Archive for the 'Comment Spam' Category

Captcha’s are lame

Published
by
Tom Raftery
on 9/12/2005
in Blogging, Business blogging and Comment Spam
. 13 Comments

A captcha is an acronym for “completely automated public Turing test to tell computers and humans apart - in other words a type of challenge-response test used to determine whether or not a computer user is human (or another computer).

From the Wikipedia entry on Captcha’s:

A common type of captcha requires that the user type the letters of a distorted and/or obscured sequence of letters or digits that appears on the screen. Because the test is administered by a computer, in contrast to the standard Turing test that is administered by a human, a captcha is sometimes described as a reverse Turing test

Recently, I have seen several bloggers install captcha’s as a way to try to stop comment spam on their site - guys, captcha’s are lame.

Captcha's are lame

Why are captcha’s lame? Captcha’s are lame because:

  1. they force the burden of work back on your commenter and pushing extra work on your readership displays a lack of respect
  2. they show you are too lazy to properly secure your blog against comment spam (using blacklists, .htaccess, number of links, etc.) and most importantly,
  3. they discriminate against partially-sighted readers

There are many good anti-comment spam tools and procedures available, don’t use captchas.

Comment spam run last night

Published
by
Tom Raftery
on 4/10/2005
in Comment Spam and Technology
. Comments

Apologies to anyone who subscribed to comments on this site and was emailed the spam comments which hit this site last night.

The site was hit by over 80 spams overnight - the first spam run to make it through my anti spam defences in over a year.

Curiously, all the spams came from a single ip address (71.57.133.162) and that ip is now blocked by my .htaccess file.

Hopefully it will be another year before this happens again!

UPDATE:
I see this spammer also visited the Spamhuntress - what a twit! Go get him Ann!

Spamming can seriously affect your health!

Published
by
Tom Raftery
on 26/7/2005
in Comment Spam, Security, Technology and Trackback Spam
. Comments

Via Loic

From MozNews.com

Russia’s Biggest Spammer Brutally Murdered in Apartment

Vardan Kushnir, notorious for sending spam to each and every citizen of Russia who appeared to have an e-mail, was found dead in his Moscow apartment on Sunday, Interfax reported Monday. He died after suffering repeated blows to the head…

Under Russian law, spamming is not considered illegal, although lawmakers are working on legal projects that could protect Russian Internet users like they do in Europe and the U.S

For more info on Kushnir, see the WikiPedia entryhere.

UPDATE:
Russian police are now saying that Kushnir’s death was a robbery gone wrong and was unrelated to his spamming - see here for more.

A spam comment makes it through my comment spam defences

Published
by
Tom Raftery
on 29/3/2005
in Comment Spam
. Comments

Well, it had to happen - a comment spam made it through my defences and onto the site this morning. Having said that, I never thought the site would be spam-free for four whole weeks when I turned off my comment spam plugins.

The spam, which was on the site this morning, looked innocuous enough. The text of the comment was

I came to your site accidentially, but found it very good to read. Thanks.

The comment was from someone calling themselves elephant with the email address norman@chick.com. The domain being pointed to by the comment was 11say.com and the comment was left with a User Agent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1).

Something about the comment didn’t seem right so I did a bit of digging. I checked out the site and at a first cursory glance, it appears to be a legitimate site but looking a little more closely, you will notice the text is nonsense and below the copyright notice there are a load of links.

So I did a bit more research on the comment (address lookup, whois info, traceroute, etc.) and forwarded my findings to SpamHuntress. She subsequently wrote a comprehensive post on it.

Searches on Google and MSN Search for the term “I came to your site accidentially,” (including the inverted commas and note the misspelling of accidentally) show that those responsible for this spam have been busy and are also using a variety of aliases and many other domains all pointing to the same spam site.

They are also using the comment text

I have learned about this at school today!

and

Hey Jon did’t know you are reading this too :0. Greets

so if you see any of these comments on your site, delete them.

Comment spam plugins no longer required!

Published
by
Tom Raftery
on 8/3/2005
in .htaccess, Blogging, Comment Spam and WordPress
. 55 Comments

I have written many posts on my battles with WordPress comment spam but all that appears to be coming to a very satisfactory solution. I am now no longer using any comment spam plugins and I have stopped moderating comments on this blog.

How did I get to this enviable position? Well, it has been a long road and I have learned loads about WordPress along the way.

I started down this road by trying various comment spam plugins with different degrees of success. However, none were really satisfactory. The best one was WP-Hashcash - best in that it was most transparent to the user - but it requires commenters to have Javascript turned on in their browser. So I kept looking for another strategy to eradicate this scourge from my blog.

I upgraded from WordPress 1.2 to WordPress 1.5 (the current version) - WordPress 1.5 has a number of anti spam comment features natively built in.

Of these, I have set the number of links allowed in comments to 3 - any more than that, and the comment is auto-moderated.

I have populated the blacklist with a short list of words (just over 40) - any comments containing these words are automatically deleted - boom! No notification to me, no notification to the commenter.

I have written a custom .htaccess file which blocks a lot of potential spam commenters at the gates. Instructions on how and why I set it up are here.

And finally, I have installed Dr. Dave’s plugin Referrer Karma. I know, I know, I said I didn’t have any comment plugins, but I don’t. Referrer Karma is a referrer spam plugin which just happens to work like my .htaccess file (but much more elegantly) to block the bad guys at the gates.

The combination of these measures has allowed me to turn off moderation on the comments on my blog - and so far (one week later) no comment spam has made it through my defences. I’m not saying the war is over but, so far, I seem to have won this round.

Easy effective control of comment spam

Published
by
Tom Raftery
on 14/2/2005
in Blogging and Comment Spam
. Comments

MacManX posted a comment spam strategy on the WordPress Beta discussion site the other day which caught my attention.

In the post he said he uses a plugin called WP-HashCash. The main advantage of this plugin is “it requires no maintenance or intervention on my part, and it’s invisible to my readers”.

He went on to explain:

WP-HashCash uses an encrypted hidden field. You must have javascript enabled to decode the encrypted field (most bots don’t use javascript) and must have entered the comment from the actual post link to generate the correct value for the field. So, if a bot either didn’t have javascript or directly visited wp-comments-post.php, the comment would simply not go through. No deleting, no moderation, it just never existed.

Intrigued at the prospect of a maintenance-free spam solution and taking him at his word on its efficacy, I have installed WP-HashCash and disabled Spam Karma.

I found I was having a couple of niggling issues with Spam Karma and since its developer, Dr. Dave, announced he has frozen development of Spam Karma, the decision to switch wasn’t a hard one.

I am combining this with the blacklist feature of WordPress 1.5 (which will require a little maintenance) and I am moderating comments until I am confident that WP-HashCash is the solution I have been looking for.

Roll on a spam-free blogging experience!

Tom Raftery’s Social Media is Digg proof thanks to caching by WP Super Cache!