I am not sure if anyone has noticed, but Sea Slugs! has been under siege the last few days from spambots that attempt to flood the comments with extremely useful information on Viagra, casinos, and cigarettes. I’ve been trying to put measures into place that will not stop visitors from commenting, but please shoot me an email if you find you cannot post and you are a real, live person. In addition to various link limitations, and built-in blacklists, there are also .htaccess measures that will not let you post a comment if you did not get to the comment from the comment .html page (makes sense, but if your browser does not send referral information, you may be stymied). I’m hoping to stay away from more stringent measures like having to enter a code from a funky looking picture before you post, or having to register to comment. Any suggestions on how to fight comment spam are welcome.
Also, as my computer sorta flopped and died over the weekend, I may end up dropping a few of the older series I had been blogging. Series like Dear Boys that are too hard to find again may slip through the cracks since I have a lot of newer series that I want to post about at the moment.
This post was written by...
Kabitzin – who has written 1970 posts on Sea Slugs! Anime Blog.
One of the founders of Sea Slugs, I handle most of the blog admin tasks while wearing my I AM BOSS shirt. I like my action series well choreographed, and my romance series extra trashy. I also have a soft spot for puns.
{ 7 comments… read them below or add one }
Yep, those insidious spambots are pretty evil – just as a word of caution, you might want to shield against Trackback spam as well — I don’t have trackbacks emailed to myself (as opposed to comments), and when I finally checked, I found scordes of trackback scam loitering around beneath the covers . . . nasty stuff, in my opinion, and there’s no *real* solution in Moveable Type except for turning TrackBack off
I once thought those bots are actually real humans. Until two weeks ago it sent 200+ spams to my blog. That’s the entire entries got spammed. Thankfully I have already installed MT Blacklist at that time. One hit and they’re all gone. Unfortunately, I am not sure what else to do but to type in the sort of keywords that you don’t want to see on your site. I’ve been a little bit crazy and start typing ‘viagra’, ‘pennicillin’ and all sorts of medication names that hasn’t got to do with anime. I know it’s overzealous but I can’t think of any other way. I also tend to use a keyword (for example, instead of blacklisting ‘www.nameofproduct.com’, I simply blacklist the word ‘nameofproduct’). The reason is because no matter how often they change their domain names, they still promote the same brand so I figure it’s more effective if I blacklist the brand name.
A simple solution is to add a random number generator to your “Leave a Comment” area and require the user to enter that number correctly before the page will accept a submit request. It’s the same scheme most high-profile sites use to prevent automated registration.
Whoops, I skimmed the post too fast and missed your “no codes” thing.
Another suggestion is to use JavaScript to obfusicate the label for the submit button. e.g.:
The current code looks like this:
You might be able to use something like:
type=< %variable> tabindex=”5″ value=”Say It!” />I would bet those automated spammers are just scanning the HTML for “submit” type and similar. If you use the variable in place of this, they won’t find the text.
I’m not positive on how the automated spammers work, so this may or may not work, but it’s an idea
Whoops again, the html got killed.
The current code looks like this:
[input name="submit" type="submit" tabindex="5" value="Say It!" /]
Could use:
[input name=[%variable] type=[%variable] tabindex=”5″ value=”Say It!” /]
Changing the [ and ] to < and > of course.
Haha, thanks all for commenting. In response:
– David: I know what you mean about trackbacks. At first I thought they were cool, but trackback spam is so evil that I just decided to stop the whole thing. Plus, trackbacks, even real ones, look so ugly compared to normal comments!
– Garten: I am using a blacklist in combination with my other methods, but I am worried about spammers attempting something similar to what email spammers do with funky spellings of words. On the other hand, the filter caught your comment due to the keywords in your post so thanks for giving me the peace of mind that real comments won’t get deleted (congrats you are the first moderated commenter to not be a spammer!)
– Dale: If things get out of control, I am leaning towards the funky picture code thing instead of forcing registration to leave comments. The changing of common values has been bantered on Wordpress support boards as a solution, but unfortunately it’s temporary as many spambots have fairly intelligent parsers, and most don’t actually use the html page to send the comments at all, but rather directly access the php for comments (hence the .htaccess blocking).
Keep those (legit) comments coming, and if all else fails, I’ll just hire some samurai ^^!
Cute, a bot with humour. When I see that spammers abuse a free service to host their spam, I sometimes grab a few dozen URLs at the same domain and report it to the admins. So far, I didn’t get a single negative response. If I got a response, the accounts were shut down. Unfortunately, some hosters ignore complaints. After killing a good amount of their free sites, they often resort to domains they actually own. At least that causes them deficits and it’s easier for search engines to ignore those domains.