwww.weirdlooking.com%2Fblog%2F4) no-repeat center center; -moz-opacity: 0.3; opacity: 0.3; filter:alpha(opacity=30);"></span>this page</a> made its way into an automated comment spamming tool or something.&nbsp; I&rsquo;m going to delete most of that spam, I think.&nbsp; Then I can remove the lame rel=&rdquo;nofollow&rdquo;s on comment links.<br /><br />As mentioned, I assume that this spam is posted by some sort of automated tool.&nbsp; So, I have put an end to automated posting.&nbsp; How, you ask?&nbsp; I just hid one of those evil Unix timestamps in the form.&nbsp; If you post a comment 30 minutes after that timestamp, it gives you an error (and a preview where you can click Submit again, so it&rsquo;s not evil).<br /><br />Yeah, that&rsquo;s easy to circumvent.&nbsp; The form also includes a checksum of the time (generated via fantastic, super-secret cryptographic methods that you&rsquo;ll never figure out, so don&rsquo;t even bother trying).&nbsp; The end result is that stale instances of the form, like those I assume live in a spammer&rsquo;s database, won&rsquo;t work.<br /><br />They could still easily download the page and scrape out a valid timestamp and checksum, but I think it&rsquo;s probably enough for now to not be the low-hanging fruit.http://www.weirdlooking.com/atom/comments/469