Comment Spam Again

I posted a comment to the first Comment Spam post to see if it still works. It appears to have. I wanted to layout the rest of my comment spam strategy here.

Today I installed HashCash. I uses JavaScript to thwart the bots. I guess if you don’t have JS enabled on your browser, you won’t be able to comment here.

I was also going to use Kitten’s Spaminator. When I opened the php file in Notepad, there were no line breaks. Until and unless someone tells me what I’m doing wrong, I won’t be using this method. Since I have WordPress v1.2.2, I need to edit the php directly instead of using the interface.

If HashCash isn’t satisfactory, I’m going to try periodically renaming the commenting php file. The problem is that anyone that uses WordPress has the same file name that handles comments. The bots know this name and edit it directly (or something like that). Changing the file name prevents the bot from finding the file. This all assumes that I can find the instructions to do it – a cursory search of the WP forums didn’t turn it up for me.

Next, I might try adding the code from this post that warns commenters if a forbidden word was used.

Then I might try a few things from Combat Comment Spam.

If none of that works or looks good, I’ll be going with CAPTCHA, Preview, and User Registration in that order. I don’t think it will come to that, though. This guy defeated CAPTCHA and you may be interested in reading about it. If you like capitalization and punctuation and much as me, you might not want to read this page – it has neither. Defeated or not, I don’t lose much by having as many defenses as are out there.

I plan to implement these one at a time until I get a manageable amount of spam or until the good folks at Spambayes come out with something for comment spam.

Thanks, everyone, for the comments on the first post.

Posted in Uncategorized

6 thoughts on “Comment Spam Again

  1. I haven’t been afflicted yet (fingers crossed) but some guy decided to go through my Japanese blog and write comments (manually) about stuff he was trying to sell. Luckily I caught him by comment number 4 and deleted them after turning the “allow comments” option off for a few days. A bit drastic but he hasn’t come back since. Good luck anyway, these guys should be horsewhipped.

  2. “If you like capitalization and punctuation as much as me, you might not want to read this page – it has neither.”

    Would I be considered a pedant in pointing out the article name-checks .NET (as typed)? (Did you notice I corrected your typo in the quote?)



  3. Often items that I open in Notebook that appear not to have line breaks *do* have them when I open the same file in WordPad.

  4. There are two different standards for newlines. Unix/Linux/etc use linefeed, while Windoze uses carriage-return/linefeed. You’re not seeing the linebreaks because the file is a unix style file being viewed on a windoze program. Sane programs operate with both. If you had ftp’ed the file in ascii mode, the ftp client usually will make the change depending on the two file systems. If you grab it as a file archive (zip, gz), the translation isn’t occurring.

  5. Jamie: Yes and yes.

    David: Thanks for the explanation. It was zip, so I guess I can’t be too hard on “Kitten”.

  6. I’ve been bot-ed for a while and I haven’t found a good way to fix this. J-walk is using the ‘preview’ technique which seems to work, but I am not sure how to implement this on WordPress. I’ll be eagerly waiting for the results of your experiments !

Posting code? Use <pre> tags for VBA and <code> tags for inline.

Leave a Reply

Your email address will not be published.