[94278] in North American Network Operators' Group
Re: Comment spammers chewing blogger bandwidth like crazy
daemon@ATHENA.MIT.EDU (Jason Frisvold)
Tue Jan 16 11:58:45 2007
Date: Tue, 16 Jan 2007 11:55:07 -0500
From: "Jason Frisvold" <xenophage0@gmail.com>
To: "Simon Waters" <simonw@zynet.net>
Cc: nanog <nanog@merit.edu>
In-Reply-To: <200701160926.43655.simonw@zynet.net>
Errors-To: owner-nanog@merit.edu
On 1/16/07, Simon Waters <simonw@zynet.net> wrote:
> This is the same issue as the email spam issue. Identify by source, or
> content. Just as content filters are error prone with email spam, they will
> be error prone with other types of content.
Agreed, but the average end-user has not been subjected to the long,
arduous, usually fruitless task of requesting their IP be removed from
a DNSBL. So what's the alternative? Popping up a page to allow them
to be removed from the list? While this may work, getting an IP
removed generally takes days, if not weeks. By that time, any comment
they wanted to post would be irrelevant.
You could mark that particular comment as moderated and check it by
hand, but then the spammers will adapt and "go through the motions"
with every comment, making moderation difficult if not impossible.
> I think either approach is viable, as long as the poster has an immediate
> method of redress. ("My IP is clean" works, and scales, "this URL is safe"
> works but doesn't scale, "this post" is safe is viable). In each case you
> need to make sure the redress is protected from abuse, so some sort of
> CAPTCHA is inevitable.
Hrm.. captchas have their own set of problems. Accessibility,
confusion, etc. Not that they don't work, but if you make the captcha
readable enough for humans, then it's inevitable that an OCR program
will be able to identify it as well. There has been some progress
with alternative captchas that require some thought on the user end,
but in the end it becomes frustrating.
--
Jason 'XenoPhage' Frisvold
XenoPhage0@gmail.com
http://blog.godshell.com
