Simple, effective and easy, but even more effective with some small changes

  • After one of our clients became the focus of some very heavy comment spamming (100,000s of attempted comment posts per day), even with the simple “captcha” plugin. This plugin really is dead simple to setup, completely unnoticed by normal users (except for those with no javascript) and stops a very large percentage of spammers. If you are getting hit hard and want to stop even more… a few very small changes make this plugin even better.

    Out of the box, potential spam is still stored to the DB in while the “user” is shown the no javascript support message, but marked as spam. Commenting out the line that saves comments when showing that message significantly very significantly reduced the load on our servers.

    There also appear to be some scripted spammers out there that know about this plugin, changing the field name and/or changing the key generation algorithm (like appending an md5 hash of the client’s ip address to the existing key) stopped all of those.

    Perhaps future versions could have those tricks as configuration options?

Viewing 1 replies (of 1 total)
  • Plugin Author pinoceniccola

    (@pinoceniccola)

    Thank you for your suggestions.

    Actually, these are two points I’m already thinking about. I’m aware of the DB hit when adding the comment as ‘Spam’, but it was very useful as a way of debugging as the plugin is in its first release.

    I’m also aware that spammers could implement their spambots to bypass the current secret key (I didn’t know they already do!). I run it on several busy websites and it’s doing a very good job, but I will try to hardening the algorithm by generating some footprint from server data.

    Using Client data is risky: a caching system will probably brick the plugin and comments by legitimate users will be blocked (also, administrators/moderators cannot easly realize it with no comments listed in the spam queue).

    I also wish to keep it minimal and invisible, without any configuration option, as long as I can.

    An update will follow soon.

Viewing 1 replies (of 1 total)
  • The topic ‘Simple, effective and easy, but even more effective with some small changes’ is closed to new replies.