I have to admit, the spammers are starting to get better at this. Normally it’s pretty easy, it’s a form response that’s incredibly generic, like “Keep posting this, I like it! By the way, spammyurl.com/holycrapdidlinuxexplodeherethisisacrazylongreferraladdress .”
Or sometimes it’s totally unrelated, like “Yeah, I love True Blood too. You can watch full episodes online at spammyurl.com/
ಠ_ಠ&ref=ಥ_ಥ by the way, even new unaired episodes!”
Now, though, it’s gotten a little clever. It’s working to force me to check the queue constantly by copying previously approved comments. I’m not sure if the goal is to match previous ham so the filters fail, then real comments can get through, or to force good comments into the spam filter, so ultimately it’s a human judgment call without Akismet’s handy filter of IP addresses. Granted, I generally just have to look for IPs out of the Eastern Bloc or China, but they also plan to trick people into approving spam addresses by making us think they’re from real commenters I think. Make me say “Oh, whoops, I thought I approved that comment already!”
I admit, it’s more clever than the “Hey, did you hear about product? I’m new to the forum, check out this URL! By the way, <HORRIBLE JOKE HERE>, ha ha ha!” series, but not quite as annoying. At least I’m not getting terrible cell phone joke of the day scam rejects stuck in my brain.
1 comment so far ↓
Hey, did you hear abou….
Hah. Only kidding.
I have an anti-spam solution which doesn’t use a captcha and works very well:
Have an input element on your comments form with a common name like ‘url’, which is likely to be filled-in by spam-bots. Next, hide the element with a style of display:none. Now, if you ever get a form submission whereby the ‘url’ input is not empty, you can safely discard that comment as bot-submitted. No human would be able to enter text into that field.
I’m not saying that it’s impossible for a spam-bot to detect a hidden input element, but think from their perspective: It’s substantially more work to write a bot which is also capable of parsing the DOM and CSS, plus taking the time download the stylesheets on every page they want to spam would at least double the time it takes to get the job done and would only net them, say, 1% more spam.
They’d rather miss out on the opportunity of spamming blogs which employ this mechanism anyway; they’re out to pollute blogs that don’t care about spam, not active spam police like yourself.
Works for me anyway.
Leave a Comment