|by Flemming Funch|
So, comment spam has begun to be a problem for my blog and for others using my newslog program who have public commenting turned on.
It is obviously automated programs doing it. They're surprisingly clever and circumventing the most obvious ways one would recognize them. But at the same time making mistakes that humans wouldn't do. Poster name or comment filled in as 'room' or 'site', for example. Which gives us a clue that somebody has written a spam program directed at chat rooms or forums. Which is flexible enough to work on blogs too, and figure out what fields to fill in.
Anyway, I've put up several lines of defense now, so let's see if they can get through that.
First I set up a blacklist for IPs. That has limited effectiveness because they manage to post the same spam from a bunch of different rather unrelated IPs. So either the IPs are completely spoofed, or it is done by programs installed by viruses on unsuspecting people's windows computers.
Then, to hinder that a program simply posts the data, without coming from my form, I check the referring page. Oh, easy for them to fake that, so that doesn't guarantee anything either.
Then I put a couple of extra fields in my form which are unique every time, and which both need to be given back, and need to fulfill certain criteria.
I can think of several more things to do, but let's see if that does it first. I'm trying to avoid forcing that one has to register to comment, or that one has to solve puzzles every time or something.
Anyway, it is probably safe to turn public commenting back on.