Home

Your premium source for custom modification services for phpBB
  logo

HomeForumsBlogMOD ManagerFAQSearchRegisterLogin

Comments November 21, 2006

It’s the little things that count

Filed under: blog — Dave Rathbun @ 8:11 pm  

One of the reasons why phpBB is a popular target for spammers is that it’s a popular board. So there’s a decent payback or incentive for spammers to figure out a way to spam the boards, as they know there are a lot of targets out there. To quote a line from one of my favorite movies…

This is what I call a “target rich environment.”

Two points to the first person that can identify the film and the person that delivers the line. :-) No fair googling either…

But this post isn’t really about phpBB, it’s about Wordpress. Wordpress is probably equally as popular as phpBB, in its own arena. I know I use it on a number of different sites. I wish it were easier to integrate the two, but so far the time I’ve spent has been marginally successful. But back to the point.

I’ve installed Akismet, and it has been a real life-saver. I can honestly say that for the past few days I’ve been seeing spam comments hit my blog at rates higher than one per hour! :shock: Really, I’m not kidding. I cleared out my spam queue at 3:00 this afternoon, and by the time I got home from work at 6:00 there were four more spams in the queue. My blog is approximately 6 months old, and in that time Akismet has blocked 865 spams.

Now here’s the best part: the blog here at the phpBB Doctor is running the latest version of Wordpress, which is presumably the more attractive target. I have several other blogs, some of which are running older versions, and they’ve not received one comment spam. Not. A. Single. One.

So what’s the key? The key, I think, is that there are millions of Wordpress blogs (just like there are likely millions of phpBB boards) and they’re all the same. So I did something tonight to make my blog different.

If you feel inclined to make a comment, you’ll notice a simple checkbox. If you click the checkbox, your comment gets saved for approval. (It still won’t show up until a blog administrator approves it.) If you don’t click the checkbox, then your comment is tossed, and I log the attempt to a file.

I am expecting… okay, let’s be honest, I am hoping that this will cut down on the number of comments that are left. Now granted Akismet has caught every single one of them, and I’m grateful for that, but as an experiment it could prove to be interesting. It’s not going to do anything about human spammers, but I’m betting that for the most part the blog spammers are still bots.

Stay tuned for details.

Oh, and if you want to make a comment, be sure to click the checkbox. :-P

5 Comments »

  1. Well, that didn’t take long. The changed code has been up for a few hours, and I’ve already had two comment spams. Neither tripped my new confirm trap. :-?

    So what does this tell me?

    It says that there is either a hole in Wordpress (hope not) or there is a problem with my code (don’t think so, it’s really quite simple) or the spammers are actually human, and capable of handling different screens. I have to say, I really hope it’s not humans. What a sad lot in life they must have, spamming blog after blog and feeling the karma of the universe bearing down on them.

    It also suggests to me that it’s not really worth trying to set up some sort of graphical CAPTCHA as the humans would likely get through that as well. Next step? Maybe a bit more devious control, in case the bot is smart enough to capture and react to a simple checkbox on the form. But that’s a project for another night.

    Comment by dave.rathbun — November 22, 2006 @ 12:23 am

  2. The same technique has been very popular in phpBB. All it takes to circumvent it is update the bot’s code…

    Another option you as a WordPress user have is to limit comments to registered users. Similar to phpBB, but a real turnoff for legitimate to-be commenters. :(

    Comment by damnian — November 22, 2006 @ 7:38 am

  3. Here’s an idea. Instead of a checkbox, make a hidden field with a key. Upon submission check the key, but also measure the difference between the current time the key’s timestap.

    Comment by damnian — November 22, 2006 @ 7:41 am

  4. I realize that the bot code can be updated, if in fact it is a bot. But that’s the point of making something different, right? And you would not expect the “bot” to have been updated within hours of experiencing the new code…

    However, based on a “behavior log” that I added, I’m also convinced that some of the spams are not from bots. Here’s why.

    I logged (in the past 8 hours) 8 additional spam comments and two legitimate comments. Removing those from the log and I see four comments that were made without clicking the checkbox (could be bot behavior, or users that didn’t read the screen). I logged 7 calls that went direct to the comment page, meaning they didn’t attempt to read the content, they just tried to post a comment. Those are either bots or humans following a script. In any case, those comments were automatically rejected via a method that I won’t reveal at this time. ;-) Your comment about the time stamp value is certainly valid; see below for details.

    The 8 comments that went through and were caught by Askimet were posted at:

    Successful comment processed on 2006-11-22 03:37:16
    Successful comment processed on 2006-11-22 03:38:07
    Successful comment processed on 2006-11-22 04:48:36
    Successful comment processed on 2006-11-22 04:48:54
    Successful comment processed on 2006-11-22 06:21:55
    Successful comment processed on 2006-11-22 06:22:18
    Successful comment processed on 2006-11-22 07:28:45
    Successful comment processed on 2006-11-22 07:29:04

    The two comments that you (damnian) posted were:

    Successful comment processed on 2006-11-22 07:38:16
    Successful comment processed on 2006-11-22 07:41:59

    First, notice that the spam comments came in pairs? So did yours. :-P Next, notice the time differential between the two comments? They are 51, 18, 23, and 19 seconds for the first 8, and 3:43 for the two valid comments that you made. The trick here is that you can’t identify the first comment as spam until the second one is made, rigtht? So if they change user accounts or anything else between the two comments (I have not researched that yet) it would be tough to identify them as spammers.

    I am more hopeful than I was last night. I blocked 7 spam comments straight out; no question they were spam. Of the 10 comments that were made, 8 were blocked correctly by Askimet and the other two were real. And there were 6 comments made that were either bots (I hope) or by users not smart enough to click the checkbox; I can live with that.

    I have added more details to the log I am capturing, it will be interesting to analyze the patterns over time.

    Comment by dave.rathbun — November 22, 2006 @ 9:24 am

  5. Another few hours past, five attempted comments, zero accepted due to various reasons. Still running an average of about one per hour though.

    Comment by dave.rathbun — November 22, 2006 @ 12:55 pm

RSS feed for comments on this post.

Leave a comment

Tags allowed in comments:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Confirm submission by clicking only the marked checkbox:

         **     

Powered by WordPress