10001110100110101
..and do not come back any day!
I just another dozen or so spam messages overnight. I think what had protected me before was the two layer comment entry form which required the comment to be previewed before being entered into the system.
The funny thing is that all of the comments were for the same journal entry.
I will need to figure out a simple and quick way to foil these annoying spammers or I will be spending a lot of time cleaning up.
While I was thinking about the spam that I have been getting, I remembered that many on line forms use CAPTCHA to distinguish humans from automated scripts and programs. Apparently the most recent version is known as reCAPTCHA and there is a free online service which you can add to your site.
They also have a PHP plugin as well.
[0 Comments]
I have been going through my logs and noticed a number of common themes for these comment scripts. They all seem to be from different IP addresses, they declare themselves as Internet Explorer 6
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
and they all seem to have white space after the GET/POST command:
"GET /~jyseto/Journal/Journal.php?Date=1999-08-04&Timestamp=934300800 HTTP/1.1 "
White space? That might be something I can look into.
Oh, I also realized that this spam also started up after I started using BBCode. Well, whatever.
I also should go through my logs more often. There are quite a few strange hits in here.
[0 Comments]
Strange, this has been the first time in a long time when I got a headache. It has been bothering me this afternoon.
[0 Comments]
Wednesday, December 12, 2007 at 14:58:15 (UTC)
Have you checked the IP of the spammer? I'm just curious if it was all from the same machine or same top domain.
I'd guess that it's the same entry because it has been logged to appear for some keyword. I'm annoyed that it has the audacity to use a gmail e-mail address. The word "kyletur" appears to be Danish, or possibly a Danish typo.
Oh, and I suspect if you put a captcha on your form you will see the spams disappear. Even a static one (ie. always the same answer) can do the job.
Hwan
Wednesday, December 12, 2007 at 15:07:38 (UTC)
Heh, I was just looking into using CAPTCHA, but IP blocking would be a lot simpler. Unfortunately it is not the same top level domain. I do have other checks I may be able to use potentially, like the browser type.
Unfortunately, it does not seem to be an ideal check. I'll write something up.
QYV
Wednesday, December 12, 2007 at 17:17:20 (UTC)
I'm serious about using a static captcha by the way. Comment spam is due to someone having programmed a bot to look for specific form fields, so it's not surprising that this happened after you started using a popular comment engine. Anyway, the point is that no-one is going to bother changing their bot script to account for your captcha. I've seen a bunch of popular sites (notably Twenty Sided ) use a static captcha and it works for them. Lastly, this comment field is too small and claustrophobic, but I guess I'm not one to talk.
Hwan
Wednesday, December 12, 2007 at 19:01:17 (UTC)
This is one of the reasons I switched to WordPress.
You could probably avoid a lot of the spam, though, by adding a hidden, dummy fields that only bots would fill out and renaming your actual fields... Much less annoying than captchas.
Darcy
Wednesday, December 12, 2007 at 23:22:58 (UTC)
Hmm, that's a good idea. I'll see if I can try it out when I get the time..
QYV
Thursday, December 13, 2007 at 04:20:41 (UTC)
I had to get rid of yet more spam comments, but I slightly altered the code. Hopefully this will work better?
QYV