Workbench: Programming, Publishing, Politics, and Popes

Written by Rogers Cadenhead | Home | Books | Code | E-Mail

Subscriptions

Workbench RSS feed RSS Feed

Workbench reading list Reading List

Menu

Get My APML

Working On

Drudge Retort
SportsFilter
Watching the Watchers
RSS Spec

Miscellany

Bob Kemp
Mean Green
Lottorobics

Technorati

XFN Friendly

Detecting Weblog Spam with Comment Flak

Because I don't want to add captchas to Workbench, this weblog has been drowning in comment spam. Since I began accepting comments in September 2002, I've received 13,000 legitimate comments and 172,000 spam.

I'm trying a new technique this week that makes spam easy to detect by putting a bunch of bogus text areas on a weblog form, hiding them with Cascading Style Sheets, and checking them for input when the comment is submitted. I call these fields comment flak.

Spammers typically put their junk comment in every text area on a form. When text shows up in any of these flak fields, my blogging software treats it as spam.

I've written a new Comment-Flak library for PHP that makes it easy to use this technique on any weblog published with PHP.

So far, 100 percent of the spam submitted to this weblog has been caught by this technique. This will drop if the technique becomes popular, but I'm hoping people will offer tips on how to make it harder to beat. The code has been released as open source under the GPL.

| programming | php | open-source, | 2006/10/25 05:47 PM | 9 COMMENTS

Make a Comment on This Entry
Comments

Now isn't that clever. Of course any system that becomes popular because it is successful will draw the effort necessary to insure its defeat -- perhaps releasing the code was a mistake? Even talking about the technique?

# 1 | Don McArthur | 2006-10-25 06:42 PM | link

 

I have a similar system hacked into my Wordpress install, and it has been very successful so far (in use for more than a year).

Kudos for resisting captchas :)

# 2 | MarkP | 2006-10-25 08:09 PM | link

 

I like the Akismet plugin for WordPress. It catches almost all of my comment spam. I haven't seen one slip by for a few months now.

# 3 | Mike | 2006-10-25 09:46 PM | link

 

I was going to try Akismet, but it kept rejecting my attempts to comment on Aaron Swartz's blog, claiming they were spam.

# 4 | Rogers Cadenhead | 2006-10-25 10:36 PM | link

 

Please don't say, "Victory is mine", because then either God or Dave Winer will say, "Vengeance is mine."

# 5 | Old Possum | 2006-10-25 11:54 PM | link

 

the Spam Karma 2 plugin for wordpress is an excellent collection of various spam triggers / detection mechanisms.

Highly recommended

# 6 | dbt | 2006-10-26 10:03 AM | link

 

Great product and idea!

# 7 | Ames Tiedeman | 2006-11-02 07:30 PM | link

 

nice work .hopefully it would be hard to detect

# 8 | john walter | 2006-11-10 05:41 PM | link

 

Does it actualy work
Seems not.

# 9 | Matt | 2006-12-24 07:38 AM | link

 

Add a Comment

These HTML tags are permitted: p, b, i, a, and blockquote. A comment may not include more than three links. Participants in this discussion should note the site's moderation policy.

:
:
:

Twitter

Andrew Sullivan's scariest take on Sarah Palin: "think Bush but less intellectual." about 1 day ago

News Headlines

Palin Pregnancy Highlights Need for 'The Talk' (1 comment)

Dems Leading in Voter Registration (26 comments)

Pats' Brady May Be Out for Season (29 comments)

Palin Agrees to Interview (113 comments)

Silent Movie Actress Anita Page Dies (18 comments)

MORE NEWS