« What happens when you don't think through design | Main | CT NEMBA picnic thingy »

Spam in comments

Mark does a nice summary and critique of possible solutions to spam in weblog comments.

Thankfully I've yet to encounter this problem in my weblog. I'm sure it won't be long until I do so I've already been thinking about a solution to this. I don't like disabling comments as I enjoy input and the little discussions that sometimes sprout at the most unexpected moments.

I also don't like the idea of making users register just to post a comment. Sure -- it may detract from spam to a certain extent but it inconveniences those who just want to leave a comment and be on their merry way.. Spammers already make our lives difficult enough, I don't want to add to that just to protect myself from those slimey rodents.

Since I don't receive all that many comments my solution involves a combination of several approaches:

1. Comments from regular contributors (email address - user/name and/or ip address match) show up automagically.
2. Comments from everyone else go to a queue for human-approval (that would be me *wave*).

The second part can be nicely refined..
- the typical ways of bot detection (time, agent, etc.. )
- keyword trap (typical spam trap tool)
- manual (me again, hi) black list.

Sounds like a lot of work.. I should get scripting.. right after I finish the ten other projects I'm in the middle of.. sigh

Posted by kasia on October 29, 2002 07:21 PM |

TrackBack

Listed below are links to weblogs that reference Spam in comments:

» The script kiddies are coming. The script kiddies are coming... (sigh) from Teal Sunglasses
if you look here, here, here, and here, blog spamming through content is suddenly showing up around the net. I [Read More]

Tracked on October 29, 2002 10:56 PM

Comments

Seems like this isn't a "Scripting" solution, but something that should be a "requested feature" from the MT folks. It might even be worth asking the Dynamic Duo Of Blogging how much they'd charge to add such a feature for public consumption (e.g., start a collection, etc. etc., to inspire them to add THAT feature next)

Posted by: Derek | October 29, 2002 07:57 PM

I'm a unix geek.. everything has a scripting solution.

Posted by: kasia | October 29, 2002 08:00 PM

The only problem is that it is easy to post as another person with only you (and the person who you are pretending to be) knowing. So you would have to go by IPs, but then what about dynamic IPs? Maybe go by IP blocks, but even then ISPs often use different blocks and if the spammer has the same ISP as a regular its ineffictive. The only well working safeguard would be to go by E-Mail addresses, and make sure everyone uses a website in the URL box so the spammers don't get the e-mail addresses...

--Techie2000 proving a point

(Yes I promise I'll never do this again, don't worry)

Posted by: kasia | October 30, 2002 07:52 PM

Spammers do not go around posting individual comments in weblogs by hand..that's not cost effective and would certainly not be worth the trouble.

It's all scripted.. scripts are inevitabely recognizable by some characteristic or another.. So until a spammer creates a script that passes a Turing Test, I think we can safely assume there will be way to get around them.

Posted by: kasia | October 30, 2002 07:55 PM