Comment Spam
There are 8 entries for the tag
Comment Spam
I was thinking about alternative ways to block comment spam the other day and it occurred to me that there’s potentially a simpler solution than the Invisible Captcha approach I wrote about. The Invisible Captcha control plays upon the fact that most comment spam bots don’t evaluate javascript. However there’s another particular behavioral trait that bots have that can be exploited due to the bots inability to support another browser facility. You see, comment spam bots love form fields. When they encounter a form field, they go into a berserker frenzy (+2 to strength, +2 hp per level, etc...) trying to...
In my last post I mentioned that Subkismet is ready to put a thumping on comment SPAM for your web applications. Unfortunately I didn’t have much in the way of demo code. Today, I have rectified that situation with a new site: http://subkismet.com/. Currently, this is just a one-page site with demonstrations of the three main spam fighting measures, along with source code. I am really glad that I created this demo site because I realized my first release of Subkismet was incomplete and didn’t work. However, like Google, I cowardly hid behind the BETA moniker as an excuse. But...
Update: I’ve created a new NuGet Package for Subkismet (Package Id is “subkismet”) which will make it much easier to include this in your own projects. Been a short break from blogging, but I’m ready to get back to writing about Cody, I mean code! My philosophy towards Open Source Software is that the more sharing that goes on between projects, the better off for everyone. As my friend Micah likes to say, A rising tide lifts all boats. Towards that end, I’ve tried to structure Subtext as much as possible into distinct reusable libraries. The danger...
Jeff Atwood points out several problems with using blacklists (specifically Akismet) to prevent comment spam. He makes the following point: The core problem is relying on a single method of defense against spam. Absolutely. Subtext employs several measures against comment spam, mostly of a heuristic nature. The latest release adds Akismet support as well as Visible and Invisible CAPTCHA. The funny thing about CAPTCHA and especially Invisible CAPTCHA is the number of people who claim it won’t work and is broken. As Jeff points out, this may be true among researchers, but it is not the case in the wild. However...
Personal matters (good stuff) and work has been keeping me really busy lately, but every free moment I get I plod along, coding a bit here and there, getting Subtext 1.9.1 “Shields Up” ready for action. There were a couple of innovations I wanted to include in this version as well as a TimeZone handling fix, but recent comment spam shit storms have created a sense of urgency to get what I have done out the door ASAP. In retrospect, as soon as I finished the Akismet support, I should have released. I have a working build that I am going to...
I recently wrote about a lightweight invisible CAPTCHA validator control I built as a defensive measure against comment spam. I wanted the control to work in as many situations as possible, so it doesn’t rely on ViewState nor Session since some users of the control may want to turn those things off. Of course this begs the question, how do I know the answer submitted in the form is the answer to the question I asked? Remember, never trust your inputs, even form submissions can easily be tampered with. Well one way is to give the client the answer in...
UPDATE: This code is now hosted in the Subkismet project on CodePlex.
Not too long ago I wrote about using heuristics to fight comment spam. A little later I pointed to the NoBot control as an independent implementation of the ideas I mentioned using Atlas.
I think that control is a great start, but it does suffer from a few minor issues that prevent me from using it immediately.
It requires Atlas and Atlas is pretty heavyweight.
Atlas is pre-release right now.
We’re waiting on a bug fix in Atlas...
Remember my recent post in which I suggested that we need more heuristic approaches to the comment spam problem? Check out this new NoBot control in the Atlas Control Toolkit. I wonder if this came out before or after I wrote my piece, because I don’t want y’all to think I cribbed my ideas from this control. It has a couple features that I mentioned. Forcing the client’s browser to perform a configurable JavaScript calculation and verifying the result as part of the postback. (Ex: the calculation may be a simple numeric one, or may also involve the...