It’s just data

Spam Update

Based on the lively discussions of the past few days, it certainly appears that requiring a preview does not impede the flow of discussion.  Cool.

Spam also is way down, despite my having removed and relaxed a number of other defenses.  Notably, my spam throttle has not been activated for over two weeks.  Apparently some spammers do read weblogs and warnings deter these folks.

My initial implementation of requiring a preview was simply to omit the submit button from the page - the underlying code did not change.  Amusingly, about 40% of the spam I did receive did not do a preview first, indicating that they had bypassed the html pages.  This is easy enough to fix - a nonce is now provided on the preview form, and verified on the submit.

As currently implemented, nonces can only be used once, and expire after 30 minutes... so if more than 30 minutes elapses between preview and submit, then the submit will effectively be interpreted as a second preview, resetting the clock.


I'm trying your approach, but have not implemented a nonce. Will have to look at implementing this with MT. However, I'm finding that just turning off comments on older posts works nicely, too.

Hesitate to tweak MT's code, as it just gets overriden with new releases and have to tweak yet again.

Posted by Shelley at

The majority of my spam these days is due to the fact that my weblog shows up prominently on searches like this one, so most of my spams have been against recent items.  And at the moment the warnings I provide on attempts to comment on older posts seem to have deflected a majority of such spams.

A few notes:

First, I am doing this for fun.  When it ceases to amuse me, I will simply do something different.

Second, (and directed not specifically at Shelley, but at everybody), I am running different software than you are.  I show up on different search queries than you do.  Things that work for me, may not work for you, and vice versa.

That being said, there is no reason that we can't inspire and/or amuse each other.  One person that I have enjoyed following is Jacques Distler - I particularly enjoyed the part about rejecting spam because it was not well formed XHTML.

He also is apparently using a nonce, and doing it with MT.

Posted by Sam Ruby at

Hmmm. Maybe I'll have to release my MovableType plugin for computing SHA1 hashes:

<MTSHA1Hash> ... </MTSHA1Hash>

Combine that with a nonce, and you can ensure that each comment is actually run through the Validator before it can be posted.

I'm not a programmer, so my implementation probably sucks. But I am having fun...

Posted by Jacques Distler at

Shelley wrote:

Hesitate to tweak MT's code, as it just gets overriden with new releases and have to tweak yet again.

Two words: "diff" and "patch".

Posted by Jacques Distler at

Oh, stopped being fun for me a while back. Thanks for pointing out the MT nonce, will look at it.

Jacques, sure, can run diff. Most programmers can. But then, what if you're just a weblogger trying to write?

P.S. Just got your warning label. Sam, you're blacklisting IP addresses? I'm surprised at that one.

Posted by Shelley at

re: blacklisting.  I am throttling based on ip address, url, and content; and each because I have seen specific instances where attempts have been made to mass spam my weblog using such techniques.  Such throttling effectively amounts to a temporary blacklist.

Previously, I had approximately a half dozen entries in my .htaccess blocking specific ranges of ip addresses.  These were in response to repeated attempts to place spam on my weblog.  Not somebody else's weblog, but mine.

I removed these entries this morning because I did a scan of my apache logs and only once in the past week have any posts originated from any of these ip addresses.  We shall see if the nonce is sufficient to block such requests.

Posted by Sam Ruby at

Shelley wrote:

Jacques, sure, can run diff. Most programmers can. But then, what if you're just a weblogger trying to write?

Somebody needs to package up these hacks with a nice easy-to-use installer, with clear, easy-to-follow instructions, and then be ready to hold people's hands when they nonetheless manage to spooge it.

Such a person is called an "Application Developer." I'm definitely not one of those ...

Posted by Jacques Distler at

RE: nonce

I handle things in similar fashion... although in my case, the "post token" is regulated via Coldfusion's session management.

Posted by Roger Benningfield at

I am currently being deliberately attacked. I've had to shut down all comments.

Jacques, if you have an MT version of Sam's implementation that could work with this beastie, where is it?

It is the script kiddies -- they found the script at slashdot and have hooked it up to a proxy for disposable IPs.

Posted by Shelley at

My version of Jacques version of Sam's idea, minus the time factor, is in your in box. Not too hard to script around, but maybe enough to use up their remaining attention and send them on to someone else who hasn't bought a Club yet.

Posted by Phil Ringnalda at

Though, come to think of it, my version really isn't very good, other than as one in a long chain of weak tools. Rats, I'm going to have to figure out how to use MT::PluginData, before someone figures out my weakness.

re: For fun.

Absolutely. I can live without comments for longer than the average troll's attention span, so if I screw up, hey, comments just go off for a day or two. If I can make it for months without posting, I can sure survive a few days without comments.

Posted by Phil Ringnalda at

Phil, I'm sure what you sent would have held the person up tonight. I'll incorporate tomorrow.

I'll also do without comments, but would like not to.

You know, maybe I'm paranoid, but this attack tonight seemed personal. Logs don't show this, but it sure felt like it.

Posted by Shelley at

Not so fun anymore

I woke this morning ready to dive into my code and put in other comment fixes. Both Phil Ringnalda and Jacques Distler sent code that could help, and Sam Ruby offered help. As grateful as I am for their kindness, I don't know if I will make the changes. A year ago, maybe, but now, I just don't know. Earlier in a weblog posting about comment spam Sam Ruby wrote about the tweaks he does to prevent comment spamming: First, I am doing this for...... [more]

Trackback from Burningbird

at

The F Word

No, not that one, the three-lettered one... [more]

Trackback from Your Guess Is As Good As Mine

at

Beware of Strangers

If they don't come back, it is not possible to have a two way conversation, is it?  Robert Castelo:  Um, the fact that you are getting paid is supposed to make me feel better?  I don't think so.  And I have to agree here with what Doc said about conten... [more]

Trackback from Sam Ruby

at

Stepping Stones to a Safer Blog

In the last few weeks, I've been hit not only by comment spammers, but a new player who doesn't seem to like our party: the crapflooders, people who use automated applications (you may have heard of MTFlood or some variation) to literally flood comments or trackbacks. At one point I was hit with over 1000 comments in one of my posts, another time over 500 trackbacks. If you add in rebuilds and email, this can be a stress on the web server. Not to mention...... [more]

Trackback from Burningbird

at

Porn does drive technology

I don't really know what I might have broken, but it doesn't matter in the long run, it had...... [more]

Trackback from Ztuff

at

What I currently do to stop comment spam on WanderingThoughts

What I currently do to stop comment spam on WanderingThoughts WanderingThoughts has been pretty free of successful comment spam attempts for a while, so I think it’s about time to write up all of the various things I’m currently doing to stop...

Excerpt from Chris's Wiki :: blog at

میلاد فایلس  / 
داک باکس  / 
طراح نوین  / 
ایران واتساپ اپ  / 
یامور  / 
علی اسدی موزیک  / 
پرشین وب  / 
رویال مارکتینگ  / 
امداد بهار  / 
فیشان  / 
فست فود 24  / 
تن ساز همراه  / 
بابا کتاب  / 
آی 200  / 
لترا سافت  / 
کالابید  / 
پروکام  / 
خرید گیفت  / 
یزد فیک  / 
مای گنجا موزیک  / 
حسن محمودزاده  / 
میثاق پرینت  / 
لیزر ای گرو  / 
گروه لیزارد  / 
سسول  / 
اسخی  / 
تیام موزیک  / 
معراج بوشهر  / 
فاکتورساز  / 
رایان  / 
مخاطب خاص  / 
مسکن کرد  / 
وبسایت 50005  / 
کلیک مستر  / 
آی شونه  / 
پیشتاز تراش  / 
استدریکا  / 
های کاب  / 
مجله استوری  / 
پروژه VB  / 
پارسی سی دی  / 
سحر چکاوک  / 
ام تی بی  / 
تک نیک  / 
دکتر شریف  / 
شرکت پی تی اس  / 
ایمن فک  / 
شهر خوی  / 
علی طاها  / 
سپنتا سیستم  / 
تکثیر شاپ  / 
تهران وب  / 
پرجیوا  / 
سرای مهر  / 
شرکت پرند  / 
ای پو دی ال  / 
شرکت مهرآسا  / 
آپاچی  / 
آل لینک  / 
سیپل  / 
الماس گارنت  / 
بارسلون  / 
طاها اسپورت  / 
شرقی  / 
تیم برتر  / 
سیاه چوقا  / 
پارس آبی  / 
مبل سرا  / 
تیبل سستم  / 
تک شبکه  / 
وب شو  / 
امتیاز ایرانیان  / 
میهن کرافت  / 
رضامون  / 
چی چی دانلود  / 
شهناز موبایل  / 
کامرس  / 
همدان  / 
ری دانا  / 
آی تی سمیرم  / 
نیاز دانلود  / 
اس ام اس شوک  / 
دکتر شایان  / 
دانلود نرم افزار  / 
اف سی دی ان  / 
فبای  / 
مرکز فیلم  / 
شارژ من  / 
ویکو  / 
اف سی دی ان  / 
الگرو  / 
ویسوت  / 
ویستور  / 
سیرووس  / 
رضا اخباری  / 
تیماپو  / 
آی سی تی  / 
آس اس شاپ  / 
کد آنلاین  / 
فرا سیگنال  / 
شرکت متنا  / 
صفا رایانه  / 
پرینت مدرسه  / 
فاطیما  / 
یک تب  / 
وبساران  / 
آینه شمس  / 
فانی بیست  / 
شرکت السا  / 
پرشین تکنولوژی  / 
استدیو الماس  / 
کلاسیک وب  / 
ابد مارکت  / 
پزشکی ورزشی  / 
کاشی پرسپولیس  / 
چهارسوق  / 
پرشین واو  / 
بوشهر تبلیغ  / 
حامی عمران  / 
ایران نت  / 
صدای آب  / 
ربات تی ام  / 
پرشیا تراول  / 
شم تی تی سی  / 
آبی انگلیس  / 
فروشگاه اف ایکس  / 
شارژ  / 
اسپایدر زون  / 
شاهد  / 
ایلیا  / 
تورنادو  / 
کتابخانه اینترنت  / 
اسکای اسویم  / 
دهلرانی  / 
آن اس ام اس  / 
گروه آبان  / 
دبلیو  / 
دکتر نوید  / 
یک و یک  / 
برج تی ام  / 
پترو سپاهان  / 
آموزش گلستان  / 
تولباند  / 
گروه مهرگان  / 
شرکت بی اس تی  / 
مزه فوتبال  / 
آسا سیستم  / 
میثم موزیک  / 

دی جی بک لینک  / 
های بک لینک  / 
تهران بوتیک  / 
پارسیان الکتریک  / 
ونیچ  / 
تی دبیلو gps  / 
سایت ordee  / 
شاپ مد  / 
آوای سلماس  / 
لوح مثبت  / 
مباشرون  / 
ترویان  / 
سه دی وی دی  / 
را سافت  / 
صاعقه گیر  / 
بیر موزیکال  / 
موزیک مجاز  / 
کیان موزیک  / 
سونار موزیک  / 
دنج موزیک  / 
موزیک استایل  / 
پرشین موزیکز  / 
آریس موزیک  / 
آب موزیک  / 
موزیک ها  / 
جام موزیک  / 
سرنگ موزیک  / 
سو موزیک  / 
طبس موزیک  / 
موزیک پا  / 
ماهور موزیک  / 
گلبانگ موزیک  / 
ازت موزیک  / 
لیمبو موزیک آنلاین  / 
موزیک استریم  / 
تکفا موزیک  / 
اپیک موزیک  / 
آبی موزیک  / 
کناری موزیک  / 
اس ام اس موزیک  / 
پی ام یار  / 
وبسایت موزیک  / 
مجتبی جباری  / 
قالب جوملا  / 
انتظار سی سی  / 
سارونه  / 
آریا سرور  / 
بیرجند کار  / 
جی اس ام SMS  / 
تک نیاز  / 
ره پیام  /

Posted by roham web at

Hair Substitute 10 Useful Tips

Rebonding takes away the kinks that go in the manner of dead-straight hair. I checked with my own doctor and he explained I’m healthy and I actually should not be shedding this much hair. You will discover no magical crème that may give us each of our hair back without a change in our attitude and our lifestyle. In the event you suffer from symptoms such as sudden locks loss or in clumps, evenly distributed hair thinning, remaining hair or the area with a red shale, and total loss of hair in virtually all parts of the body, now is the time to visit a professional.

But remedies such as pouring green tea (cold of course) over your hair can inhibit loose hair strands from coming loose. Unlike the Japanese relaxer that can damage hair further (if not done properly, which most times is not) the Brazilian relaxer repairs the hair by replacing proteins and vitamins that have been taken out by chemical service or sun damage etc.

Keratin String provides a variety of curly hair transplantation options for the two men and women which includes hair transplantation by ES Hair Transplant, FUT Curly hair Transplant, Direct Hair Hair transplant (DHI), Bio FUE Curly hair Transplant, Body Hair Hair transplant and Beard and Mustache Hair Transplant. Weaves that will be sewn onto cornrow braids may last longer upon ethnic hair with even more natural texture.

V Avoid hair weaving cloth, a cosmetic treatment that weaves replacement hair in with the still existing hair; it actually triggers more loss (by creating traction alopecia). When locks loss first starts, you experience the shrinking in the secondary hairs on the affected scalp, and the follicular units produce simply one primary hair rather of a tuft of 2 to five hairs.

Sixth v While some temporary damage of hair at peri menopause is considered normal, anything worse may be beer making. It’s important you have all the right tools, as well as having your hair prepared properly. Apply to nice hair and top of the head, leave on overnight and shampoo it the pursuing day. Healthy hair take constant care and if you are experiencing hair thinning or hair loss, keep in mind that specialist hair thickening products you can find in pharmacies are usually the best.

It is thought that menopause makes some locks follicles more sensitive to testosterone’s hair-promoting effects. Laser hair removal to get men and women happen to be gaining popularity because additional and more people are discovering a permanent solution to get rid of their very own unwanted hair in specific selected areas where most other hair removal strategies have failed.مشغل الملكة للبروتين
متخصصة بروتين بالرياض
افضل مشغل يسوي بروتين للشعر بالرياض
عروض بروتين الشعر بالرياض
افضل مشغل لفرد الشعر بالرياض
افضل مشغل بروتين بالرياض
بروتين معالج للشعر
بروتين معالج بالرياض
افضل متخصصة بروتين معالج بالرياض
اسعار البروتين للشعر في الرياض
احسن متخصصة بروتين بالرياض
متخصصه بروتين
مشغل الملكة افضل مشغل يسوي بروتين للشعر بالرياض
Queen protien
افضل مركز يسوي بروتين للشعر بالرياض
المركز المتخصص للعنايه بالشعر بالرياض

Posted by jaki badr at

Add your comment