fledglingoflove: blog spam

Pam (

fledglingoflove) wrote,
@ 2004-11-03 23:56:00

Entry tags:

website

blog spam
Okay, blog spam is getting just plain obnoxious.

I've been having to deal with it for awhile now. I've lost track of just how long. Over a year, perhaps? I thought switching to Wordpress might alleviate the problem a bit, but no such luck. Wordpress has allowed me to switch comments to being moderated, which is nice because now the spam doesn't show up on entries. But I don't like the fact that comments have to be moderated. Plus it's a huge hassle for me to delete 200 spam comments awaiting moderation every day.

I tried implementing this fix. What you do is change the name of the page that is responsible for posting comments. No such luck. It curbs the spam for about a day, then they get my new post page URL and they start hammering my blog anew.

This is really freaking annoying. My next step is to upgrade to a newer version of Wordpress, but will even that alleviate the problem?

(Post a new comment)

	sarianna 2004-11-04 01:55 am UTC (link)
	Hm. I rarely get spam here on LJ... (Reply to this) (Thread)

codepoetica
2004-11-04 06:09 am UTC (link)

I think that any comment that's seen exactly the same on multiple (aka: shitloads of) LJ entries could easily be identified as spam. Since there's a single controlling body, they can restrict comments on a threashold.

Individual bloggers don't have such a luxury.

Pam: I am running a wordpress blog [b4k4.ath.cx/wordpress/, and have recently been having the same problem. I turned on comment moderation for spam words and comments with more than 3 links (as all the comment spam I was getting seemed to have 4+). However, it still doesn't seem like a very good solution.

Since they're targetting the post form directly, renaming it could be a good idea. I don't like it. How about setting authorization cookie/session variables in some prior page (like wherever the "post comment" links are located)? I very much doubt that spambots are going to be smart enough/ bother to pass additional, randomly generated (md5?) arbitrary cookies or form variables along.

(Reply to this) (Parent)(Thread)

	nathanbp 2004-11-04 06:21 am UTC (link)
	You could try that thing where you display a picture with some random characters and they have to type them in. Like for a lot of the free e-mail sign-ups and stuff. hopes you know what he's talking about, cause he forgot the name >_>; Dunno how you'd implement it, tho. (Reply to this) (Parent)(Thread)

	codepoetica 2004-11-04 06:30 am UTC (link)
	It's called a Captcha [Completely Automated Public Turing test to tell Computers and Humans Apart]. There has been some wordpress-specific hacking to this effect. Gudlyf's Wordpress Hack: AuthImage does exactly this. However, this is fairly bad from an accessability perspective. Is this a scenario where we screw over the blind web users? (Reply to this) (Parent)(Thread)

	nathanbp 2004-11-04 06:44 am UTC (link)
	In this case, I would say yes, since your blog is mostly targeted at a rather small, known, audience, and unless one of them is blind, you might as well just use it. (Reply to this) (Parent)

codepoetica
2004-11-04 06:40 am UTC (link)

Churchtown has taken an interesting approach in the Wordpress Support Blog: Comment Spam:

1) in robots.txt disallow the normal wp-comments-post.php
2) change the name of the actual wp-comments-post.php
3) allow only REFERERs from my own site
4) include disable script in (honey trap) wp-comments-post.php

This sounds like a rather effective banning stratagy, though it hinges on several key points.

bots accessing the normal wp-comments-post.php are in violation of the robots.txt rule, and thus deserve banning?
renaming the wp-comments-post.php file still sounds like a poor solution, but it may be required
I like the idea of only permitting requests with a proper referrer, but that header can be faked. I like the idea of using this in addition to another header.
automagical banning w00t!

A combination of stratagies would likely provide the most successful solution.

(Reply to this) (Parent)(Thread)

	fledglingoflove 2004-11-04 12:15 pm UTC (link)
	Of those four, I only know how to implement #2. Heh. But I'm sure I can google around and figure the rest out. I should probably upgrade Wordpress before doing any further tweaking, though. I'm currently running Wordpress 1.0.2. (Reply to this) (Parent)(Thread)

	codepoetica 2004-11-04 03:16 pm UTC (link)
	I'm running 1.2, but we're up to Wordpress version 1.2.1: Mingus, so I might consider upgrading. Don't know what was changed apart from some security bugs. (Reply to this) (Parent)

	izuko 2004-11-04 06:38 pm UTC (link)
	I have a solution, but it's not fit for a pacifist. Still, just this once, it'll make you feel better. (Reply to this)

Username:		Create an Account Forgot your login or password? Login w/ OpenID
Password:
	Remember Me
	English • Español • Deutsch • Русский…

About

Help

Get Involved

Legal

Store

LJ Labs