Support » Plugins » Nice idea, but don’t get too cocky

  • This WP SpamFree plugin is a nice idea for defeating spammers, but it’s not very robust. I subjected the plugin to some testing, and managed to defeat it with a commenting bot after only a few minutes.

    So those of you who are using this plugin, enjoy it while it lasts. But once a significant number of people start using this, spammers will modify their bots to defeat the plugin.

    I give proof here. The juiciest bits are redacted from the code so I don’t give the spammers too much help, but you’ll see how easy it is nonetheless.

Viewing 8 replies - 1 through 8 (of 8 total)
  • @adamrbrown: Ah, a challenge…nice. 🙂

    No one is cocky. If you read the brief on the site, I don’t say that it blocks 100% of bots, but it comes close. I’ve known bots like this are out there – I just haven’t seen them very often. No current spam protection will be useful in a year or two if it doesn’t evolve, but this one makes a huge difference for most people, right here, right now, and that’s what people need.

    It actually would have been more constructive if you had contacted me directly with your findings before posting it publicly, but no worries. I’ll test out your code. And I’ve got some things in the works for future versions that your bots won’t be able to beat. I enjoy a challenge though so let’s chat. 🙂

    I tried contacting you directly, but I’ve gotten 403 errors all over your site since last Thursday or so when I started checking.

    I’m swamped at the moment, but I’ll send you an email later on this week with the full code of the bot and with a couple suggestions about how to make this more robust.

    And I admit that “cocky” was a poor word choice. Perhaps “overly confident” would be better.

    Great! This is sure to be another go-to weapon in the war against spam, especially now that “the challenge” was issued. Filtering out the obvious spam first makes human filtering that much easier. I look forward to seeing how this plugin evolves.

    @adamrbrown: That’s actually funny about the 403’s…your bot probably triggered an anti-bot security measure we have installed on our sites. I contacted you on your contact form so you can email me back at that address and we can get in touch. No worries about being swamped. I totally understand that one. Whenever you have a chance is fine. In the mean time, I’ll be working on the next set of features.

    No problem at all…the only reason for confidence is results. You’re probably familiar with the fact security or any similar concept there is never 100% security, but rather risk reduction and decreasing likelihood of a successful attack. Stopping spam basically works the same way, and WP-SpamFree is a practical solution that drastically decreases the likelihood of an automated comment spam getting through. I haven’t had any reports yet of bots beating in everyday implementation, although I’d like it if people would report that so I could make it even better.

    I look forward to your email and actually really appreciate your proof of concept post because it gives me the opportunity make WP-SpamFree better. 🙂 Full credit will be given for any contributions you make.

    @jonlandrum: Thanks for your comment. That’s exactly the intent! To be a front-end filter for obvious spam. I’ll definitely keep you guys posted on future progress.

    The plugin was just blockin all comments on my site, I found odd didn’t get any comment for days, then tried to make a comment on Opera with JS / Cook enabled & got that error message .. any idea?

    @bigmumu: Make sure you are upgraded to the latest version. An earlier version did something like that with blogs that had fancy permalinks enabled, but none of the newer versions should be having that error.

    Nope, I have the 1.3.1 version & WP 2.2.2, could be WP needs to be upgraded?

    I just popped over to the extend page for this plugin, and am pleasantly surprised to see it’s still in development! I’d rather have a local spam solution, rather than having every comment passing through a remote server.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Nice idea, but don’t get too cocky’ is closed to new replies.