[wp-hackers] Simple comment spam experiment

code prole code.prole at gmail.com
Wed Apr 16 15:57:17 GMT 2008 

On Apr 16, 2008, at 10:25 AM, Matt Mullenweg wrote:
>
> From 2002:
>
> http://diveintomark.org/archives/2002/10/29/club_vs_lojack_solutions
>
> "The really interesting thing about these approaches, from a game  
> theory perspective, is that they are all Club solutions, not Lojack  
> solutions. There are two basic approaches to protecting your car  
> from theft: The Club (or The Shield, or a car alarm, or something  
> similiar), and Lojack. The Club isn’t much protection against a  
> thief who is determined to steal your car (it’s easy enough to  
> drill the lock, or just cut the steering wheel and slide The Club  
> off). But it is effective protection against a thief who wants to  
> steal a car (not necessarily your car), because thieves are  
> generally in a hurry and will go for the easiest target, the low- 
> hanging fruit. The Club works as long as not everyone has it, since  
> if everyone had it, thieves would have an equally difficult time  
> stealing any car, their choice will be based on other factors, and  
> your car is back to being as vulnerable as anyone else’s. The Club  
> doesn’t deter theft, it only deflects it.
>
> "Similarly, installing a secret form field on your comment form  
> will stop spammers from spamming your comments, until enough people  
> do that that it’s worth the spammer’s time to upgrade their  
> scripts. Ditto referer hacks (just set the referer); ditto  
> registration schemes (just auto-register); ditto time limits (just  
> hit each weblog sequentially). Ditto ditto ditto."
>
> -- 

What I notice about the majority of my comment spam is that it  
typically includes dozens of links and line breaks (carriage  
returns).  Being new to PHP I don't (yet) know how to write a simple  
routine to examine each comment (using regular expressions, perhaps?)  
to simply not accept any that have more than a configurable number of  
links and or carriage returns.

I realize that Askimet is already trapping those with more than a set  
number of links, but I want to trash those with, say more than 5  
links total; not even pass them to Askimet.

Beyond that I think a layered approach is best.  Renaming the comment  
form (perhaps having a configuration option to due that in WP?),  
using a nonce, examining comment contents for number of links and/or  
carriage returns, requiring previews and IP matching the post with  
the preview, et cetera.

My tiny little site gets only a handful of comment spam daily, so  
far, but I am eager to find a solution that will grow with my site's  
ever increasing spam counts.


--
code prole
coding for the proletariat since 1976

More information about the wp-hackers mailing list