Report: 30 days with no blog spam on Mephisto!
posted: May 8th, 2007 · by: Sven
I promised to keep you posted with the results of my experimental ”outer spam floodgate” Mephisto extension. Tell you what. I’m super-happy with the results as I haven’t seen any blog spam this month! Yes, right. No spam.
[Update]
This little anti-spam trick has been that efficient that I have had no blog comment spam to sort out for months (still counting). I therefore decided to “upgrade” to a slightly more sophisticated version (re-allowing commenters to add an email address) and re-vamped the whole thing as a more distributable Mephisto plugin instead of two shaky patches.
I’m going to put some notes about the new plugin asap. I’ve added an article about the plugin now: “Inverse Captcha Anti-Comment-Spam Technique: Now A Regular Mephisto Plugin”.
You may also want to refer to this page for additional information: Mephisto Inverse Captcha Anti-Comment-Spam Plugin.
The story
Last month (that was about one month after I had switched to Mephisto) I saw myself confronted with the annoying task to review a list of nearly 900 spammy comments. Backed by Akismet Mephisto had diligently sorted these comments aside and piled them up in the admin interface. 900 spam comments were awaiting my attention. Oha.
Actually, this even was a good thing! It meant that Akismet does an outstanding job. It’s just been far too much for me to review these one-by-one and thus I came up with two things:
- a patch for Mephisto to add a filter to the comments list in the admin interface - so that I could sort out the most obvious and prevalent comments quickly by filtering the comments with e.g. “cialis” and then sweeping these in one go.
- a patch that adds an additional layer to Mephistos spam protection using an “inverse captcha” technique (to the best of my knowledge Damien Katz described this first)
This additional layer is ment to keep out the vast majority of stupid bots. It’s clearly not failsafe and as soon as it’s targeted by a programmer it’s going to be broken in less than a wink. But actually that’s not even a problem because everything that gets through this “outer floodgate” will be picked up by Mephistos great Akismet integration anyway.
And that’s what I expected to happen this month: that there’d be at least some bots out there that use some kind of rendering engine and parse the markup and CSS. That these would have neutralized the “inverted captcha” technique and would have been able to get to the “inner gate”. In other words I expected that I would have seen at least some spam to be picked up by Mephistos Akismet integration and piled in the admin interface.
The results
Well, what can I tell? It didn’t happen. Nothing! Yes, literally. NOTHING. Nil, null, nada. No more feeling of being confronted with crapheads dumping their garbage on me every day.
Hurray :)
If your interested in checking this out on your own blog here are some resources:
(Please note that the latter obviously will only apply to my own blog theme - you’ll need to tweak this to implement it into your own theme accordingly.)
Alas! If there only where such a simple and effective way to better protect my e-mail inbox. But that’s a differnt kind of story, I guess.
The limitation
Of course my present implementation of the “inverse captcha” technique comes with the price of not knowing any commenters email adresses any more. I can think of two situations where this might be a problem:
- you want to contact somebody who commented on your blog
- you want to display gravatar images alongside the comments on your blog
I’m therefor planning to extend the current implementation to allow email addresses again but use a differently named field for them. Probably just obfuscating the field name in a simple, configurable way.
Feedback?
What do you think?
PS: For mail servers there’s “greylisting” as a relatively new technique. Both techniques have in common that they rely on a missing ability of a spam bot … which I think is an interesting aspect.
Saimon Moore said May 8th, 2007 at 09:09 PM ¶
Quick let me add this too….I’m pissed of with having to “delete all comments” all day long.
Thanks for this… :)
Sven said May 8th, 2007 at 11:49 PM ¶
Hey Saimon!
Have fun :) Let me know how things work out for you!
chrisrr said May 13th, 2007 at 08:55 PM ¶
I’ve been running on Typo for a long time which relies on AJAX to accomplish practically the same thing. Your implementation is pretty elegant though compared to that. I like it!
jack said January 23rd, 2011 at 11:28 AM ¶
thanks for that headsup. That’s a useful tip! I’ve never ran into that, but for sure that’s something quite some people will need a solution for. cheap vps
QQQ said February 7th, 2011 at 06:38 PM ¶
Finally we kissed and the passion scale went sky high and I knew I was onto a good thing - sex was a certainty free porn videos. She never hesitated when I began to fondle her breasts and she willingly exposed them for me mobile porn. They were firm and I suspected a breast enhancement but said nothing - they still felt good and I was enjoying them and gradually working my way further south free porn tube. She was a step ahead of me and before I could completely undress her she moved on me atk hairy and I was suddenly having my pants pulled down and I was enjoying one of he best cock sucking hairy pussy experiences I had ever had. ABB728019394
Marianne said March 1st, 2011 at 11:01 AM ¶
Yeah this was talked about on an entertainment site and I came to a similar conclusion.
chat said March 31st, 2011 at 07:27 PM ¶
Here is the mephisto blog fix:
The following cleaned up the issue:
Dependencies.loadoncepaths -= Dependencies.loadoncepaths.select{|path| \ path =~ %r(^#{File.dirname(FILE)}) }
Jens said April 5th, 2011 at 09:47 AM ¶
This looks like a nice feature. A friend of mine said - wenn du einen Blog aufmachst und auf Kurzreisen bist, dann hast du besser etwas um deinen wellness kurzreisen Blog sicher zu halten, dies stellt sich, dass da auch alles stimmt. I’m gone follow the advice and will try out the Mephisto Plugin on the Blog.
side sleeper pillow said April 22nd, 2011 at 07:03 AM ¶
Nicely written article, Knowledgeable and informative post. I’m really glad I came my way along your site. Keep posting, I really like the whole topic. Thanks for sharing.
Okey oyunu said May 12th, 2011 at 03:59 PM ¶
Thanks.
Tüm dünya artik okey oyunu oynuyor. Yillardir bir çok oyun programi olmasina ragmen, içlerinden en güzeli olarak nitelendirebilecegimiz tek bir site göze çarpmaktadir. Diger tüm okey oyunu programlarinin aksine ücretsiz olmasi ve 3 boyutlu olarak hizmet vermesi mükemmel bir gelismedir. Sizlerde www.okey-oyunu.com adresinden bu essiz okey oyununu indirebilirsiniz. Kullanimi çok basit ve Türkçe dil seçenegi ile kolaylikla oyuna baslayabilirsiniz. Ister kendi ülkenizden, isterseniz dünyanin tüm farkli bölgelerinden dilediginiz oyun odalarini seçerek, oyuna hemen baslayabilirsiniz. Okey oyunu oynamak için artik arkadas bile aramaniza gerek kalmadan, bilgisayarinizdan 100 binlerce üye ile online olarak okey oyununu oynamanin zevkine varabilirsiniz.
Chung22 said May 20th, 2011 at 08:00 AM ¶
Excellent post - very interesting research pass4sure 642-654 I will look more into this! keep it up. I found very good and pass4sure 642-971 informative blog and have bookmarked your site for future reference. I really appreciate your way pass4sure 642-975 of presenting such an excellent suggestion. I want more and i will come back here to see more updates in future as well. My best wishes for you always so keep it up.
porno said May 22nd, 2011 at 02:22 PM ¶
good comment. thanks you friends.
I’ve surfed the net more than three hours today, however, I haven’t found such useful information. Thanks a lot, it is really useful to me
porno said May 22nd, 2011 at 02:22 PM ¶
good comment. thanks you friends.
I’ve surfed the net more than three hours today, however, I haven’t found such useful information. Thanks a lot, it is really useful to me