Comment Spam!
Locked
 
Administrator
|
Wow! I just got hit with over *400* comment spams on backspaces!
I had heard about it but had not personally experienced it. Its why you get those weird and annoying "tell me what this distorted image says" tickets before being able to enter your comment for forums or blogs. So I've instituted several suggestions on this page: http://textpattern.net/wiki/index.php?title=Combat_Comment_Spam .. but it seems a difficult problem to solve, other than simply moderating every comment. Have any of us friamers had this happen to their sites? Any interesting solutions? -- Owen Owen Densmore http://backspaces.net |
|
|
http://en.wikipedia.org/wiki/Captcha
http://www.captcha.net/ CAPTCHA(TM)s (the distorted word thingys "Completely Automated Public Turing test to tell Computers and Humans Apart") and other cognitive puzzles (pick the picture of a kitten from the 9 pictures to prove you are not a spambot) seem to be de riguer... though there are techniques for defeating them on the large scale. For a small site, just implementing a *bad* captcha can be enough to prevent minor/lazy spambots from visiting. Another techniques I've seen include the use of awful click-with-mouse javascript keypad where the numbers move around, and the numbers are graphics, but the code doesn't say which key is which number (its obfuscated), so a computer reading the webpage can't tell which buttons to press. Its super-duper annoying. ~~James On 10/27/06, Owen Densmore <owen at backspaces.net> wrote: > Wow! I just got hit with over *400* comment spams on backspaces! > > I had heard about it but had not personally experienced it. Its why > you get those weird and annoying "tell me what this distorted image > says" tickets before being able to enter your comment for forums or > blogs. > > So I've instituted several suggestions on this page: > http://textpattern.net/wiki/index.php?title=Combat_Comment_Spam > .. but it seems a difficult problem to solve, other than simply > moderating every comment. > > Have any of us friamers had this happen to their sites? Any > interesting solutions? > > -- Owen > > Owen Densmore http://backspaces.net |
|
Administrator
|
Yup, captcha was a possible plugin choice for my Textpattern system.
But I wanted to avoid it if possible, I find them really annoying. So I tried two alternative plugins: - A simple link counter: more than 2 links require moderation, more than 5 are tossed. This one also has a small list of obvious words (viagra, porn, ...) to check for as well. - A known spam-bot list which uses the current hot bot ip addresses to toss spam. Between the two of these, I looked at my logs this morning and they foiled *200* attempts with none getting through! So that looks promising. -- Owen Owen Densmore http://backspaces.net On Oct 27, 2006, at 10:53 PM, James Steiner wrote: > http://en.wikipedia.org/wiki/Captcha > http://www.captcha.net/ > > CAPTCHA(TM)s (the distorted word thingys "Completely Automated Public > Turing test to tell Computers and Humans Apart") and other cognitive > puzzles (pick the picture of a kitten from the 9 pictures to prove you > are not a spambot) seem to be de riguer... though there are > techniques for defeating them on the large scale. > > For a small site, just implementing a *bad* captcha can be enough to > prevent minor/lazy spambots from visiting. > > Another techniques I've seen include the use of awful click-with-mouse > javascript keypad where the numbers move around, and the numbers are > graphics, but the code doesn't say which key is which number (its > obfuscated), so a computer reading the webpage can't tell which > buttons to press. Its super-duper annoying. > > ~~James > > On 10/27/06, Owen Densmore <owen at backspaces.net> wrote: >> Wow! I just got hit with over *400* comment spams on backspaces! >> >> I had heard about it but had not personally experienced it. Its why >> you get those weird and annoying "tell me what this distorted image >> says" tickets before being able to enter your comment for forums or >> blogs. >> >> So I've instituted several suggestions on this page: >> http://textpattern.net/wiki/index.php?title=Combat_Comment_Spam >> .. but it seems a difficult problem to solve, other than simply >> moderating every comment. >> >> Have any of us friamers had this happen to their sites? Any >> interesting solutions? >> >> -- Owen >> >> Owen Densmore http://backspaces.net > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9a-11:30 at cafe at St. John's College > lectures, archives, unsubscribe, maps at http://www.friam.org |
Comment Spam!
|
|
Do you send spam to spam at uce.gov?
http://www.ftc.gov/opa/2004/07/newspamemail.htm Lou ----- Original Message ----- From: "Owen Densmore" <[hidden email]> To: "The Friday Morning Applied Complexity Coffee Group" <friam at redfish.com> Sent: Saturday, October 28, 2006 8:04 AM Subject: Re: [FRIAM] Comment Spam! > Yup, captcha was a possible plugin choice for my Textpattern system. > But I wanted to avoid it if possible, I find them really annoying. > > So I tried two alternative plugins: > - A simple link counter: more than 2 links require moderation, more > than 5 are tossed. This one also has a small list of obvious words > (viagra, porn, ...) to check for as well. > - A known spam-bot list which uses the current hot bot ip addresses > to toss spam. > > Between the two of these, I looked at my logs this morning and they > foiled *200* attempts with none getting through! So that looks > promising. > > -- Owen > > Owen Densmore http://backspaces.net > > > On Oct 27, 2006, at 10:53 PM, James Steiner wrote: > >> http://en.wikipedia.org/wiki/Captcha >> http://www.captcha.net/ >> >> CAPTCHA(TM)s (the distorted word thingys "Completely Automated Public >> Turing test to tell Computers and Humans Apart") and other cognitive >> puzzles (pick the picture of a kitten from the 9 pictures to prove you >> are not a spambot) seem to be de riguer... though there are >> techniques for defeating them on the large scale. >> >> For a small site, just implementing a *bad* captcha can be enough to >> prevent minor/lazy spambots from visiting. >> >> Another techniques I've seen include the use of awful click-with-mouse >> javascript keypad where the numbers move around, and the numbers are >> graphics, but the code doesn't say which key is which number (its >> obfuscated), so a computer reading the webpage can't tell which >> buttons to press. Its super-duper annoying. >> >> ~~James >> >> On 10/27/06, Owen Densmore <owen at backspaces.net> wrote: >>> Wow! I just got hit with over *400* comment spams on backspaces! >>> >>> I had heard about it but had not personally experienced it. Its why >>> you get those weird and annoying "tell me what this distorted image >>> says" tickets before being able to enter your comment for forums or >>> blogs. >>> >>> So I've instituted several suggestions on this page: >>> http://textpattern.net/wiki/index.php?title=Combat_Comment_Spam >>> .. but it seems a difficult problem to solve, other than simply >>> moderating every comment. >>> >>> Have any of us friamers had this happen to their sites? Any >>> interesting solutions? >>> >>> -- Owen >>> >>> Owen Densmore http://backspaces.net >> >> ============================================================ >> FRIAM Applied Complexity Group listserv >> Meets Fridays 9a-11:30 at cafe at St. John's College >> lectures, archives, unsubscribe, maps at http://www.friam.org > > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9a-11:30 at cafe at St. John's College > lectures, archives, unsubscribe, maps at http://www.friam.org > |
|
Administrator
|
No. Blog/Website comment spam is sufficiently different from email
spam that the problem is just being analyzed and solved. The Textpattern community has done well with their system, ditto for WordPress. And many use the annoying "what is the number in this image" solution. -- Owen Owen Densmore http://backspaces.net On Oct 29, 2006, at 9:20 AM, Louis Macovsky, Dynamic BioSystems wrote: > Do you send spam to spam at uce.gov? > > http://www.ftc.gov/opa/2004/07/newspamemail.htm > > Lou > > > ----- Original Message ----- > From: "Owen Densmore" <owen at backspaces.net> > To: "The Friday Morning Applied Complexity Coffee Group" > <friam at redfish.com> > Sent: Saturday, October 28, 2006 8:04 AM > Subject: Re: [FRIAM] Comment Spam! > > >> Yup, captcha was a possible plugin choice for my Textpattern system. >> But I wanted to avoid it if possible, I find them really annoying. >> >> So I tried two alternative plugins: >> - A simple link counter: more than 2 links require moderation, more >> than 5 are tossed. This one also has a small list of obvious words >> (viagra, porn, ...) to check for as well. >> - A known spam-bot list which uses the current hot bot ip addresses >> to toss spam. >> >> Between the two of these, I looked at my logs this morning and they >> foiled *200* attempts with none getting through! So that looks >> promising. >> >> -- Owen >> >> Owen Densmore http://backspaces.net >> >> >> On Oct 27, 2006, at 10:53 PM, James Steiner wrote: >> >>> http://en.wikipedia.org/wiki/Captcha >>> http://www.captcha.net/ >>> >>> CAPTCHA(TM)s (the distorted word thingys "Completely Automated >>> Public >>> Turing test to tell Computers and Humans Apart") and other cognitive >>> puzzles (pick the picture of a kitten from the 9 pictures to >>> prove you >>> are not a spambot) seem to be de riguer... though there are >>> techniques for defeating them on the large scale. >>> >>> For a small site, just implementing a *bad* captcha can be enough to >>> prevent minor/lazy spambots from visiting. >>> >>> Another techniques I've seen include the use of awful click-with- >>> mouse >>> javascript keypad where the numbers move around, and the numbers are >>> graphics, but the code doesn't say which key is which number (its >>> obfuscated), so a computer reading the webpage can't tell which >>> buttons to press. Its super-duper annoying. >>> >>> ~~James >>> >>> On 10/27/06, Owen Densmore <owen at backspaces.net> wrote: >>>> Wow! I just got hit with over *400* comment spams on backspaces! >>>> >>>> I had heard about it but had not personally experienced it. Its >>>> why >>>> you get those weird and annoying "tell me what this distorted image >>>> says" tickets before being able to enter your comment for forums or >>>> blogs. >>>> >>>> So I've instituted several suggestions on this page: >>>> http://textpattern.net/wiki/index.php?title=Combat_Comment_Spam >>>> .. but it seems a difficult problem to solve, other than simply >>>> moderating every comment. >>>> >>>> Have any of us friamers had this happen to their sites? Any >>>> interesting solutions? >>>> >>>> -- Owen >>>> >>>> Owen Densmore http://backspaces.net >>> >>> ============================================================ >>> FRIAM Applied Complexity Group listserv >>> Meets Fridays 9a-11:30 at cafe at St. John's College >>> lectures, archives, unsubscribe, maps at http://www.friam.org >> >> >> ============================================================ >> FRIAM Applied Complexity Group listserv >> Meets Fridays 9a-11:30 at cafe at St. John's College >> lectures, archives, unsubscribe, maps at http://www.friam.org >> > > > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9a-11:30 at cafe at St. John's College > lectures, archives, unsubscribe, maps at http://www.friam.org |
|
|
The standard method for spam in e-mail seems to be naive Bayesian
classifiers. Do any similar packages exist for blog comments? On 10/29/06, Owen Densmore <owen at backspaces.net> wrote: > No. Blog/Website comment spam is sufficiently different from email > spam that the problem is just being analyzed and solved. > > The Textpattern community has done well with their system, ditto for > WordPress. And many use the annoying "what is the number in this > image" solution. > > -- Owen > > Owen Densmore http://backspaces.net > > > On Oct 29, 2006, at 9:20 AM, Louis Macovsky, Dynamic BioSystems wrote: > > > Do you send spam to spam at uce.gov? > > > > http://www.ftc.gov/opa/2004/07/newspamemail.htm > > > > Lou > > > > > > ----- Original Message ----- > > From: "Owen Densmore" <owen at backspaces.net> > > To: "The Friday Morning Applied Complexity Coffee Group" > > <friam at redfish.com> > > Sent: Saturday, October 28, 2006 8:04 AM > > Subject: Re: [FRIAM] Comment Spam! > > > > > >> Yup, captcha was a possible plugin choice for my Textpattern system. > >> But I wanted to avoid it if possible, I find them really annoying. > >> > >> So I tried two alternative plugins: > >> - A simple link counter: more than 2 links require moderation, more > >> than 5 are tossed. This one also has a small list of obvious words > >> (viagra, porn, ...) to check for as well. > >> - A known spam-bot list which uses the current hot bot ip addresses > >> to toss spam. > >> > >> Between the two of these, I looked at my logs this morning and they > >> foiled *200* attempts with none getting through! So that looks > >> promising. > >> > >> -- Owen > >> > >> Owen Densmore http://backspaces.net > >> > >> > >> On Oct 27, 2006, at 10:53 PM, James Steiner wrote: > >> > >>> http://en.wikipedia.org/wiki/Captcha > >>> http://www.captcha.net/ > >>> > >>> CAPTCHA(TM)s (the distorted word thingys "Completely Automated > >>> Public > >>> Turing test to tell Computers and Humans Apart") and other cognitive > >>> puzzles (pick the picture of a kitten from the 9 pictures to > >>> prove you > >>> are not a spambot) seem to be de riguer... though there are > >>> techniques for defeating them on the large scale. > >>> > >>> For a small site, just implementing a *bad* captcha can be enough to > >>> prevent minor/lazy spambots from visiting. > >>> > >>> Another techniques I've seen include the use of awful click-with- > >>> mouse > >>> javascript keypad where the numbers move around, and the numbers are > >>> graphics, but the code doesn't say which key is which number (its > >>> obfuscated), so a computer reading the webpage can't tell which > >>> buttons to press. Its super-duper annoying. > >>> > >>> ~~James > >>> > >>> On 10/27/06, Owen Densmore <owen at backspaces.net> wrote: > >>>> Wow! I just got hit with over *400* comment spams on backspaces! > >>>> > >>>> I had heard about it but had not personally experienced it. Its > >>>> why > >>>> you get those weird and annoying "tell me what this distorted image > >>>> says" tickets before being able to enter your comment for forums or > >>>> blogs. > >>>> > >>>> So I've instituted several suggestions on this page: > >>>> http://textpattern.net/wiki/index.php?title=Combat_Comment_Spam > >>>> .. but it seems a difficult problem to solve, other than simply > >>>> moderating every comment. > >>>> > >>>> Have any of us friamers had this happen to their sites? Any > >>>> interesting solutions? > >>>> > >>>> -- Owen > >>>> > >>>> Owen Densmore http://backspaces.net > >>> > >>> ============================================================ > >>> FRIAM Applied Complexity Group listserv > >>> Meets Fridays 9a-11:30 at cafe at St. John's College > >>> lectures, archives, unsubscribe, maps at http://www.friam.org > >> > >> > >> ============================================================ > >> FRIAM Applied Complexity Group listserv > >> Meets Fridays 9a-11:30 at cafe at St. John's College > >> lectures, archives, unsubscribe, maps at http://www.friam.org > >> > > > > > > > > ============================================================ > > FRIAM Applied Complexity Group listserv > > Meets Fridays 9a-11:30 at cafe at St. John's College > > lectures, archives, unsubscribe, maps at http://www.friam.org > > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9a-11:30 at cafe at St. John's College > lectures, archives, unsubscribe, maps at http://www.friam.org > -- Giles Bowkett http://www.gilesgoatboy.org |
|
|
In today's Coding Horror Jeff Atwood talks about the effectiveness of
CAPTCHAs and how the news of their demise is greatly exaggerated. Also, he says that even though his own site uses a very simple CAPTCHA (the test word is the same, every time), it reduces (his claim) comment spam on his site by 99.9% ~~James _____________________ http://www.turtlezero.com |
|
Administrator
|
Holy cow! I hadn't any idea just how far folks had to go to protect
themselves! The fact that OCR doesn't help is quite surprising to me. Good article, thanks. I'm still getting well over 200 hits a day, and no comment spam after the two simple plugins. And still don't need CAPTCHA, apparently .. but I'll use it in a minute if I need to, its available for Textpattern. I forgot to mention one other spam blocking trick Textpattern uses: You *must* preview your comment before submitting it. This kept the comment spam away for over a couple of years, but now apparently is being defeated by the blog spammers. -- Owen Owen Densmore http://backspaces.net On Oct 30, 2006, at 8:14 AM, James Steiner wrote: > In today's Coding Horror Jeff Atwood talks about the effectiveness of > CAPTCHAs and how the news of their demise is greatly exaggerated. > > Also, he says that even though his own site uses a very simple CAPTCHA > (the test word is the same, every time), it reduces (his claim) > comment spam on his site by 99.9% > > ~~James > _____________________ > http://www.turtlezero.com > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9a-11:30 at cafe at St. John's College > lectures, archives, unsubscribe, maps at http://www.friam.org |
|
|
On 10/30/06, Owen Densmore <owen at backspaces.net> wrote:
> Holy cow! I hadn't any idea just how far folks had to go to protect > themselves! The fact that OCR doesn't help is quite surprising to > me. Good article, thanks. Well, that's the whole idea, right? CAPTCHAs were invented with the intent that they are unreadable by even good OCR, thus not readily machine-translatable, thus decent assurance that a human, and not an automated process, is entering that comment or creating that free email account. So, rather than detecting and removing comment spam *after* they are created, you prevent them from being created in the first place. The good news in Atwood's article for me is that CAPTCHAs don't have to be so terribly obfuscated that they become illegible to humans, too. I've seen some really hard-to-read CAPTCHAs, and I'm hopeful that mroe focus is put on making tests that are *easy* for humans to read, but hard for computers...not hard for both, or worse, hard for humans but easy for computers! I imagine that the next-hardest thing will be CAPTCHAs that are animations, where all the letters don't appear in the frame at the same time, or in the correct order. ~~James __________ http://turtlezero.com |
|
|
In reply to this post by Owen Densmore
Owen Densmore wrote:
> Wow! I just got hit with over *400* comment spams on backspaces! ... > Have any of us friamers had this happen to their sites? Any > interesting solutions? I have no site to which this could happen, so take my suggestion for what it's worth. That said, I think one could turn the spammers' methods back on themselves. Many spam emails have obfuscated words in the subject to fool spam filters. The filters don't recognize these obfuscations but the human mind does recognize enough to translate them. That's how some word puzzles work, also. So, instead of a CAPTCHA that is so warped the average person can't figure out what letter or number it is meant to hide, why not present obfuscated words just like the spam emails? Humans can figure these out readily - the spambots can't do any better than the spam filters. -- Ray Parks rcparks at sandia.gov IDART Project Lead Voice:505-844-4024 IORTA Department Mobile:505-238-9359 http://www.sandia.gov/scada Fax:505-844-9641 http://www.sandia.gov/idart Pager:800-690-5288 |
|
|
If you google this topic, you'll discover people in both the open
source world and the academic world who have successfully developed systems for defeating captchas. In fact, an automated captcha-defeat service may exist which offers its users a 2% success rate. There may be a company here in Santa Fe which uses such a service. It may also be possible to buy captcha-defeating source code which allegedly offers a roughly 50% success rate. And there may also be a company here in Santa Fe which is looking into purchasing such source code. Not that I would know... Captchas are already hard to use, and pretty soon they're also going to be easy to beat. (Statistical AI techniques, however, are easy to use, and hard to beat.) -- Giles Bowkett http://www.gilesgoatboy.org |
|
|
In reply to this post by Owen Densmore
Hmm, what goes around. There's an article on Slashdot yesterday,
http://it.slashdot.org/it/06/11/12/2048219.shtml, about hiding email addresses on web pages, which leads to this article on SANS, http://isc.sans.org/diary.php?storyid=1836, about avoiding contact form spam. The trick, it appears, is to make your web page into a honeypot for web bots. You load the page with text form entry fields which are hidden, or style="display:none", so they don't appear to your user on the web page. You leave the hidden fields empty. When the bot mindlessly fills them in, you reject the submission. -- rec -- On 10/27/06, Owen Densmore <owen at backspaces.net> wrote: > Wow! I just got hit with over *400* comment spams on backspaces! > > I had heard about it but had not personally experienced it. Its why > you get those weird and annoying "tell me what this distorted image > says" tickets before being able to enter your comment for forums or > blogs. > > So I've instituted several suggestions on this page: > http://textpattern.net/wiki/index.php?title=Combat_Comment_Spam > .. but it seems a difficult problem to solve, other than simply > moderating every comment. > > Have any of us friamers had this happen to their sites? Any > interesting solutions? > > -- Owen > > Owen Densmore http://backspaces.net > > > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9a-11:30 at cafe at St. John's College > lectures, archives, unsubscribe, maps at http://www.friam.org > |
«
Return to Friam
|
1 view|%1 views
| Free forum by Nabble | Edit this page |