Posted by Kromey at 1:38pm Sep 18 '09So, y'all know by now that I've recently re-re-re-re-[snip]-re-launched my blog, this time using WordPress instead of trying to write it myself from scratch.
Among many other things, one really nice perk is that Akismet is installed by default, so I have a very effective anti-spam filter to keep spammers from posting garbage on the comments.
Well, despite the fact that not one spam comment has slipped past this awesome filter of stupendous awesomeness, I've gotten tired of deleting half a dozen or so spam comments from my database every day. So I decided to take some more active steps.
I've begun writing a WordPress plugin that incorporates a couple of different DNSBLs to simply ban spammers from commenting. A DNSBL is basically a very easy way for a computer system to look up someone who's posting a comment in a giant database of spammers, which allows me to discover who is a "bad guy" before their comment is saved to the database at all. So far I'm incorporating two DNSBLs: Tornevall and Project Honey Pot.
My plugin, which is in a very early alpha stage, has been running for about 2 days now and has already stopped 13 out of 14 spam comments. This is awesome! :-)
Still have a minor annoyance to work out, though - those 13 spam comments that were stopped still went through Akismet's filters first. I really intend for my plugin to run before Akismet - there's no reason to analyze a comment's content for spam if that comment is going to be dropped right away anyways. Won't be too hard to remedy I don't think.
But that's only half of my strategy at this point. I'm also becoming a contributing member to Project Honey Pot by hosting a honey pot on my server. A honey pot is basically a trap - in this case, it's a small page filled with some legalese explaining that harvesting e-mail addresses is evil, and containing a bogus e-mail address that is monitored by Project Honey Pot. This page is only linked to via cleverly-disguised links that no human should ever see (unless they view the page's actual source code; in fact, there are 3 in this public post, but if you find 'em, don't follow 'em, or you'll be listed as a potential harvester/spammer), but your typical spambot (a computer program that just goes trolling across the web looking for e-mail addresses and pages they can post comments to) will see these links, follow them, and then become listed in Project Honey Pot's database.
I plan on continuing to enhance my anti-spam WordPress plugin to more fully integrate with Project Honey Pot. Features will include:
* DNSBL lookup of all non-logged-in commenters (Mostly done)
* Optionally add hidden links scattered across each page to PHPot honey pots
* Easy-to-use e-mail obfuscation (renders the e-mail addresses all but invisible to the vast majority of spam bots)
* E-mail addresses removed entirely when visitor is listed as a harvester or spammer
If anyone runs a WordPress blog and is interested in helping to test this plugin when it's ready to enter beta phase, keep an eye for that announcement on my blog (link below).
Among many other things, one really nice perk is that Akismet is installed by default, so I have a very effective anti-spam filter to keep spammers from posting garbage on the comments.
Well, despite the fact that not one spam comment has slipped past this awesome filter of stupendous awesomeness, I've gotten tired of deleting half a dozen or so spam comments from my database every day. So I decided to take some more active steps.
I've begun writing a WordPress plugin that incorporates a couple of different DNSBLs to simply ban spammers from commenting. A DNSBL is basically a very easy way for a computer system to look up someone who's posting a comment in a giant database of spammers, which allows me to discover who is a "bad guy" before their comment is saved to the database at all. So far I'm incorporating two DNSBLs: Tornevall and Project Honey Pot.
My plugin, which is in a very early alpha stage, has been running for about 2 days now and has already stopped 13 out of 14 spam comments. This is awesome! :-)
Still have a minor annoyance to work out, though - those 13 spam comments that were stopped still went through Akismet's filters first. I really intend for my plugin to run before Akismet - there's no reason to analyze a comment's content for spam if that comment is going to be dropped right away anyways. Won't be too hard to remedy I don't think.
But that's only half of my strategy at this point. I'm also becoming a contributing member to Project Honey Pot by hosting a honey pot on my server. A honey pot is basically a trap - in this case, it's a small page filled with some legalese explaining that harvesting e-mail addresses is evil, and containing a bogus e-mail address that is monitored by Project Honey Pot. This page is only linked to via cleverly-disguised links that no human should ever see (unless they view the page's actual source code; in fact, there are 3 in this public post, but if you find 'em, don't follow 'em, or you'll be listed as a potential harvester/spammer), but your typical spambot (a computer program that just goes trolling across the web looking for e-mail addresses and pages they can post comments to) will see these links, follow them, and then become listed in Project Honey Pot's database.
I plan on continuing to enhance my anti-spam WordPress plugin to more fully integrate with Project Honey Pot. Features will include:
* DNSBL lookup of all non-logged-in commenters (Mostly done)
* Optionally add hidden links scattered across each page to PHPot honey pots
* Easy-to-use e-mail obfuscation (renders the e-mail addresses all but invisible to the vast majority of spam bots)
* E-mail addresses removed entirely when visitor is listed as a harvester or spammer
If anyone runs a WordPress blog and is interested in helping to test this plugin when it's ready to enter beta phase, keep an eye for that announcement on my blog (link below).
The war against spam - Kromey