WordPress.org

Ready to get started?Download WordPress

Forums

Comment spam prevention (20 posts)

  1. ScottAllen
    Member
    Posted 10 years ago #

    Well, it's happening -- comment spam (already!)
    At a bare minimum, we need to have an option to disallow hyperlinks in comments and have it strip out any A HREF and /a tags
    Beyond that...
    - word filtering
    - blacklisting
    - other suggestions?

  2. otaku42
    Member
    Posted 10 years ago #

    @other suggestions: comment moderation is already available, and automated comment moderation will be available soon. Things that are planned are blacklisting and bayesian filters.
    Disallowing hyperlinks is (in my eyes) a bad idea. This will not just break the spam, but also other usefull links. Respectively, it won't just break the spammers google ranking, but also other (wanted) site's rank. And as Phil Ringnalda wrote in a comment to this blog post:

    Something to consider, while looking for a way out of the spam nightmare we are in right now: anything (including not linking legit commenter's URLs) which makes you have less impact on Google is a win for them.

    By the way: you might be interested in joining the BlaM project (http://blam.sf.net), even if it is very silent currently. I'm aiming to get some things done as soon as I'm finished with the stuff I'm working on at my business job (hopefully by the end of this month).
    Bye, Mike

  3. Anonymous
    Unregistered
    Posted 10 years ago #

    where is the comment moderation? what build first contained it?

  4. Cena
    Member
    Posted 10 years ago #

    They're in 1.o, under options->general blog settings.

  5. antifuse
    Member
    Posted 10 years ago #

    Dammit, I should have shut my big mouth... About 10 minutes after that comment I made, my first WP comment spam! :/

  6. OperaManiac
    Member
    Posted 10 years ago #

    always allow from this person
    now how would the backend make sure the comments made will be made by the same individual? :S

  7. Jeremiah
    Member
    Posted 10 years ago #

    Suhubh: Good question.. lol Maybe a 'smart' cookie? at the same time that you remember the information for the commenter (name, e-mail, etc.) you could track the major parts of the ip address?
    If the name e-mail and ip range match, then allow the post to come through unmoderated.
    Or, if you don't display the e-mail address on the site, then you could just do a check to see if the e-mail and the name match your records. The spambots shouldn't be able to circumvent that.

  8. otaku42
    Member
    Posted 10 years ago #

    @"allow from this person": currently there is no safe way to distinct people (or prevent others from faking their identity). This will last until there is a "register before posting a comment" function available, which I personally would dislike a lot. But the base idea (disabling links until comment gets approved) would be a nice feature. I put that on the "To Do list" :)

  9. ThatAdamGuy
    Member
    Posted 10 years ago #

    How about this:
    - Comments from registered users are posted immediately
    - Comments from unregistered users are queued for review
    Would this be possible / desireable?

  10. Lester Chan
    Member
    Posted 10 years ago #

    erm just do not allow people to post in post that are older than 30 days will combat most of the spams. At least that works for me

  11. antifuse
    Member
    Posted 10 years ago #

    I like getting comments on old posts... often it gives me material for new posts :) I like ThatAdamGuy's idea.

  12. ThatAdamGuy
    Member
    Posted 10 years ago #

    > erm just do not allow people to post in post that are older than
    > 30 days will combat most of the spams. At least that works for me
    Like Antifuse, I like getting comments on old entries. In my case, I actually already get MORE (legitimate) comments in my old entries because some of them have become quite popular via Google searches. The last thing I want is for people to discover my blog via a keyword search and discover that the entry that mosts interests them is closed to commenting.
    However, I do realize that comment spammers tend to gravitate towards the old entries. And while this might be over-complicated, maybe a points system is in order, sort of like how some e-mail anti-spam systems work (e.g., SpamAssasin)?
    A comment would get 'points' if:
    - it's posted to an entry older than [x] days
    - it is spam based on a Bayesian measurement
    - it is by someone with an unrecognized e-mail address (someone who hasn't posted before)
    - it was posted less than [x] seconds after a previous post by the same IP address or with the same URL
    ... and all comments with more than a certain number of points would get rejected as spam. Actually, what'd be really amusing is if they were "posted" but only visible to the poster himself/herself (based upon cookies/IP addresses, etc.) so the spammer'd THINK the note got posted, but no one else would see it.
    Sure, this would take some configuring, but the neat part is that -- in its multi-prongness -- it'd be ridiculously difficult for spammers to defeat! They wouldn't know which specific features were triggering the refusal of their spam, and so it'd be quite hard for them to adapt.
    What do you think?

  13. Matt Mullenweg
    Troublemaker
    Posted 10 years ago #

    TAG, that's exactly the kind of thing I had in mind. Maybe in 1.1, we'll see.

  14. Matt Mullenweg
    Troublemaker
    Posted 10 years ago #

    And expanding on the date idea, it would make sense to give points to a comment left on an entry that is no longer on the front page. Other possible tests for points:
    * More than two dashes in domain name
    * Never left approved comment before (match URI or email or both)
    * Keywords (viagra, phene*, casino, explicit words)
    * What else?

  15. NuclearMoose
    Member
    Posted 10 years ago #

    Whoa! Matt, Adam...I was thinking the EXACT SAME THING TOO! What are the odds of that? :)
    Craig.

  16. ThatAdamGuy
    Member
    Posted 10 years ago #

    It's great that so many of us are on the same page, apparently!
    Matt... one thing I would, however, recommend against is too much separate keyword parsing. As we know from e-mail, spammers have a remarkable tendency to alter their wording (v1agra, expand your 'member', f*ree, etc.), and that merely becomes an arms race. Additionally, there's simply too much overlap in language (people joke about viagra, folks may use harsh language in non-spam comments, and so on).
    Instead, I'd focus more on the behavioral / process aspects you've highlighted (never left approved comment before, comment on entry no longer on front page, etc.).
    In terms of filtering priorities, I'd likely to humbly suggest that the e-mail / URI test is the biggest one in my opinion. Especially if we assume e-mail addresses are not publicly listed (my preference), this then becomes a user-friendly password system of sorts that would be onerous for the spammer to thwart.

  17. Alex King
    Member
    Posted 10 years ago #

    Blacklisting of domain names is actually very effective since to spam, they have to include the link.

  18. ThatAdamGuy
    Member
    Posted 10 years ago #

    True. But that can be so easily obfuscated with a zillion different free 'forwarding' services like tinyurl.com :|.

  19. antifuse
    Member
    Posted 10 years ago #

    Yeah, but since such a huge part of comment spamming is all about the google ranking, they won't get an increased google ranking if they have to resort to using tinyurl....

  20. ThatAdamGuy
    Member
    Posted 10 years ago #

    True.
    Though unfortunately, the asses who do crapflooding act not in the interest of their sites' page rank, but rather just act to annoy or DoS their victims. So, from what I understand, they just include randomized URLs anyway :(

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.