Peter's Blog

Redefining the Impossible

Comment spam

Submitted by Peter on Wed Jan 11 2006 12:00 over 2 years ago

My site is being really hammerred by comment spammers today but not one has got through thanks to my policy of refusing to allow comments containing urls to be submitted (not even for moderation: I moderate all comments, I found deleting comment spam to be tedious as well as annoying).

It is a simple hack to the drupal comment module but it is very effective. Ok, I could get spam without url's in but what's the point, apart from vandalism? They still go into the moderation queue and get deleted.

And when people do want to post url's they soon figure out how to get around the block. If they cannot do that then their comments are probably not worth consideration anyway.

I'd give the details of the hack here but it gives the spammers a clue. If you are interested then email me.

Update: following on from the vast surge in comment spam attempts (three or four a minute, 24/7), statcounter tells me people are searching for drupal captchas. I have given up on these, something about drupal states, redirects, session management or whatever stops them working reliably. The spam comment check is just part of the comment validation, there is nothing much that can go wrong with it, it is just straight if/then/else code.

In a way the spam check is a captcha (Completely Automated Public Turing Test to Tell Computers and Humans Apart), you can still get through if you show some smarts. It doesn't use graphics so it doesn't look cool and it doesn't shut out blind people.

The comment spam is coming from a range of ip addresses, maybe an array of compromised pc's (thanks Microsoft). Each 'failure' page is using some of my 10G/month bandwidth. I'll have to keep an eye out and see what kind of impact this is having. It could be even worse than inktomi slurps bots doing 100M of crawling a month and not directing anyone here through their search results.

Filed under: captcha drupal spam

Marco Says:

Sat Feb 18 2006 14:19 over 2 years ago

Yes!

Its so bloody annoying! By the way your page rates pretty high up on drupal comment spam search!

I'm ginving the "spam" module a try to see if it averts some of this spam that is coming through lately.

Dankesehr Says:

Thu Feb 23 2006 01:07 over 2 years ago

Hi, interesting article about the anti-comment spam fix, can you please tell me how it is done?

Dankesehr

Peter Says:

Thu Feb 23 2006 09:44 over 2 years ago

I have emailed you.

Peter

Cero Spam Says:

Wed Mar 15 2006 22:45 over 2 years ago

Hi, we are testing a new free form-protection service (cerospam.com.ar), for blogs and for any kind of web site. It is easy to setup each form with this system, and it is very useful for protecting comment forms from spammers. It is based on captcha method. Until now it seems to work fine. No matter what kind of blog software you are using, this is not a plugin. Please, test it and do not hesitate to send us your comments! Thank you.

Peter Says:

Thu Apr 20 2006 09:16 over 2 years ago

All the best with the business but I just belatedly reviewed five weeks worth of comments and not one was spam, despite almost constant spamming attempts. I am happy with my comment spam defences.

Peter

Bert Says:

Tue Oct 03 2006 04:48 over 2 years ago

Hi Peter,

I'm in the same situation as you were: despite using Drupal's comment spam module, some still slip through and it's a pain in the southern region to have to manually delete the spam each day. So I'm interested in a fix.

OTOH another approach to thwart the robots apparently is to add a simple 1+1=? sum in the submission process. My php skills are non-existant, but maybe you can include it in your fix?

Peter Says:

Fri Oct 06 2006 12:15 over 2 years ago

So far after however many months I haven't had a single comment spam. I am still on drupal 4.6, I haven't upgraded to 4.7 as I don't have time to fix whatever it breaks (custom theme, wilki module etc) so I am not sure if you would be interested in my code.

Peter

Ted Says:

Thu Dec 14 2006 10:59 over 2 years ago

Hi Peter, been doing something similar with the blog script I'm writing in Perl. Wouldn't mind finding out what you've used. Mine does an image thing (which I won't go into here), but blind folks wouldn't see it. I've eliminated email altogether on mine (which could prove a pain for some). URL's the same as my email

Peter Says:

Fri Dec 15 2006 09:46 over 2 years ago

I just hacked the Drupal php scripts to look for http, www etc. It's not a big deal. I have got one or two spam recently but probably submitted by humans. Once they see that comments are moderated they give up.

Peter

Have Your Say

I welcome constructive comments or questions but I reserve the right to delete any comments that displease me.

Recent blog posts

Twitterings

Whole day of people visiting to see baby. Tired of making tea.

Sat Jan 03 2009 21:11 3 days ago

Add a comment

Still taking things easy after flu/baby. Turned a computer on! Spent time deleting old crap from laptop while watching superman returns.

Fri Jan 02 2009 22:20 4 days ago

Add a comment

Not tweeted for a few days. Having flu while wife was having baby is quite tiring. Mary-Ester was 9lbs. http://twitpic.com/yndh

Thu Jan 01 2009 11:13 5 days ago

Add a comment

My server hasn't crashed since I re-images it. Touch wood.

Fri Dec 26 2008 19:47 11 days ago

Add a comment

Back to video editing and an afternoon with Sony vegas. Still impressed. It may get sluggish with hour long clips but still no crashes.

Fri Dec 26 2008 19:45 11 days ago

Add a comment

It sure would be cool if the search box in iphone safari opened the google optimised for mobiles (http://bit.ly/6fzl) rather than regular.

Fri Dec 26 2008 09:05 11 days ago

Add a comment

Need at least one tweet even on Christmas day. Belly full, done little. Watched two Schwarzenegger comedies, not a classic Xmas tv year.

Thu Dec 25 2008 21:42 12 days ago

Add a comment

Idea dump: USB missile launcher as camcorder mount. Oh and merry Xmas in 4 minutes time.

Wed Dec 24 2008 23:56 13 days ago

Add a comment

Tell a lie, blender didn't crash but then again couldn't figure out how to use the video editing. Already compositing in vegas without RTFM

Wed Dec 24 2008 21:11 13 days ago

Add a comment

Kinda sad to me that every OSS video editor I tried crashed sooner or later. The commercial ones I tried haven't. Yet.

Wed Dec 24 2008 20:58 13 days ago

Add a comment

I'm officially blown away by vegas studio platinum. Definitely worth booting windows for. Adobe premiere seems dumbed down.

Wed Dec 24 2008 18:05 13 days ago

Add a comment

Sitting in Chinese all-you-can-eat with a full belly. This afternoon either playing with video editors or sleeping. It's a hard life.

Wed Dec 24 2008 13:15 13 days ago

Add a comment

Back into video editing and where has Sony vegas been all my life? Could live with windows this. Do I want a root kit though?

Tue Dec 23 2008 22:51 14 days ago

Add a comment

So if I get this right it's now ruby on merb on rails? Or does rack go in the middle somewhere. Must find a place for cucumber slices.

Tue Dec 23 2008 21:22 14 days ago

Add a comment

Daughter victoria has her first Xmas present: a bookmark to the Disney web site. She's into mickey mouse. Dora is on the way out.

Tue Dec 23 2008 20:10 14 days ago

Add a comment

Peter's Moblog

Peter's Blog

Comment spam

Comment spam

Have Your Say

Recent blog posts

Twitterings

Stuff