si-blog

Comments and referrals

Posted Jun 23, 2004 in si-blog.

Comment spam is on the increase again. I cannot believe that people can be bothered to make the effort, but they do. Unwanted referrals are increasing as well. Some son of a bitch obviously entered this domain name into one or more porn directories, so hundreds of porn sites keep on linking to me. I can't help feeling that the vistors must be a little disappointed...

Anyway, these problems need to be overcome. The new version of this blog (expect it to be a few weeks down the line) will no longer have a referral page. I will still collect and display statistics, but referrals will be nixed. Comments, however, are going to be a bigger problem.

I am thinking of requiring users to sign in (after a one-time-only registration) before allowing them to post a comment. I'm leaning toward the confirmation email route, so that I can personally vet each registrant. That means anyone who wants to post will be required to cough up a valid email address (which will then act as a password). A cookie will make it easier for the frequent posters. What do you think?

Comments

  1. Gravatar

    I still get the referer spam even though I don't have a referer page. That's why I've installed the throttle that I linked to in an earlier post here. I had something come in and hit 50 pages in a minute, passing a false referer. 'Nuff of that.

    Wrt comments, I would register to comment.

    We have recently begun a stopword and stopip and stopURL list for posting comments on our site, though at the moment I only have one of each. There hasn't been much spam, yet.

    Posted by Mike P. on Jun 23, 2004.

  2. Gravatar

    Moderation is the word. It annoys no one and it works quite well. I have not experienced that problem on my site, but every post get comments moderation after it is a week old. After a week, I need to approve for the comments to show.

    You could choose to approve, regardless of the age.

    Posted by David Collantes on Jun 23, 2004.

  3. Gravatar

    My thoughts...
    Make people jump through a logic hoop before posting. Have a simple 'key' that is required to post a comment, and refer to the key in some logical way like, "To leave a comment, enter the key that is the sum of thirteen plus eight" or something similar.
    http://www.modeconfusion.com/archives/web_technology/000032.html

    Posted by Andrew on Jun 23, 2004.

  4. Gravatar

    Hmm. That is an interesting solution, Andrew. I'll give that some thought.

    Posted by Simon Jessey on Jun 23, 2004.

  5. Gravatar

    Andrew suggestion is easier to by-pass than a captcha. Comment spammers hasn't use scripts on my site in the past, they simply post a comment like I am doing it here right now. The closer it gets to not getting comment spam _to show_ is by using comment moderation, as I said before. Not even registration will stop spamming, because the spammer can use a one time only email account to spam you and once that one is blocked, another one can easily be adquired.

    Posted by David Collantes on Jun 23, 2004.

  6. Gravatar

    Well, it's just one of those instant thought things I had.

    My thinking was that this is an economic war. As long as it is reasonably profitable to comment spam, it will continue. Profitable means that the level of effort must be low and the return fairly high.

    If manually putting spam on sites results in one purchase for every ten sites, it's probably just about breaking even. I can't imagine they'll get that kind of conversion rate.

    So in the long run, for comment spam to work - and therefore continue - it has to go automated.

    Is my thought really that easily circumnavigated by a machine? What if the riddle changed? "Enter the third through fourth letter in the word 'Excedrin'" and then on the next post, "The comment code is the number of bagels in a baker's dozen."

    How could you programmatically answer those questions reliably??

    I suppose brute force would work. You'd have to refuse more than five attempts by any IP within an hour.

    Posted by Andrew on Jun 23, 2004.

  7. Gravatar

    Perhaps I should only allow people who donate $1,000 via my PayPal button to comment! No takers? Awwww...

    Posted by Simon Jessey on Jun 24, 2004.

  8. Gravatar

    Hehehe, that was a good one, Jessey!

    Posted by David Collantes on Jun 24, 2004.