Best way to implement iteration over objects?

Duplicated code/design pattern missed?

Basic comment spam protection

October 12th, 2003 | Site related

Having less Internet access at the moment than usual, and with an increase in comment spam on this blog, I’ve implemented basic comment spam protection, to prevent bots from posting comments. It’s just using .htaccess/.htpasswd protection for mt-comments.cgi. Hopefully it’ll work :-)
If anyone’s interested, here’s the .htaccess file I put in my cgi-bin/mt directory (I tried putting it in the web root directory but it didn’t work - anyone know why?)

bc. AuthName “To prevent comment spam, please authenticate using: Username: **** Password: ****”
AuthType Basic
AuthUserFile /web/reywob/.htpasswd
Allow From All

require valid-user

I’d like to improve it to have a different/random username/password each time, as this would mean the bots would have to “learn” it every time; however, I can’t see a 2-minute way to implement this; and besides, it would be a pain while posting comments :-)
h3. Update

Well, it’s been running for 4 days now, and no comment spam has appeared, which is a great improvement on before. Therefore I conclude that it is effective, subject to long-term distributed studies being carried out. _(can you tell I’ve had too many reports to write??)_

11 comments ↓

#1 Junkeater on 10.19.03 at 10:26 pm

Sounds like a pretty good idea. We have developed a guestbook spam protection system as junkeater.com and recently expanded our scope to weblog comment spam. So just in case the spammers find a way around your password protection you may want to consider junkeater as an alternative.

A sample weblog using junkeater can be found at http://www.junkeater.de/blog

#2 Peter Bowyer on 10.20.03 at 2:36 pm

Hmmm. Do I count your comment as spam ;-)
I’ll let it through though as you’re promoting a free tool, but when I first read it I did wonder…

#3 Christoph C. Cemper on 12.26.03 at 12:59 am

Hi,
did you already try MT-Blacklist? This plugin by Jay Allen really saved me a few hundred spam comments on my blog already!
merry xmas,christoph

#4 Daniel Harik | Random Selfishness on 03.13.04 at 12:39 pm

Comment-Spam Protection

I was too lazy to implement something againt comment-spam, but spam comments were coming and coming, around 50 in total, finally today I add some protection of automated comment spam. I used Peter Boweyer’s idea, the solution is quite simple, but effec…

#5 Paul on 12.15.04 at 3:54 pm

Testing the filter.

#6 Mike on 12.28.04 at 5:39 pm

What about PEARs Auth_HTTP? ;)
Cheers

#7 Peter Bowyer on 12.28.04 at 5:48 pm

Mike: how would that relate/help/whatever??

Am interested, given the recent problems :-)

#8 PAStheLoD on 12.29.04 at 11:28 am

Nice idea, and combined with a little PHP, u can always modify the .htpasswd file , if the server allows this, of couse.

#9 Peter Bowyer on 12.29.04 at 12:50 pm

It certainly works. Of course it doesn’t kill trackback spam, and I haven’t worked out how to handle this (apart from turning off trackback for old entries).

Maybe because the idea’s so simple it didn’t occur to others ;-)

#10 giełda samochodowa on 08.22.05 at 7:48 am

Hi, I had also SPAM problem and I installed mt-blacklist! It’s a great comment-spam-filter! I use it for weeks and am perfectly happy with it.

#11 What is Spam? on 04.22.07 at 6:27 pm

@Christoph C. Cemper:
You should be careful with blacklists, as I’ve seen one recently that filtered on .biz. Sure, there’s a lot of junk there, but you can’t just ignore the whole TLD. Review the lists you download very carefully, and blacklist on IP, not domain name.

Leave a Comment