Comments on: how to solve the comment spam problem http://dan.hersam.com/2004/11/04/how-to-solve-the-comment-spam-problem/ A computer programmer's commentary on news, Linux, programming, music, web design, trivia, humor, usability and whatever else strikes his fancy at the time. Tue, 22 May 2012 06:10:27 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: DavidH http://dan.hersam.com/2004/11/04/how-to-solve-the-comment-spam-problem/comment-page-1/#comment-4940 DavidH Tue, 09 Nov 2004 20:11:30 +0000 /?p=1058#comment-4940 I don't know if I'll understand it, but I'm curious what you did. Thanks I don’t know if I’ll understand it, but I’m curious what you did. Thanks

]]> By: dan http://dan.hersam.com/2004/11/04/how-to-solve-the-comment-spam-problem/comment-page-1/#comment-4933 dan Mon, 08 Nov 2004 23:06:10 +0000 /?p=1058#comment-4933 That's not a bad idea but it would only be a matter of time until they started looking for a javascript function to submit. On a brighter note, I've just figured out how to stop the current rash of comments, and so far it has been 100% effective. I want to keep it on the down low because if they learn how I did it, they'll probably try to thwart it, so I don't want to spill the beans. It's similar to what I was doing before, but I went a bit further. It's not likely to be of much use for other sites since they may not be dealing with the same spambot, but if you're interested post a comment here and I'll e-mail you what I did. That’s not a bad idea but it would only be a matter of time until they started looking for a javascript function to submit.

On a brighter note, I’ve just figured out how to stop the current rash of comments, and so far it has been 100% effective.

I want to keep it on the down low because if they learn how I did it, they’ll probably try to thwart it, so I don’t want to spill the beans. It’s similar to what I was doing before, but I went a bit further. It’s not likely to be of much use for other sites since they may not be dealing with the same spambot, but if you’re interested post a comment here and I’ll e-mail you what I did.

]]> By: mckay http://dan.hersam.com/2004/11/04/how-to-solve-the-comment-spam-problem/comment-page-1/#comment-4931 mckay Mon, 08 Nov 2004 23:00:16 +0000 /?p=1058#comment-4931 If they're just bots maybe they're just looking for an input->submit element. Maybe you could fool them by using a javascript function to submit the form instead of a 'submit' button. If they’re just bots maybe they’re just looking for an input->submit element. Maybe you could fool them by using a javascript function to submit the form instead of a ‘submit’ button.

]]> By: dan http://dan.hersam.com/2004/11/04/how-to-solve-the-comment-spam-problem/comment-page-1/#comment-4889 dan Mon, 08 Nov 2004 06:27:22 +0000 /?p=1058#comment-4889 I guess I misunderstood your initial solution. I just found text that was common to about 40% of the comment spam I get and filtered it out. If I had fields that were always identical, I would gladly use that as a 100% spam filter, but I do not have that luxury and I prefer not to add fields. I'm still looking for a better solution. I guess I misunderstood your initial solution. I just found text that was common to about 40% of the comment spam I get and filtered it out. If I had fields that were always identical, I would gladly use that as a 100% spam filter, but I do not have that luxury and I prefer not to add fields. I’m still looking for a better solution.

]]> By: Levi http://dan.hersam.com/2004/11/04/how-to-solve-the-comment-spam-problem/comment-page-1/#comment-4886 Levi Mon, 08 Nov 2004 05:42:56 +0000 /?p=1058#comment-4886 I'm not sure you caught the meaning I meant to convey, because what you did doesn't sound like what I did at all. I have two fields, A and B, that when they're part of a spam comment, always have the same text C in them. The text C varies so much that bayesian training was going incredibly slowly, but it was a universal fact that in a single spam, A = B despite the variability of C between postings. For now, this is a 100% spam filter. If we're being hit by the same bots, perhaps you could capitalize on it by introducing a new field and seeing if it gets the same input as another field. I’m not sure you caught the meaning I meant to convey, because what you did doesn’t sound like what I did at all. I have two fields, A and B, that when they’re part of a spam comment, always have the same text C in them. The text C varies so much that bayesian training was going incredibly slowly, but it was a universal fact that in a single spam, A = B despite the variability of C between postings.

For now, this is a 100% spam filter. If we’re being hit by the same bots, perhaps you could capitalize on it by introducing a new field and seeing if it gets the same input as another field.

]]> By: dan http://dan.hersam.com/2004/11/04/how-to-solve-the-comment-spam-problem/comment-page-1/#comment-4884 dan Mon, 08 Nov 2004 04:40:50 +0000 /?p=1058#comment-4884 I've started doing the same thing because some of the comments contain the same text, but it's only catching 15-20 a day, meaning I still get 20-30. I'm also confused by the tactics being used on another blog. They're comment spamming the blog with URLs that don't exist, using a person's first and last name. I don't understand how they can benefit from that. I’ve started doing the same thing because some of the comments contain the same text, but it’s only catching 15-20 a day, meaning I still get 20-30.

I’m also confused by the tactics being used on another blog. They’re comment spamming the blog with URLs that don’t exist, using a person’s first and last name. I don’t understand how they can benefit from that.

]]> By: Levi http://dan.hersam.com/2004/11/04/how-to-solve-the-comment-spam-problem/comment-page-1/#comment-4876 Levi Mon, 08 Nov 2004 02:35:57 +0000 /?p=1058#comment-4876 My blog is running on Drupal software, which allows for a 'Subject' field. For some reason, every single spam I've got has identical subject and name fields. I just added some logic to the spam module to assume a comment that has identical subject and name fields to be spam, and now I am 100% spam-free. The bonus is that these are still analyzed and stuck in the bayesian filter, so hopefully if the spammers grow wise to this the filter will be well-trained enough to still work well. My blog is running on Drupal software, which allows for a ‘Subject’ field. For some reason, every single spam I’ve got has identical subject and name fields. I just added some logic to the spam module to assume a comment that has identical subject and name fields to be spam, and now I am 100% spam-free. The bonus is that these are still analyzed and stuck in the bayesian filter, so hopefully if the spammers grow wise to this the filter will be well-trained enough to still work well.

]]> By: dan http://dan.hersam.com/2004/11/04/how-to-solve-the-comment-spam-problem/comment-page-1/#comment-4789 dan Fri, 05 Nov 2004 22:03:45 +0000 /?p=1058#comment-4789 I just found out about <a href="http://weblog.sinteur.com/index.php?p=7967">a plugin that checks various blacklists</a> for the IP of the commentor and denies the comment. We'll see how well it works. The previous link discusses the code and here is the <a href="http://charles.gagalac.us/wordpress-plugins/ip-blocklist/">source code for the plugin</a>. I just found out about a plugin that checks various blacklists for the IP of the commentor and denies the comment. We’ll see how well it works. The previous link discusses the code and here is the source code for the plugin.

]]> By: dan http://dan.hersam.com/2004/11/04/how-to-solve-the-comment-spam-problem/comment-page-1/#comment-4779 dan Fri, 05 Nov 2004 17:02:55 +0000 /?p=1058#comment-4779 That's an interesting idea, but they may not be smart enough to realize no one is seeing the traffic and celebrate and their newfound popularity. That’s an interesting idea, but they may not be smart enough to realize no one is seeing the traffic and celebrate and their newfound popularity.

]]> By: Eric James Stone http://dan.hersam.com/2004/11/04/how-to-solve-the-comment-spam-problem/comment-page-1/#comment-4773 Eric James Stone Fri, 05 Nov 2004 05:56:26 +0000 /?p=1058#comment-4773 Hmm. The spammers may be looking for traffic, but do they want traffic that nobody sees? Strip the URLs out of comment spam. Add them to a file as the SRC of an image tag. At the very bottom of your page, include an invisble IFRAME calling that file. The result is a hit to their server every time someone visits your blog, but they get no benefit out of it because no one sees their page at all. (By calling their page as an image source, you prevent them from causing popups or other nasty things.) Sure, one blogger alone doing this won't make a difference. But if a lot of bloggers did it... Hmm. The spammers may be looking for traffic, but do they want traffic that nobody sees?

Strip the URLs out of comment spam. Add them to a file as the SRC of an image tag. At the very bottom of your page, include an invisble IFRAME calling that file. The result is a hit to their server every time someone visits your blog, but they get no benefit out of it because no one sees their page at all. (By calling their page as an image source, you prevent them from causing popups or other nasty things.)

Sure, one blogger alone doing this won’t make a difference. But if a lot of bloggers did it…

]]>