More Anti-Spam Measures

Well, the Bayesian plugin I mentioned before is so painfully slow when trying to delete comments I just gave up on it entirely. Instead, I’ve decided to try taking a page out of fluffy’s book, or at least as much as seems possible without switching from HTML to PHP.

If you’re a human or a semi-intelligent chimp, you shouldn’t have any problems posting comments. However, spambots and other scripts ought to meet a 403 when trying to post junk. It’s surely not foolproof, but getting around it would require a spammer making an active effort to spam this particular site instead of just any sites it comes across.

It might be interesting to tarpit spambots when they try to post, but I didn’t see any immediately obvious way to do that without making nontrivial changes to the MT code or doing things behind MT’s back.

I wonder if there’s a way to have MT embed things like the poster’s IP address in the comment submission form. That would largely remove the need to rely on PHP to implement fluffy’s solution, if you don’t mind doing without hashing the values….

I also took the opportunity to upgrade MT to the latest version. Whatever that does for you.

Anyway, if you’re not a spambot and suddenly start having problems posting comments, e-mail me.

7 Responses

  1. Test

  2. Test 2

  3. Test 3

  4. fluffy, try it now. I can’t reproduce the problem.

    Besides, from the timestamp of your e-mail, I think you were trying to post while I was messing around with things (which explains that error message you were getting too).

  5. Oh, hi, sorry. Let’s see.

    Foo bar baz quux qiix asl;jdf;lajfsla; j buy viagra now.

  6. Yep.

    The current hidden key should keep the spammers at bay for a while, though just to be sure I’d add in some extra numbers and maybe do multiple instances of the entry ID to throw off any sort of automatic parser.

  7. If parsers do come into play, what would stop a spammer from just reading the comments form and including all hidden fields found in it as part of the spam submission? Since as far as MT can tell it’s coming from a legitimate user, the fanciest staticly-generated hidden fields in the world won’t do a thing. No parsing of the fields’ contents necessary.

Comments are closed.