Anti-Spam Measures

Although I haven’t been active on this blog for a couple of months, the stream of spam comments and trackbacks hasn’t decreased at all. In fact, I think it has intensified in the last couple of weeks. I don’t have the exact numbers, but I estimate that there were around 300 spam messages in the last 2 months – an average of 5 per days.

I got tired of deleting the comments, or marking them as spam for akismet to handle them, so I decided to install a few extra wordpress plug-ins to do the job for me:

  • Akismet. This plug-in is actually installed by default, but you need to activate it manually. When activated, it sends every message received at this blog to a central akismet server for analysis. Since the central server receives thousands of messages, it has the power to compare each message from this blog with thousands of other messages, and to pick up trends of comment spam in real time.
  • Bad Behavior. The ultimate gateway filter. Bad Behavior analyzes incoming http requests for common patterns of behavior that are typical of automated bots and other malicious software.
  • Challenge. This plug-in is responsible for the math challenge that you now face if you wish to leave a comment. Its purpose, like the captcha, is to verify that you really are a human being, and not an automated program.
  • Simple Trackback Validation. Some spam messages arrive as trackbacks rather than as comments. This plug-in follows a simple logic: when a trackback is received, it retrieves the web page located at the URL used in the trackback and checks if the page contains a link to this blog; if there is no link, then it is a spam message.

I could have installed more plug-ins (there are lots to choose from), but I don’t think it would change much. You might have noticed that the plug-ins listed above are all complementing each other. Each plug-in handles a certain aspect of spam filtering that the others don’t, thus I hope that by combining them together I’ll have a spam-proof filter that is stronger than each of them alone.

I couldn’t find any more plug-ins to add that won’t replicate any functionality that I already have. For example, adding a captcha plug-in for submitting comments probably won’t do much, as it replicates the functionality already provided by Challenge.

However, one might claim that there is never “too much” when fighting spam (just like there is never enough security), but that is not true. Answering both a math question and facing a captcha (and whatever else will come next) is a nuisance that hinders usability. Therefore, as a general rule, one needs to think carefully how much benefit a new plug-in provides to the system before adding it.
Hopefully with these plug-ins spam would be history, or at least it would become a manageable problem.

This entry was posted in plug-ins, spam, wordpress. Bookmark the permalink.

3 Responses to Anti-Spam Measures

  1. Jorge says:

    I like the math challenge better than captchas, but I wonder how should I parse the expression:

    Right now I got 4 + 0 x 8 = ?

    If I interpret it as if punching the keys in a calculator, the answer is 32.
    If I interpret it following operator precedence rules (multiplication before addition), the answer is 4.

    I’m going for 4, so I guess if you see my comment that was the approach to take.

  2. Yoni says:

    Hey Jorge, yes I can see your comment. Thanks :)
    I guess your question further illustrates the fact that we are dealing with humans and not with bots. Perhaps a little ambiguity is actually a blessing, because then you actually need to think.

    I was surprised by what you said about the calculator. It is true that the Windows calculator behaves oddly, as it works sequentially (i.e., it computes the result after every input). However, SpeedCrunch (KDE’s calculator) behaves as expected – it honours the precedence rules even with sequential input without parenthesis.

    So there you have it … I couldn’t resist sneaking in a little of Linux evangelism :)

  3. Jorge says:

    Well I was thinking about real physical calculators, but thanks for the plug ;-)

    I should rather say that the calculator model is the “elementary school” way of parsing expressions. I suspect that’s the only way the average person knows for evaluating them. However, you clearly have a more distinguished readership than just average people, if I am an indicator :P

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s