Comment spammer suggestions
-
At work, we've started battling a comment spammer. (Details here.) Needless to say, it's been fun. :mad: Now, I hate comment spam with a passion I normally reserve for Nazi's and various fruits, but I'm in a bit of a pickle. As a government entity, we have to ensure that no legitimate citizen feedback is ignored or dropped or not read in a timely fashion, so automated spam filtering techniques aren't going to work. We don't want to use CAPTCHA images on our feedback page due to accessibility concerns. (We have some active visually-impaired and hearing-impaired citizens in our community, so we can't even reliably use the Speech SDK to talk to a .WAV and play it out for people.) I've been thinking of implementing a delayed entry system as a means of stopping the spam. Essentially, I'd cache the comment, and spin-refresh on a page depending on the number of "spam" triggers I detect in the comment. The comment wouldn't be committed unless they stuck around for the save to complete. For most spammers, time is a critical element. Most would jump ship fairly quickly, rather than wait for up to a minute for their comment to save. Plus, if I saved the "non-saved" messages for analysis, I could further refine the spam filter. Any thoughts on this one? Does this idea have any merit?
-
At work, we've started battling a comment spammer. (Details here.) Needless to say, it's been fun. :mad: Now, I hate comment spam with a passion I normally reserve for Nazi's and various fruits, but I'm in a bit of a pickle. As a government entity, we have to ensure that no legitimate citizen feedback is ignored or dropped or not read in a timely fashion, so automated spam filtering techniques aren't going to work. We don't want to use CAPTCHA images on our feedback page due to accessibility concerns. (We have some active visually-impaired and hearing-impaired citizens in our community, so we can't even reliably use the Speech SDK to talk to a .WAV and play it out for people.) I've been thinking of implementing a delayed entry system as a means of stopping the spam. Essentially, I'd cache the comment, and spin-refresh on a page depending on the number of "spam" triggers I detect in the comment. The comment wouldn't be committed unless they stuck around for the save to complete. For most spammers, time is a critical element. Most would jump ship fairly quickly, rather than wait for up to a minute for their comment to save. Plus, if I saved the "non-saved" messages for analysis, I could further refine the spam filter. Any thoughts on this one? Does this idea have any merit?
Couldn't you change the URL and link to the form at random? The only drawback I see is that it couldn't be bookmarked. Regardz Colin J Davies Attention: Watch this signature for an upcoming announcement that will affect you.
-
At work, we've started battling a comment spammer. (Details here.) Needless to say, it's been fun. :mad: Now, I hate comment spam with a passion I normally reserve for Nazi's and various fruits, but I'm in a bit of a pickle. As a government entity, we have to ensure that no legitimate citizen feedback is ignored or dropped or not read in a timely fashion, so automated spam filtering techniques aren't going to work. We don't want to use CAPTCHA images on our feedback page due to accessibility concerns. (We have some active visually-impaired and hearing-impaired citizens in our community, so we can't even reliably use the Speech SDK to talk to a .WAV and play it out for people.) I've been thinking of implementing a delayed entry system as a means of stopping the spam. Essentially, I'd cache the comment, and spin-refresh on a page depending on the number of "spam" triggers I detect in the comment. The comment wouldn't be committed unless they stuck around for the save to complete. For most spammers, time is a critical element. Most would jump ship fairly quickly, rather than wait for up to a minute for their comment to save. Plus, if I saved the "non-saved" messages for analysis, I could further refine the spam filter. Any thoughts on this one? Does this idea have any merit?
You are opening yourself up to a potential denial of service, which might or might not be a problem depending on your load and the level of spam. To control that, you would want to do the wait client side, which requires scripting, or isloate your submission page from the rest of your site.
I can imagine the sinking feeling one would have after ordering my book, only to find a laughably ridiculous theory with demented logic once the book arrives - Mark McCutcheon
-
At work, we've started battling a comment spammer. (Details here.) Needless to say, it's been fun. :mad: Now, I hate comment spam with a passion I normally reserve for Nazi's and various fruits, but I'm in a bit of a pickle. As a government entity, we have to ensure that no legitimate citizen feedback is ignored or dropped or not read in a timely fashion, so automated spam filtering techniques aren't going to work. We don't want to use CAPTCHA images on our feedback page due to accessibility concerns. (We have some active visually-impaired and hearing-impaired citizens in our community, so we can't even reliably use the Speech SDK to talk to a .WAV and play it out for people.) I've been thinking of implementing a delayed entry system as a means of stopping the spam. Essentially, I'd cache the comment, and spin-refresh on a page depending on the number of "spam" triggers I detect in the comment. The comment wouldn't be committed unless they stuck around for the save to complete. For most spammers, time is a critical element. Most would jump ship fairly quickly, rather than wait for up to a minute for their comment to save. Plus, if I saved the "non-saved" messages for analysis, I could further refine the spam filter. Any thoughts on this one? Does this idea have any merit?
SpamVampire http://www.hillscapital.com/antispam/index.htm[^] or the like is one approach, if they have a web page and images. The idea is that it tries to use up all their bandwidth, causing big bills, etc. Matt Gerrans
-
Couldn't you change the URL and link to the form at random? The only drawback I see is that it couldn't be bookmarked. Regardz Colin J Davies Attention: Watch this signature for an upcoming announcement that will affect you.
The spam is being manually entered or copy/pasted. While this would stop an automated comment spammer, it wouldn't stop our current moron.