Comments on: Simple anti-comment spam measure

By: fernando

fernando — Sun, 19 Dec 2004 00:25:35 +0000

I adore this hack!

However, it’s admiration from a far…

can you write up ecatly what code you added where? i, for one, and definitely too stupid to figure out what to do exactly…

and yet, the solution is exquisite and i would seriously dig having it on my site instead of the fiercer measures which can inadvertantly ban people who are only trying to add something.

By: CarLBanks

CarLBanks — Thu, 16 Dec 2004 21:18:59 +0000

What do I add back again? I accidentlly overwrote comments-post.php and now spam is rampant again.

By: Nathan Wong

Nathan Wong — Wed, 10 Nov 2004 03:01:48 +0000

My goal: Keep my site completely reader-less so that nobody spams it. Yay! :) Working well so far.

By: CarLBanks

CarLBanks — Mon, 08 Nov 2004 14:46:13 +0000

Sorry for triple commenting but what code do I add?

By: CarLBanks

CarLBanks — Mon, 08 Nov 2004 14:43:56 +0000

Hmm it’s giving me the wrong letter in the error message. It’s telling me today’s anti-spam letter is R but the error message says please put in C.

By: CarLBanks

CarLBanks — Mon, 08 Nov 2004 14:43:04 +0000

I like this idea.

By: Patrick

Patrick — Fri, 05 Nov 2004 17:04:49 +0000

When it was at its worst I got 10-16 spam comments a day from spam robots. But since I installed the extra text field I haven’t received any. So far it’s working – the day it gets defeated I’ll probably enhance it further.

By: minghong

minghong — Fri, 05 Nov 2004 16:09:18 +0000

If the spammer program is smart enough, it can get the XHTML file, then get the “secret letters” by using something like DOM.

Of course little spammer programs will do so…

By: Bernie Zimmermann

Bernie Zimmermann — Fri, 05 Nov 2004 14:02:34 +0000

Another thing to keep in mind is that for a popular site like yours, spammers might be willing to do a quick scrape of your source to determine what the “letter of the day” is before they automatically fill out your form and post. I think this is why using a graphic might be more appropriate. A spammer then has to either look at the graphic, or figure out what your naming scheme is for the images you use for the “letters of the day.”

I’ve been thinking about options to use on my site (yes, even though it’s not very popular and I use my own CMS I still get spammed) and have yet to decide on anything definitive. I’m leaning toward creating a bunch of graphics that contain random words (not as predictable as the 26 letters of the alphabet) and having the commenter type the word in a text field. Once a month or so I could then rename the files and update my authentication accordingly so I can always keep the spammers guessing.

Believe it or not, the work involved would be much less time consuming than scouring my blog for spam and then removing it.

By: test

test — Fri, 05 Nov 2004 13:51:07 +0000

test

By: nick

nick — Fri, 05 Nov 2004 13:33:18 +0000

I just renamed the file and then edited the one of the other comment files to go along with the renamed file and that solved ALL my problems.

By: Terry Orio

Terry Orio — Fri, 05 Nov 2004 11:39:04 +0000

Isn’t this better? http://james.seng.cc/archives/000145.html

By: Cheah Chu Yeow

Cheah Chu Yeow — Fri, 05 Nov 2004 10:26:17 +0000

Well, that is a good idea, but I doubt it will solve the problem since spammers seem to be hitting me by actually posting. At least, that’s what my access logs seem to tell me. Or maybe I’m totally off-base. I’ll find out for sure if and when another steady stream of comment spam arrives. I’m pretty sure this is only stop-gap. If it gets worse, I’ll get down to business ;).

By: Tijs

Tijs — Fri, 05 Nov 2004 10:11:26 +0000

Why not simply rename wp-comments-post.php? solves you problem right away without bothering any of your visitors…