photo
Jordan Sissel
geek

Sun, 23 Jul 2006

Pyblosxom comment antispam plugin

Ever since I added comments to this site, I've started getting comment spam. To combat this, I hacked together a comment management system using jquery and python. It lets me search comments and delete them via web interface.

I'm bored of deleting comments by hand. So, I wrote a little antispam plugin. This plugin creates a token that expires after a given period of time. This token is used as a hidden item in the comment form. If this token is expired when the form is submitted, the comment is rejected.

Spam seems to come entirely from solo-connection POST requests. This means that the bots don't bother viewing the page first. In theory, the bots will be using a cached idea of the form, which will be expired. We'll see how well this works.

Right now it just uses a timestamp. If that fails, I'll add other tokens such as source IP, etc. Perhaps cookies too? This should be simple to filter out, becuase the spam bots don't act anything like humans with regards to browsing behavior.

I have enabled the plugin on this site. I'll post the source when I see it actually working correctly.

Waiting for spam bots to come by is boring :(

Comments: 3 (view comments)
Tags: , , ,
Permalink: /python/pyblosxom_antispam
posted at: 01:11

3 responses to 'Pyblosxom comment antispam plugin'

John Resig posted at Sun Jul 23 02:15:10 2006...
I've got the cure-all: Just render your form using Javascript only!
$("#comments").html("<input type=''/> ....");
that'll definitely keep the spambots guessing ;)

Jordan Sissel posted at Sun Jul 23 02:33:26 2006...
That's definitely a simple way to do it!

If this timeout thing doesn't work, I'll try that next and see what happens! ;)

candice posted at Sun Jul 23 04:04:09 2006...
You can have some of my spambots! 

Some of them do request pages first, though, to thwart stuff like that.

Leave a reply

You need javascript enabled to use this form. Anti-spam efforts ongoing. Also, if the comment doesn't show up, it's because the form expired. Go back and copy your comment, reload the form, and resubmit. Apologies if this is a hassle, I'm just playing with antispam methods right now. If this insists on not working, please email me about it.

Name (required)
E-mail (optional, if you want me to be able to email you back)
URL (also optional)
Comment:

Search this site

Navigation

Metadata

Home About Resume My Code (SVN)

Articles

ARP Security Dynamic DNS with DHCP OpenLDAP+Kerberos+SASL PPP over SSH SSH Security: /bin/false Week of Unix Tools Work Efficiency

Projects

fex firefox tabsearch firefox urledit grok keynav liboverride newpsm (FreeBSD) nis2ldap pam_captcha poor man's backup Solaris audio utility xboxproxy xdotool xmlpresenter xpathtool misc scripts

Presentations

Yahoo! Hack Day '06 Unix Essentials Vi/Vim Essentials

Tag Cloud

Calendar

< July 2006 >
SuMoTuWeThFrSa
       1
2 3 4 5 6 7 8
9101112131415
16171819202122
23242526272829
3031     

Friends

BarCamp Kent Brewster Tantek Çelik John Resig Wesley Shields Tyler Shields

Technorati