Sun 12 Feb 2006
My thoughts on Wordpress comments anti-spam…
Posted by Steven under Technology
Well, yesterday i decided to try my hand at some very simple code to restrict spamming, a spur of the moment thing.It’s now the following day and I keep thinking about the whole problem and the approaches taken by various people/projects.
I’m left thinking - us techies are making it all too hard! I feel you really don’t need to deploy the worlds best solution based on the most advanced comp-sci theory, nor should you apply the approaches taken to email spam filtering as it is a fundamentally different problem.
A computer program it is written to match certain expectations. With spamming, it expects the comment form to look and behave a certain way, it isn’t expecting akismet, capatcha, or a math questions, it is just looking for the three fields and a form submission.
To break their app - you just need to do something unexpected.
You see a spammer is playing a numbers game, he wants the maximum impact for little effort. If he is going to spend an hour finding a way of cracking your side when there are another 1000 he could be off spamming, he’s probably going to give it a miss.
(This theory doesn’t apply for bored post grad students grandstanding about their AI projects, but then thats like the CIA proving they can beat my home security system - it doesn’t invalidate the system, it just makes it inappropriate to keep out the CIA) Of course, if your counter measure becomes popular, and now 300 of those 1000 sites are using it, he’ll probably start to look for a way of beating it.
So the key isn’t the counter measure - its about the diversity of counter measures, put another way (in terms mentioned elsewhere), we want to avoid a monoculture of counter measures.
9 Responses to “ My thoughts on Wordpress comments anti-spam… ”
Comments:
Leave a Reply
Trackbacks & Pingbacks:
-
Pingback from New Blog Anti-Spam Tools at The Musings of Chris Samuel
June 25th, 2006 at 9:51 pm[...] This evening I’ve just added the Did You Pass Maths plugin from Aussie Steven Herod which is kind of a numeric captcha plugin for comments. [...]
March 19th, 2006 at 2:55 am
Trying out your plug-in on my site right now. Thanks a lot!
June 28th, 2006 at 9:19 am
Hi,
I have problems getting this to work with Firefox. Safari and Opera work fine but Firefox doesn’t have the correct value in the session so adding a comment fails…
June 28th, 2006 at 9:44 am
Some additional information: Firefox 1.5.0.4 for Mac has the problem. This happens not only on my site but also on Chris’ site (link in the second comment).
June 29th, 2006 at 3:11 am
I’ve solved the problem!
“Of course” DYPM wasn’t the cause, only the first suspect
I’m using lightbox (some JavaScripts to dim the page and display an image in front of it). I didn’t want the close button so I set the picture for the button to “null” (as to documentation implied). That was the reason why the numbers displayed in the browser window were wrong though the numbers in the HTML source were correct. Drove me mad!
I added a simple if null statement to lightbox’ source and everything works now. But I didn’t figure out why the numbers of DYPM were displayed wrong even though they were correct in the HTML source…
PS: Take a look at my site and change DYPM’s answer on the comment form. If you like how it works you could add it to DYPM.
April 6th, 2007 at 9:50 pm
Love your skin! But I hate those “What is 6 times 8″ things!!! They make my surfing more difficult and they strike me low sometimes.
July 29th, 2007 at 12:11 pm
Very nice plug-in for those who don’t support GD. This is exactly what I was looking for. Thanks!
October 28th, 2007 at 12:14 am
I’ve been getting buried under a massive increase in comment spam recently, and BadBehavior just didn’t seem to be preventing it any more so I’ve just gone and installed your plugin and it seems to be doing the trick.
Thanks a lot!
November 7th, 2007 at 2:40 am
Used it, works great. Thanks for sharing.