Under attack

Posted on:September 26 2006

Yesterday night, a spammer started to take this blog under heavy attack. For half an hour he posted one comment every two seconds onto a random entry page. Because I want everybody to be able to post freely on this blog and am not using captchas, registering procedures or similar, this resulted in about 5-10 spam comments on nearly all of the about 400 pages of this blog. But not enough, the spam bots are continuing to post their dump comments on this blog at this very moment.
Consequence: This is so frustrating. I now manually deleted about 80% of all the spam again, but finishing this up could still take some time. (If you spot some spam, please let me know.) I temporarily disallowed comments on this blog, modified the submit script of this blog software, locked comments on old entries, added some more filtering, but I am now also thinking about adding a very simple captcha. Something like a third entry box with a question like "2+5=?". This would be a handmade custom captcha (like all of the other modifications to this software too ;) ), and I don't expect any spammer to adjust his spam script especially for my blog. I hope I've some time at the weekend for this.

Comments:

registration == GOOOD
captchas = GREAT

RabidLockerGnome

Quote
2006-09-26 19:24:00

Why don't make the question more fun. Fore example random Irrlicht trivia like
"DirectX 9 device constant?"
a) EDT_DIRECTD9
b) EDT_DIRECTX9
c) EDT_OPENGL

Franta

Quote
2006-09-26 20:44:00

cause you cannot generate such questions automaticly ;)
3 + 5 = ? can be generated by a simple script.

answerMaschine

Quote
2006-09-26 22:18:00

A constant problem. I use WordPress which requires a user's first post (no registration, just an email, which is never shown publically) to be manually approved, and from then on they are automatically approved. Askimet deals with first posters that match spam patterns, and it's very accurate - very few false positives and it automatically blocks an average of 20 spam comments a day on my blog. You probably had a big wave because the software was known to be vulnerable, a big problem.

Captchas don't solve everything, we still get spammers in our forums even with user email verification AND captchas. These are mostly people hired for a pittance, like gold farmers, to manually set up accounts and spam forums. I hate them all. :(

Steve

Quote
2006-09-27 01:49:00

I for one would not mind answering extra questions - as long as you dont use some cryptic numbers masked by noise, I end up going cross eyed thinking its sirds :)

StuC_OVINE

Quote
2006-09-27 09:30:00

I think that you should delete them all manually one-by-one, and not bother us with boring stuff like that. I mean I *demand*. Yupp.

Matthias

Quote
2006-09-27 14:37:00

I had to do that on my Pivot devblog because of a horrendous amount of comment spam. ive got the search box on the front page and for some reason it defaults of having the text "tralala" in it, so i put the question "What is the default text in the search box on the front page?" as having to be answered before the comment can be posted

The Anaconda

Quote
2006-09-27 15:16:00

hey, maybe captchas aren't necessary anymore, looks like my newly written filter is working well. :)

niko

Quote
2006-09-27 17:43:00

What did you put on that filter niko? ^^

bicunisa

Quote
2006-09-28 07:36:00

words and urls used in that spam comments.

niko

Quote
2006-09-29 16:09:00