may 25, 2010 : steve kong : 4 comment(s)
Spammers have a special place in hell. I hope they all burn and burn for a long time.
Anyways, for some reason, I forgot to add the comments RSS feed to my RSS reader. That meant that for a while, the comments weren't being actively checked. The other day when I came to my blog to look for something, I was surprised that there was a boatload of comment spam. I cleaned it up quickly and figured that the spam deterrent for dertyn was a bit underwhelming.
I figured out a different way of trying to block spammers. I pretty am sure the ones that got through were from a human and not a bot (I could be wrong though). The method that I came up with will cause people to use their heads a little more to post a comment -- but it is still better than forcing people to create an account and log in. It also should be good enough to not be brute forced by robots.
Hopefully, it will be enough to keep the spammers at bay. I will trying to figure something else out to better fortify the comments section so that they can stay open. Grab the latest version of dertyn here.
I hate spammers.
Comments
I always liked the honeypot approach. Have a real set of fields with nonsensical names and an fake set of fields (hidden with CSS) with "real" names (ie: subject, name, url). If the "real" fields are filled in, you know it is a bot.
May 25, 2010 @ 06:13 PM
that was one of the original things that was implemented (and is still). if you look in the html code, you'll see the hidden field that is used for catching bots. i think what happened was that some human came around every so often and dropped off their crap spam. sucks.
May 25, 2010 @ 07:32 PM
grr. they came back, definitely a human who is persistent. so, resorting to something more drastic on the backend: hosts.deny since it looks like they are coming from the same places in china. take that assholes!
May 26, 2010 @ 07:59 AM
so, added two more anti-spam things to the dertyn code. 1) a url blacklist that i can add patterns to. these patterns are used to check against incoming URLs in the URL: field for comments. 2) added the "google link killer". this was suggested by jr. basically, no more direct links from dertyn comments, they will get steered towards google first. this will alleviate the problem of stupid spammers that don't understand the "nofollow" property. it also eliminates my pages showing up on things like http://siteexplorer.search.yahoo.com/ if i don't clean up spam links quick enough. those are the code changes i've made on top of the anti-spam stuff from the other day to squelch robots. these ones, i hope will take care of those pesky and persistent human spammers (along with some behind the scenes iptables DROPping of packets).
May 27, 2010 @ 02:50 PM