i don't like (comment) spam!

Michael Barton — Fri, 23 Dec 2005 06:06:20 +0000

You know, all of the comment spam is coming from the servers of Web hosting companies. Which makes sense; they rarely monitor or charge for outgoing connections. I assume that this page made its way into an automated comment spamming tool or something. I’m going to delete most of that spam, I think. Then I can remove the lame rel=”nofollow”s on comment links.

As mentioned, I assume that this spam is posted by some sort of automated tool. So, I have put an end to automated posting. How, you ask? I just hid one of those evil Unix timestamps in the form. If you post a comment 30 minutes after that timestamp, it gives you an error (and a preview where you can click Submit again, so it’s not evil).

Yeah, that’s easy to circumvent. The form also includes a checksum of the time (generated via fantastic, super-secret cryptographic methods that you’ll never figure out, so don’t even bother trying). The end result is that stale instances of the form, like those I assume live in a spammer’s database, won’t work.

They could still easily download the page and scrape out a valid timestamp and checksum, but I think it’s probably enough for now to not be the low-hanging fruit.

WeirdLooking.com: Michael Barton's Blog

i don't like (comment) spam!