Spam protection

What do you think about services like Akismet?

What do you think about services like
Akismet?

(1) Why not use Phil's proposal: Bad Behavior/Bad Behaviour?
(2) We still need spam protection for the current versions! Yes, I can protect my own 'mlf' installation, but I have received a lot of spam mails sent out via your forum in the last days. :angry:

(1) Why not use Phil's proposal:
Bad Behavior/Bad Behaviour?

Looks very good! I'll test it. After the first quick look at it I wonder whether the script contacts a server where the filter rules are stored centrally (like Akismet does) or does the filter come with the script (and thus has to be updated from time to time)? (So far I only found a "whitelist".)

(2) We still need spam protection for the current versions!

Yes, absolutely! When I find a good spam protection I will also intgrate it in the current version (and also for the contact form).

Alex

[...] or does the filter come with the script [...]

OK I found the list with the user agents. But wouldn't it be easy for a spambot to put a random string as user agent?

Alex

What do you think about services like
Akismet?

Why not ...

From my point of view, the integration of CAPTCHA will at least help to avoid automatic entries. I started to integrate "eBiene CaptchaImage Maker" (http://lab.ebiene.de/?module_name=scripts) but not everything fits together currently ...

What's your opinion regarding CAPTCHA integration?

Regards/GrÃ¼ÃŸe
Stefan

What's your opinion regarding CAPTCHA integration?

I already made a well-working CAPTCHA patch to mlf month ago, but Alex showed no interest! :-|

I already made a well-working CAPTCHA patch to mlf month ago, but Alex
showed no interest!

Yes, I did! But in my opinion CAPTCHA is no good solution as it affects the usability. Therefore I'd like to implement a spam protection of which the (human) users don't take notice of. I think a central and up to date filter system like Akismet is a good approach. But at the moment I'm also testing Bad Behavior and I'd appreciate any other good idea.

Alex

Alex - I love mlf and I appreciate your work tremendously, but I respectfully disagree. CAPTCHA is a absolute necessity in today's world. I have implemented it for all submitted forms on my websites because of the tremendous rise in attacks in the last 8 months. Couldn't you at least consider making it an option for mlf?

Thanks,
James

James, I fully agree to your statements and request to Alex.

The litle change of the usability in comparism with the improvement for the webmaster is more than justifiable (even if some users not using a GUI are more or less excluded).

Stefan

I also agree. This should be an option. CAPTCHA solves a lot of issues and is not a heavy burden on the user.

How about CAPTCHA only for non-registered users?

I already made a well-working CAPTCHA patch to mlf month ago, ...

Hi "bttr" (Robert),
as my personal CAPTCHA patch is still not working with "100% performance", is your CAPTCHA patch somewhere available fit for use?

as my personal CAPTCHA patch is still not working with "100% performance",
is your CAPTCHA patch somewhere available fit for use?

Yes, it is. Simple submit a request via http://www.bttr-software.de/contact/

Hi Alex!

I use your "my little forum" script on our school's website and I like it!

About SPAM... I'm using a certain mechanism in my own guestbook script which always forces you to a first preview before it would accept any entries. I've only implemented a static hidden field which is only sent together with the preview page so no automated script (aka "bot" ) can "know" it needs to be posted, too, before the sent data will be accepted.

This mechanism can be refined by using a session ID to check and change the input's name attribute so no bot can re-use a posted form to spam a guestbook/forum/form mailer etc. because it "knows" about this hidden input field (and the name in it)...

What do you think about this mechanism? Could it help solve your problem?

Greetings from Ellwangen (Jagst) in Germany,

Felix Riesterer

I must say, I run a blog that uses Akismet, and it has caught 100% of the spam posts without necessitating CAPTCHA.

I must say, I run a blog that uses Akismet, and it has caught 100% of the
spam posts without necessitating CAPTCHA.

I'm sorry, but you seem not to have gotten my point... I wasn't referringt to any CAPTCHA mechanism and I also wasn't suggesting my solution would depend on any third-party services.

Greetings from Germany,

Felix Riesterer.

guestbook script[/link] which always forces you to a first preview before
it would accept any entries. I've only implemented a static hidden field
which is only sent together with the preview page so no automated script
(aka "bot" ) can "know" it needs to be posted, too, before the sent data

I do like this idea. To parse it out a little, here is how I understand it:

1. Comment form is filled out and submitted to the processing script.

2. If processing script does NOT find a "preview" flag

a) A random preview flag is created
b) flag is assigned to a session variable
c) the preveiw page is shown with submitted information and a hidden field that contains the preview flag.

3. If the processing script DOES find a preview flag.

a) If posted flag matches session variable, form is submitted and thank you page shown
b) If posted flag does NOT match the session variable, form is not submitted and the spammer routine is triggered

Phil

What do you think about services like
Akismet?

What I see is that spammers are always getting smarter, more aggressive, and more numerous. Captcha will not block everything because when spam stops posting, they visit your site to find out why, and then post a few test messages -- including questions to bait you into responding directly by email. Akismet and Bad Behavior cannot block these people either.

On public forums it takes a combined approach: Captcha, Bad Behavior / Akismet, ip blocking, flood prevention, keyword blocking, and member moderators.

That's a lot of work just to stop vandalism. For scripts like the comment script, guestbook, and weblog, I believe the answer is easy: all messages should be subject to approval. On the Forum, the closest equivalent would be to make the forum members-only. I wouldn't be surprised if most forums go in that direction.

Phil

I agree with what some of the posters said about CAPTCHA. CAPTCHA has been great for my forum. Not only does it deter spam, it also allows people to post without having to register which I think is a great plus.

Please consider allowing CAPTCHA as an option.

Thanks

Hi,

you konow this article, Alex?

SELFHTML: Bayesscher Filter

Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

RSS Feed of thread

my little forum

Spam protection (General)

Spam protection

Spam protection

Spam protection - CAPTCHA?

Spam protection - CAPTCHA?

Spam protection - CAPTCHA?

Spam protection - CAPTCHA?

Spam protection - CAPTCHA?

Spam protection - CAPTCHA?

Spam protection - CAPTCHA?

Spam protection - CAPTCHA?

Spam protection - CAPTCHA?

Spam protection

Spam protection

Spam protection

Felix's Preview Idea

Spam protection

CAPTCHA

Spam protection via Bayestheorem