I’m checking the URLs; but most of the ones I get tend to have casino links in them. When I get a series of these links from the same IP or IP range, I look into banning that IP.

Comment registration can’t come fast enough.

H’m. That gives me another idea to suggest to the MT team. Let people have registered comments, but also allow unregistered comments - just with the unregistered comments, no URL dislays with their post name. That would make blogspamming kind of useless.

Absolutely. I’ve been getting many portugese rambling entries. They’re trying to generate traffic and improved ratings in google, blog trackers, et al.

I believe my spam is being triggered when I get listed in fresh.blogspot.com as a newly updated site.

I am still able to delete/ban manually, but it’s going to get worse.

I’ve seen some sites with capchas on their comments already, which are currently pretty effective at blocking hacked-together bots like this (as well as effectively blocking those with visual imparements).

I think if you just add a question below URL like this:

What is four times 5?

And just manually change it if you happen to get a spam, that’d kill most of it. It wouldn’t stop blind visitors from commenting, either.

If fake blogs are setup, and they are done real well, then you wouldn’t be able to tell the difference.

Luckily setting up and publishing to a blog is (manual) work, and most spammers seem to rely on automation

Having read one of Les’s earlier posts, I pulled down and installed Drupal, just to have a play. Ironically, my biggest complaint was that you needed to register to comment, so in the little test implementation that I did, I hacked my current comment system in there.

The register/don’t register is certainly a tough one.

I’ve been getting those the past two days, except mine point to online casinos.  Blacklisted them mighty quick.

In the past few days I’ve had over 20 “new” (i.e. not on the blacklist yet) spam comments.  One actually started at the first post in my archives and was merrily marching through them until I banned him.

I’ve also had a “fake blog” or two show up.  I ban ‘em.

D

Trying to ban spammers seems like a battle that you will always eventually lose.  Maybe comment registration will help, until people write scripts to create accounts.

Maybe it is time, as some have suggested, to make comment spamming useless.  Obfuscate the URLs they post using a redirect script.  Then, since they are never actually linked to, it won’t help their rank in google.

I’m working on a commenting system on my blog to get rid of squawkbox, which is fairly lame.  These are the features that will be built into it, from the bottom up:

1. Black list
2. Posted url obfuscation through redirection
3. Comment throttling

Eventually, if I ever have time, I might think about registration system, with each registration okayed by me explicitly.  This would allow someone to post urls that don’t get obfucscated through redirection and get around the throttle limit.

Anyone else have suggestions for what to build in?  Is there a blacklist format that I should use perhaps?

I still think the ‘human test’ is better than registration. Registration can be automated. Capchas and questions like ‘What is 7 plus three? ___’ filter out most spammers for the moment.

Capchas are only thwarted by spammers at the moment at the free-email registration level because there is enough to gain that they are worth having manual labour typing the capcha responses.

Blog comments aren’t worth it at the moment, so a simple human-check-question would go a long way.

Unfortunately, the “fake blogs take work” solution isn’t, really.  There have been cases where the scum simply copied existing blogs, redid the underlying links to point to their vile products, and then used those as the basis for comment spam.  Feh.

I got one today for a casino as well - it threw me for a second though, becasue the text was only “Just testing! Ignore please” Then I looked at the URL and email and figured it out. He only hit one entry though.

Speaking of comment registration, Wil Wheaton has something like that implemented...you have to enter a number that looks like it’s dynamically generated and placed in an image file above the comment box. No matching number, no comment.

I had someone leave comments yesterday that were not only reasonable, they were relevant to the post where they were left.

The only sign of spam was in their return address.  I don’t post addresses, so it didn’t show online - but I found it an interesting tactic.

For what it’s worth, if someone is going to read the post well enough to add something that seems useful, the dynamically-generated number isn’t going to do the trick.  It’s actually a lot faster than reading the post…