Well, yesterday i decided to try my hand at some very simple code to restrict spamming, a spur of the moment thing.It’s now the following day and I keep thinking about the whole problem and the approaches taken by various people/projects.
I’m left thinking – us techies are making it all too hard! I feel you really don’t need to deploy the worlds best solution based on the most advanced comp-sci theory, nor should you apply the approaches taken to email spam filtering as it is a fundamentally different problem.
A computer program it is written to match certain expectations. With spamming, it expects the comment form to look and behave a certain way, it isn’t expecting akismet, capatcha, or a math questions, it is just looking for the three fields and a form submission.
To break their app – you just need to do something unexpected.
You see a spammer is playing a numbers game, he wants the maximum impact for little effort. If he is going to spend an hour finding a way of cracking your side when there are another 1000 he could be off spamming, he’s probably going to give it a miss.
(This theory doesn’t apply for bored post grad students grandstanding about their AI projects, but then thats like the CIA proving they can beat my home security system – it doesn’t invalidate the system, it just makes it inappropriate to keep out the CIA)
Of course, if your counter measure becomes popular, and now 300 of those 1000 sites are using it, he’ll probably start to look for a way of beating it.
So the key isn’t the counter measure – its about the diversity of counter measures, put another way (in terms mentioned elsewhere), we want to avoid a monoculture of counter measures.
9 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.
Trying out your plug-in on my site right now. Thanks a lot!
Hi,
I have problems getting this to work with Firefox. Safari and Opera work fine but Firefox doesn’t have the correct value in the session so adding a comment fails…
Some additional information: Firefox 1.5.0.4 for Mac has the problem. This happens not only on my site but also on Chris’ site (link in the second comment).
I’ve solved the problem!
“Of course” DYPM wasn’t the cause, only the first suspect
I’m using lightbox (some JavaScripts to dim the page and display an image in front of it). I didn’t want the close button so I set the picture for the button to “null” (as to documentation implied). That was the reason why the numbers displayed in the browser window were wrong though the numbers in the HTML source were correct. Drove me mad!
I added a simple if null statement to lightbox’ source and everything works now. But I didn’t figure out why the numbers of DYPM were displayed wrong even though they were correct in the HTML source…
PS: Take a look at my site and change DYPM’s answer on the comment form. If you like how it works you could add it to DYPM.
Love your skin! But I hate those “What is 6 times 8″ things!!! They make my surfing more difficult and they strike me low sometimes.
Very nice plug-in for those who don’t support GD. This is exactly what I was looking for. Thanks!
I’ve been getting buried under a massive increase in comment spam recently, and BadBehavior just didn’t seem to be preventing it any more so I’ve just gone and installed your plugin and it seems to be doing the trick.
Thanks a lot!
Used it, works great. Thanks for sharing.
Continuing the Discussion