-
Please support me in the 2010 Ride to Conquer Cancer - last year we were able to raise $6.9 million for the Alberta Cancer Foundation - hopefully we can raise even more in 2010! -
Blog under the Creative Commons Attribution 3.0 License
Nov
22
(2006)
OK. Even I am getting sick of the incessant "spam blocking update" posts, but I figure if it helps even one other person put the brakes on the attempts of the evil spamroaches, it's worth it.
So, here's the latest. I got frustrated with the number of spamments that snuck through the combo of Bad Behavior and Spam.module, so I disabled both. I've reverted to using only Akismet.module, with the experimental spambot detection/prevention enabled.
And, so far, it's doing a better job at blocking the roaches. I've got no idea if it's also blocking legitimate hu-mans, though.
One nice thing about Akismet.module vs. spam.module – with Akismet's experimental spambot prevention, it's closer to acting like Spam Karma 2, where if you smell like a roach, you don't even get close enough to pop the lid off your can of spray paint.
I'll have to look into updating Akismet.module for Drupal 5. There's really no sense in actually moving to D5 without spam blocking. That'd be kind of silly.
As an aside, I was looking through some of the logs, and found an interesting user agent, which led me to the product website for one of the evil spam roach comment bot factory applications. They have disclaimers on the site saying they don't condone using their product without the permission of the blog owners. What? Permission? What a frakking load of ass-covering crap that is. Yeah. You're going to give someone permission to aim a program titled "Blog Post Uzi" – because, you know, Uzis are all warm and fuzzy, and the kind of thing that friends give permission to other friends to point at each other. Yeah. Permission to spray the output of a concealable assault gun. Whatever. Karma's going to catch up to you in spades, my friends at Promo Arsenal (dot com).
Cristoph – I had to give up on Akismet (again) because too much crap was sneaking through. I’m back to Spam.module, and it seems to be catching everything (touch wood).
will do, merlin. I might get to play with that this weekend. forecast has it dropping down to -20C and staying there till sometime next week. Should help productivity a bit, at least…
Let me know if you get akismet ported to D5; it’s one of the things I need for angry donuts too.
I’m also tempted to install captcha just to slow down the bot attacks. It’s still a waste of resources to let all those through and then ahve to delete my queue every now and again.
Kent, that’s basically what I’m running here. There are occasional spamments that get through, but I think they are the manual surveillance probes that are used before unleashing a bot attack. They get past the sniffer because it’s a human doing the probing, but once they throw the switch on the bot, they get blocked. There were 2 of these comments that got through last night, and they were likely just from sources not yet recognized by the Akismet cloud.
Have you tweaked the Akismet options at all?
Over time there are clusters of comments that get through, and I thought that I would share what I set up (which is mostly defaults).
I’d be interested if anyone has any additional tips or devations from this. In particular, whether it is better to set up any 503/403 error actions or let them think that they are succeeding by delaying or taking no action at all.
Akismet Service Options
* WordPress.com API key: xxxxxxxxxxxx
* Akismet connections: Enabled
* Connection timeout: 10
General Options
* Check for updates every: 1 week
* Remove spam older than: 3 days
* Records per page: 50
* Number of blocks: 1
* E-mail notifications: Disabled
Node Options
* Check for spam in these node types: blog, page, story, book …
* Show publish/unpublish links: Disabled
* Show submit spam/ham links: Disabled
Comment Options
* Check for spam in comments: Enabled
* Show publish/unpublish links: Enabled
* Show submit spam/ham links: Enabled
Spam Counter Options
* Spam counter: 14723
* Counting since: 2006-10-3
* Date format: November 24, 2006
Anti-Spambot Options
* Delay when spam is detected: 1min
* Identify spambots by:
X Content that has already been identified as spam.
* Actions against spambots:
X HTTP error 503 (Service Unavailable), showing a simple blank page.
Bryan – I absolutely refuse to use a Captcha for philosophical reasons. All it does is penalize humans, and the extra step really detracts from a conversation that’s easy to participate in. And they exclude anyone with visual impairments – blind or partially sighted people can’t do much with a Captcha, and dyslexics would have to struggle. That’s not what I want on my website.
Chris – I think most of the time, they don’t even know if their comments stick. They just employ tools like Blog Comment Uzi, set it to run overnight, and forget about it. If 1% of their attempts actually make it through on a couple of blogs per day, they’re winning.
And, I completely agree that the economic incentive needs to be removed. rel=”nofollow” isn’t the answer, as it breaks the web. I’ve explicitly not employed nofollow on comment links here – if a comment survives spam detection, it’s valid, so links are valid as well.
Keep up the good fight, I am not getting bored of your posts on the subject! I just wish there was a way to take the economic incentive away but unfortunately 99% of time they don’t care if the comments stick or not, they just carpet bomb away.
I have found that a mix of Captcha and Akismet solved most of my spam comment problems.
Yes, those spam “redirects” in the logs are quite annoying too. Some of those URLs are pretty clever and have deceived me a few times.
Good luck to everyone…
Hey D’arcy,
good to hear you are also on the spam fight and wait for the akismet DP5 release… dammit… I wish i could upgrade now as well as the cool RC1 is out…
best,christoph
PS: still need to fix that damn comment_notify bug…