Comments on: Magic word comment spamtrap

By: tikitu

tikitu — Wed, 13 Jul 2005 15:06:20 +0000

Ah, good points. Especially like the hidden field, given that point about spiders not actually reading pages at all. But surely the easiest thing of all would be a find-replace in the comment-handling script that just adds a prefix to the fields expected. The installation process for standard blogging tools should do this. (Of course the next-gen spiders then will read the pages to find out the prefix...)

Wrt blacklisting: that's more-or-less what Spam Karma does, only it builds its own blacklist. You get downgraded if you make lots and lots of comments real fast, or if you include too many links (this keeps tripping Erik up :-).

By: Robin

Robin — Wed, 13 Jul 2005 12:43:30 +0000

Some of your ideas won't work, in particular the 'clear this field' ones. As I understand it (having written robots that do form submission, although not evil spammy ones), they don't simulate a page being submitted by going to it, finding all the form details, constructing a suitable response, and submitting that. Instead they simply post straight to the comment handling script (note: they may have gotten more advanced due to people trying to avoid them)

What I'd suggest: * Rename the comment handling script, so the bots can't find it. * Put a hidden field in the page that is required by the comment script (similar to the 'type this phrase' thing, except the submitter doesn't have to do any work, as a real browser will take care of it.) For bonus marks, have the field value be a) random for a specific page, or b) random for a time duration (sucky if people take a long long time to type the comment, but there are ways to deal with that) * Have the comment script do a blacklist lookup on any URLs. There are blacklists that track URLs that are being spamvertised, if the same thing has been sent out in mass mails, it may well be there.

Any of these can be worked around by evil spammers, but that's not the point. In rp parlance: "I don't have to run faster than the troll, I just have to run faster than you!". Make yourself harder to spam than the average joe, and you'll find they go for the lower hanging fruit. (Make what you will of the implication that you're a fruit :)

By: tikitu

tikitu — Wed, 29 Jun 2005 12:09:43 +0000

That is indeed true. I just happen to dislike them (my character recognition often isn't good enough, either). (I could bleat about blind people, screen readers, etc, but I somehow doubt that anyone blind is reading my blog...)

By: erik

erik — Wed, 29 Jun 2005 12:00:44 +0000

why not just a rendered image with a password? Character recognition won't be good enough in the upcoming years to recognise misformed letters ... Since i installed it i didn't have any comments, euh, spam anymore ... e.g. http://uberdork.supertwist.net/2005/03/13/plug-it-in-plug-it-in/ See my comment forms for an example