Comments on: Some progress against the evil spammers http://www.darcynorman.net/2006/11/23/some-progress-against-the-evil-spammers/ just a lowly edtech geek, mumble mumble university of calgary Sun, 21 Mar 2010 07:42:42 -0600 http://wordpress.org/?v=2.9.2 hourly 1 By: James McKay http://www.darcynorman.net/2006/11/23/some-progress-against-the-evil-spammers/#comment-82625 James McKay Wed, 31 Dec 1969 17:00:00 +0000 1768622521#comment-82625 Have you tried using Bad Behavior and Akismet in combination? Seems to work pretty effectively for me at the moment. Bad Behavior traps something like 95% of spam leaving Akismet with only the odd one or two to mop up. Have you tried using Bad Behavior and Akismet in combination? Seems to work pretty effectively for me at the moment. Bad Behavior traps something like 95% of spam leaving Akismet with only the odd one or two to mop up.

]]> By: Martin Cleaver http://www.darcynorman.net/2006/11/23/some-progress-against-the-evil-spammers/#comment-82645 Martin Cleaver Wed, 31 Dec 1969 17:00:00 +0000 1768622521#comment-82645 Did you try <a href="http://unknowngenius.com/blog/wordpress/spam-karma/">Spam Karma?</a> That can be used without licence fee. It seldom misses any spam, Did you try Spam Karma? That can be used without licence fee. It seldom misses any spam,

]]> By: dnorman http://www.darcynorman.net/2006/11/23/some-progress-against-the-evil-spammers/#comment-82665 dnorman Wed, 31 Dec 1969 17:00:00 +0000 1768622521#comment-82665 I'd tried the combo before. I'm not in love with Bad Behavior because I've seen too many false positives, which essentially ban innocent bystanders from even seeing the website just because BB thinks they smell like spam. And, I was trying to reduce the amount of code having to run, hoping to improve performance on my server. I’d tried the combo before. I’m not in love with Bad Behavior because I’ve seen too many false positives, which essentially ban innocent bystanders from even seeing the website just because BB thinks they smell like spam. And, I was trying to reduce the amount of code having to run, hoping to improve performance on my server.

]]> By: Sharlene http://www.darcynorman.net/2006/11/23/some-progress-against-the-evil-spammers/#comment-82668 Sharlene Wed, 31 Dec 1969 17:00:00 +0000 1768622521#comment-82668 I've had mixed luck with the hidden field as well. Validation is pretty hard to get by, however. If your form has something like a phone number (which this one doesn't) you can make sure that that field is a number. On one of my forms that gets hit hard I made the year mandatory (it's a grad website so people need to put in the year they graduated). I did this because I noticed that the bots didn't recognize that field as something special. I wouldn't know what to suggest for comments; on my own site I added an allowed time script... so you can only comment once every 10 seconds. This seems to work because I haven't gotten spam yet (knock on wood). I’ve had mixed luck with the hidden field as well. Validation is pretty hard to get by, however. If your form has something like a phone number (which this one doesn’t) you can make sure that that field is a number. On one of my forms that gets hit hard I made the year mandatory (it’s a grad website so people need to put in the year they graduated). I did this because I noticed that the bots didn’t recognize that field as something special.

I wouldn’t know what to suggest for comments; on my own site I added an allowed time script… so you can only comment once every 10 seconds. This seems to work because I haven’t gotten spam yet (knock on wood).

]]> By: dnorman http://www.darcynorman.net/2006/11/23/some-progress-against-the-evil-spammers/#comment-82669 dnorman Wed, 31 Dec 1969 17:00:00 +0000 1768622521#comment-82669 yeah. with required fields for comments, it's just a slippery slope on the way down to a Captcha, which is just plain wrong. Even the time limits are possible to get around, by setting an interval on the bot... yeah. with required fields for comments, it’s just a slippery slope on the way down to a Captcha, which is just plain wrong.

Even the time limits are possible to get around, by setting an interval on the bot…

]]> By: dnorman http://www.darcynorman.net/2006/11/23/some-progress-against-the-evil-spammers/#comment-82694 dnorman Wed, 31 Dec 1969 17:00:00 +0000 1768622521#comment-82694 Sharlene, I've tried the hidden form field trick as well, but smart bots actually get around it. I suppose the server could generate a unique "key" for a page view, and if it's not passed back then it's invalid. But that just begs to break. Occam's razor, and such. Sharlene, I’ve tried the hidden form field trick as well, but smart bots actually get around it. I suppose the server could generate a unique “key” for a page view, and if it’s not passed back then it’s invalid. But that just begs to break. Occam’s razor, and such.

]]> By: Sharlene http://www.darcynorman.net/2006/11/23/some-progress-against-the-evil-spammers/#comment-82695 Sharlene Wed, 31 Dec 1969 17:00:00 +0000 1768622521#comment-82695 We constantly struggle with spam and forms here as well. It's relentless. We've come up with a couple of neat ideas (like having a hidden form field and if that form field is filled in have a script delete it -- theoretically only a bot would fill a hidden field in). Form validation is good as well -- but that's only handy when you have something like numbers to validate on. We constantly struggle with spam and forms here as well. It’s relentless. We’ve come up with a couple of neat ideas (like having a hidden form field and if that form field is filled in have a script delete it — theoretically only a bot would fill a hidden field in). Form validation is good as well — but that’s only handy when you have something like numbers to validate on.

]]> By: dnorman http://www.darcynorman.net/2006/11/23/some-progress-against-the-evil-spammers/#comment-82697 dnorman Wed, 31 Dec 1969 17:00:00 +0000 1768622521#comment-82697 Martin, Spam Karma (and Spam Karma 2) are WordPress plugins. This site (and all of my project sites) are running on Drupal. I do really miss SK2 - it was nearly bulletproof, and completely transparent. Mike, sure thing. Thanks! Martin, Spam Karma (and Spam Karma 2) are WordPress plugins. This site (and all of my project sites) are running on Drupal. I do really miss SK2 – it was nearly bulletproof, and completely transparent.

Mike, sure thing. Thanks!

]]> By: TheWhippinpost http://www.darcynorman.net/2006/11/23/some-progress-against-the-evil-spammers/#comment-82702 TheWhippinpost Wed, 31 Dec 1969 17:00:00 +0000 1768622521#comment-82702 If I could contact you, I could give you some tips. Mike If I could contact you, I could give you some tips.

Mike

]]> By: FlemmingLeer http://www.darcynorman.net/2006/11/23/some-progress-against-the-evil-spammers/#comment-83042 FlemmingLeer Wed, 31 Dec 1969 17:00:00 +0000 1768622521#comment-83042 Hi I found your site and want to draw your attention to this technique: According to Madd0's blog, most spammers on his site arrive with a blank (empty) user-agent string. He further proposes to add a redirection to the .htaccess file to redirect blank user-agent browsers to 404 page: # BEGIN WordPress RewriteEngine On # Redirect empty user agents to Access denied RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule . - [F] Perhaps this could block some spammers. Via [<a href="http://exodusdev.com/how-spammers-find-your-site">Interesting spammer pattern - how they find sites</a>] Hi I found your site and want to draw your attention to this technique:

According to Madd0’s blog, most spammers on his site arrive with a blank (empty) user-agent string. He further proposes to add a redirection to the .htaccess file to redirect blank user-agent browsers to 404 page:

# BEGIN WordPress

RewriteEngine On

# Redirect empty user agents to Access denied
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule . – [F]

Perhaps this could block some spammers.

Via
[Interesting spammer pattern - how they find sites]

]]>