Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Why Comment Spam Can Never Be Stopped

On Sun, 04 Sep 2005 06:38:03 +0100, Roy Schestowitz wrote:

> [John had comment spam]
> __/ [Karim] on Saturday 03 September 2005 20:29 \__
> On Sat, 03 Sep 2005 08:19:42 +0100, Roy Schestowitz wrote:
>>> Join the club, John. I tried changing default fields (are you using
>>> 'in-house' forms by the way?), added CAPTCHA, added many filters
>>> including Spaminator. I still struggle to purge about 50-100 messages per
>>> day in 2 sites. Only 10% will bubble through, but it is enough to upset a
>>> webmaster. If not erased quickly enough, it only encourages more.
>>> Save the trouble, John. Changes will only cater as a temporary solution.
>>> Consider closing comments altogether. I know I do.
>> The best thing to do other than closing comments is use a seriers of
>> filters:
>> - Have users log in before posting comments
>> - Using Capcha
>> - Reject all comments with URls
>> - Use something like http://www.angrypets.com/tools/rdos/
>> and after all these filters, you should be left by comments left by
>> persistent human posters, hopefully very few or none, then do a full
>> moderation. Only usefull comments will be posted then.
>> I prefer to read blogs with good comments than blogs with no comments.
>> Karim
> Thanks Karim.
> - Logging on before posting is a process tedious enough (from the user's
> perspective) as to result in no comments at all.

Well.. for the users who find it tedious, they don't have to post. But for
the ones who can, let them do it. Why block comments *completely*? Browsers
can remember your username and password and you don't have to enter them
everytime you post.

> - CAPTCHA likewise, but it also appears ineffective. Have a look at the
> following:
>    http://sam.zoy.org/pwntcha/

For some reason, all Captcha's are all of the type "what are the numbers
that you see". Why don't they post a photo and ask a question like "Why do
you see". If it's an airplane, enter 'airplane'. If the spammers have the
technology to decode the content of photos programmatically, I advice them
to patent their invention and sell it to Google for millions.

Captcha are like spam filters. They do not block 100% but they are much
better than NO filters. Captcha will block some if not most or all comment
spammers. It's still useful.
Hotmail, yahoo mail, Overture and many others still use Captcha's. I think
they know that these can be effective. Captcha's come in different styles.
Use a good one.

> -IP blocking is not a possibility. You may end up blocking too many benign
> visitors (see Dougal Campbell on spam). Spammers have gathered and
> capitalised on many unique addresses by now.

You do some inestigation. You block ip addresses if many spam came from the
same ip address over time.

> -"All comments blocked if URI is contained within" - well, what about the
> URI of the commenter's homepage? I currently have a limit set to at most
> one URI. URI (or URL if you prefer) is the motive for most when leaving a
> comment in the first place.

It doesn't matter. Post a comment without referring to your homepage.

> -Moderation - people dislike being put in a moderation queue and it still
> involves filtering work by the webmaster. I currently add to moderation
> queue anything that matches a sensitive word. The spammers are now hitting
> with different encodings, which requires yet another 'upgrade'. It simply
> isn't worth the investment (time).

You can't make everyone happy. There are many famous message boards that
are moderated. If you want to post to a private community, obey the rules.
If someone doesn't like the posting rules, he can be lurker or move on.

> I sometimes think to myself: how long will it take to develop a 'serum' to
> x? If I tolerate x, how much effort will be spent 'tolerating it' over the
> timespan y? I learned from experience that for any x, soon will emerge x_1
> and x_2 and x_3 where x is yet another hack that the spammers find (e.g.
> trackback spam, encodings, proxies, long intervals between posts)...

No solution is perfect where everyone is happy. Studios publish songs and
movies even though many people copy them. Software is published even though
copy protection is ceacked and key generators are made.  spam still filters
through even we hopefully use spam filters. W try to thwart the bad guys.
We can't block them and we shouldn't give in.

http://www.cheapesthosting.com - Innovative Web Hosting since 1998
Spam and Virus protected email - Online calendars with email notification
Camera phone photos automatic transfers to your photo album (RSS Enabled)

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index