You know, all of the comment spam is coming from the servers of Web hosting companies. Which makes sense; they rarely monitor or charge for outgoing connections. I assume that this page made its way into an automated comment spamming tool or something. I’m going to delete most of that spam, I think. Then I can remove the lame rel=”nofollow”s on comment links.
As mentioned, I assume that this spam is posted by some sort of automated tool. So, I have put an end to automated posting. How, you ask? I just hid one of those evil Unix timestamps in the form. If you post a comment 30 minutes after that timestamp, it gives you an error (and a preview where you can click Submit again, so it’s not evil).
Yeah, that’s easy to circumvent. The form also includes a checksum of the time (generated via fantastic, super-secret cryptographic methods that you’ll never figure out, so don’t even bother trying). The end result is that stale instances of the form, like those I assume live in a spammer’s database, won’t work.
They could still easily download the page and scrape out a valid timestamp and checksum, but I think it’s probably enough for now to not be the low-hanging fruit.
i don’t like (comment) spam!
December 23, 2005 12:06am (4 years, 7 months and 6 days ago)Comments
Wwwyzzerdd
Dec 23, 2005 1:45am
So easy to use no matter we’re number one!
Dec 23, 2005 1:46am
Take that!
Dec 23, 2005 1:53am
I imagine those people with out-of-the-box blogging tools have a much bigger problem than those of us with custom systems. In order to automatically post spam in your new comment system somebody would have to take 5 minutes to write a specialized script, and hopefully that isn’t worth the effort to the spammer (and you can always keep changing your scripts).
I’ve thought about ways to prevent automated spamming, but right now the amount I get is low enough that I can manually keep up with it. It’s usually easy to spot because of the use of HTML, which my form clearly states is not allowed (and that’s because I don’t want to write an HTML validator in VBScript).
I imagine using some kind of randomized field names might help, too. That’s what my bank seems to do to circumvent the otherwise useful remember password feature of most otherwise useful browsers.
Other than that, any other solution I can come up with off the top of my head (Captchas, Javascript validation, etc.) tends to hinder accessibility.
I’ve thought about ways to prevent automated spamming, but right now the amount I get is low enough that I can manually keep up with it. It’s usually easy to spot because of the use of HTML, which my form clearly states is not allowed (and that’s because I don’t want to write an HTML validator in VBScript).
I imagine using some kind of randomized field names might help, too. That’s what my bank seems to do to circumvent the otherwise useful remember password feature of most otherwise useful browsers.
Other than that, any other solution I can come up with off the top of my head (Captchas, Javascript validation, etc.) tends to hinder accessibility.
Dec 23, 2005 2:19am
I will include a text-based capcha just for lynx users.
Please enter the text below: _
_ _ _
\ /| || | |_ | || |/ |
| |_||_| _||_||_ |\ .
_ _ ___ _ _
| _ |_ | /\ |_)|_ /\ |
|_| |_ | /--\ | \|_/--\|__
_ _ _ _ _ _
|_)|_)| |\ /|_ |_ |_) |
|_)| \|_| \^/ _||_ | \ .
Dec 25, 2005 5:10pm
In many regards, I consider Lynx a better browser than Internet Explorer. By that, I mean, it’s much much easier to predict how certain markup will render.
Dec 26, 2005 3:06pm
Sep 5, 2006 3:32am
Hokay, my comment spam filter has been pretty successful and blocked about 60 posts in the last month.
However, I decided to start filtering posts through the Akismet web service instead. So I’ll see how that works.
if (preg_match('/\b(rape|viagra|levitra|cialis|vicodin)\b/i', $_POST['comment']))
...However, I decided to start filtering posts through the Akismet web service instead. So I’ll see how that works.
Mar 19, 2008 8:13pm
interesting site man
Mar 19, 2008 9:04pm
sweet site thx
Leave a comment
Accepts BBCode with a few enhancements.
