LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Suggestion to cut down website comment spam

[ILUG] Suggestion to cut down website comment spam

Cian Davis davisc at skynet.ie
Tue Jan 23 00:52:58 GMT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi All,
First off - I can't claim credit for this. I found some website a
while ago that detailed the idea but I can't find that website now.

I have a website for all my photos (http://photos.killminus9.net if
anyone is interested, source is at
http://www.killminus9.net/index.php?article=17). I wanted to allow
people to comment on pictures. Problem was, surprise, surprise, it got
spammed.

I didn't want to require login for comments. First batch was easy to
catch - they had (for some reason) an md5 hash at the start of the
comment. That stopped working after a while.

The solution suggested on the website was to have a textbox with the
CSS attribute display set to none. So I have

<div class="hdefrm">
<textarea name="text" cols="50" rows="5">DO NOT USE THIS
TEXTBOX</textarea>
</div>

and in the CSS file

.hdefrm
{
        display: none;
}


If "text" is submitted with some other value apart from "DO NOT USE
THIS TEXTBOX", a row is inserted into a MySQL table and if that IP
tries to access the site again, they are told they have been
blacklisted and to contact me.

It's been running for a few months but only got it's first victims
last Friday - 33 different IP addresses over 2 minutes at 18:00. And
no false positives. BTW, if anyone has a theory as to why the 2 albums
that always get spammed are the pictures of the Paris Air Show and
Skiing 2005 photos, I'd love to hear it.

I run a few websites that have major problems with registration spam
and comment spam. I had thought of setting up a DNSBL for website
comment spam as the few current ones for mail I tried didn't have many
of the spammers listed. It was pointed out though that mail shouldn't
be relayed by individual machines really but direct  web access would
generally be legit. Also, they could well be in a DNS pool. Anyone
figure it's worth a go? Pity the apache module to deny access based on
listing in a DNSBL hasn't been updated in a few years.

Hope this is helpful for people.

Regards,
Cian

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFtVxp2yUma7R/3b8RAsZiAKDZTo6jfre2Wd5GMWZNbju582bXpgCeLYX8
jUM/6WVklFIkeIDOBKaHB/g=
=nvzu
-----END PGP SIGNATURE-----

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell