Based on the lively discussions of the past few days, it
certainly appears that
requiring a
preview does not impede the flow of discussion.
Cool.
Spam also is way down, despite my having removed and relaxed a
number of other defenses. Notably, my
spam
throttle has not been activated for over two weeks.
Apparently some spammers do read weblogs and warnings
deter these folks.
My initial
implementation of requiring a preview was simply to omit the
submit button from the page - the underlying code did not
change. Amusingly, about 40% of the spam I did receive did
not do a preview first, indicating that they had bypassed the html
pages. This is easy enough to fix - a
nonce is
now provided on the preview form, and verified on the submit.
As currently implemented, nonces can only be used once, and
expire after 30 minutes... so if more than 30 minutes elapses
between preview and submit, then the submit will effectively be
interpreted as a second preview, resetting the clock.
I'm trying your approach, but have not implemented a nonce. Will have to look at implementing this with MT. However, I'm finding that just turning off comments on older posts works nicely, too.
Hesitate to tweak MT's code, as it just gets overriden with new releases and have to tweak yet again.
The majority of my spam these days is due to the fact that my weblog shows up prominently on searches like this one, so most of my spams have been against recent items. And at the moment the warnings I provide on attempts to comment on older posts seem to have deflected a majority of such spams.
A few notes:
First, I am doing this for fun. When it ceases to amuse me, I will simply do something different.
Second, (and directed not specifically at Shelley, but at everybody), I am running different software than you are. I show up on different search queries than you do. Things that work for me, may not work for you, and vice versa.
re: blacklisting. I am throttling based on ip address, url, and content; and each because I have seen specific instances where attempts have been made to mass spam my weblog using such techniques. Such throttling effectively amounts to a temporary blacklist.
Previously, I had approximately a half dozen entries in my .htaccess blocking specific ranges of ip addresses. These were in response to repeated attempts to place spam on my weblog. Not somebody else's weblog, but mine.
I removed these entries this morning because I did a scan of my apache logs and only once in the past week have any posts originated from any of these ip addresses. We shall see if the nonce is sufficient to block such requests.
Jacques, sure, can run diff. Most programmers can. But then, what if you're just a weblogger trying to write?
Somebody needs to package up these hacks with a nice easy-to-use installer, with clear, easy-to-follow instructions, and then be ready to hold people's hands when they nonetheless manage to spooge it.
Such a person is called an "Application Developer." I'm definitely not one of those ...
My version of Jacques version of Sam's idea, minus the time factor, is in your in box. Not too hard to script around, but maybe enough to use up their remaining attention and send them on to someone else who hasn't bought a Club yet.
Though, come to think of it, my version really isn't very good, other than as one in a long chain of weak tools. Rats, I'm going to have to figure out how to use MT::PluginData, before someone figures out my weakness.
re: For fun.
Absolutely. I can live without comments for longer than the average troll's attention span, so if I screw up, hey, comments just go off for a day or two. If I can make it for months without posting, I can sure survive a few days without comments.
I woke this morning ready to dive into my code and put in other comment fixes. Both Phil Ringnalda and Jacques Distler sent code that could help, and Sam Ruby offered help. As grateful as I am for their kindness, I don't know if I will make the changes. A year ago, maybe, but now, I just don't know. Earlier in a weblog posting about comment spam Sam Ruby wrote about the tweaks he does to prevent comment spamming: First, I am doing this for......
[more]
If they don't come back, it is not possible to have a two way conversation, is it? Robert Castelo: Um, the fact that you are getting paid is supposed to make me feel better? I don't think so. And I have to agree here with what Doc said about conten...
[more]
In the last few weeks, I've been hit not only by comment spammers, but a new player who doesn't seem to like our party: the crapflooders, people who use automated applications (you may have heard of MTFlood or some variation) to literally flood comments or trackbacks. At one point I was hit with over 1000 comments in one of my posts, another time over 500 trackbacks. If you add in rebuilds and email, this can be a stress on the web server. Not to mention......
[more]
What I currently do to stop comment spam on WanderingThoughts WanderingThoughts has been pretty free of successful comment spam attempts for a while, so I think it’s about time to write up all of the various things I’m currently doing to stop...