[TAG] (forw) [ILUG] Suggestion to cut down Web site comment spam

Rick Moen rick at linuxmafia.com
Tue Jan 23 04:39:48 MSK 2007 

Elegant.

----- Forwarded message from Cian Davis <davisc at skynet.ie> -----

Date: Tue, 23 Jan 2007 00:52:58 +0000
From: Cian Davis <davisc at skynet.ie>
To: TAG <tag at lists.linuxgazette.net>
To: ilug at linux.ie
Subject: [ILUG] Suggestion to cut down Web site comment spam


Hi All,
First off - I can't claim credit for this. I found some Web site a
while ago that detailed the idea but, I can't find that Web site now.

I have a Web site for all my photos (http://photos.killminus9.net if
anyone is interested, source is at
http://www.killminus9.net/index.php?article=17). I wanted to allow
people to comment on pictures. Problem was, surprise, surprise, it got
spammed.

I didn't want to require login for comments. First batch was easy to
catch - they had (for some reason) an md5 hash at the start of the
comment. That stopped working after a while.

The solution suggested on the Web site was to have a textbox with the
CSS attribute display set to none. So I have

<div class="hdefrm">
<textarea name="text" cols="50" rows="5">DO NOT USE THIS
TEXTBOX</textarea>
</div>

and in the CSS file

.hdefrm
{
        display: none;
}


If "text" is submitted with some other value apart from "DO NOT USE
THIS TEXTBOX", a row is inserted into a MySQL table, and, if that IP
tries to access the site again, they are told they have been
blacklisted and to contact me.

It's been running for a few months, but only got its first victims
last Friday - 33 different IP addresses over 2 minutes at 18:00. And
no false positives. BTW, if anyone has a theory as to why the 2 albums
that always get spammed are the pictures of the Paris Air Show and
Skiing 2005 photos, I'd love to hear it.

I run a few Web sites that have major problems with registration spam
and comment spam. I had thought of setting up a DNSBL for Web site
comment spam, as the few current ones for mail I tried didn't have many
of the spammers listed. It was pointed out, though, that mail shouldn't
be relayed by individual machines, really, but direct Web access would
generally be legit. Also, they could well be in a DNS pool. Anyone
figure it's worth a go? Pity the Apache module to deny access based on
listing in a DNSBL hasn't been updated in a few years.

Hope this is helpful for people.

Regards,
Cian

-- 
Irish Linux Users' Group mailing list
About this list : http://mail.linux.ie/mailman/listinfo/ilug
Who we are : http://www.linux.ie/
Where we are : http://www.linux.ie/map/

----- End forwarded message -----

More information about the TAG mailing list