Comment Spam

Congratulations are in order as the Mollom guys went out of beta over the weekend. Great! They did several upgrades to their service over the past weeks including improving their spam deterrents and the visual CAPTCHA.

When you settle with a free account, Mollom allows 100 legit comments to be posted on your blog a day. More then enough for most blogs. Powerusers should sign up for their Mollom Plus Service which allows 10,000 legit comments a day. Ideal for enterprise sites, businesses and community services.

You can find more information on their blog.

Over the past weeks, I turned my attention to several other priorities. But then again, I fixed several bugs in the plugin. A new version of the API documentation was released on the 15th of september. Maintainers of third party clients should turn their attention to section 9 of the API. Mollom now features an elaborate load balancing/fail over act.

Short of a few bugs, I’m trying to work out a better way of handling errors in the plugin. So a new version of the plugin is in the works and a release should be right around the corner.

Well, I adjusted some of the plugin code over the weekend. The comments’ data (name, e-mail, url, content) isn’t stored in the database anymore but embedded in the CAPTCHA form as a collection of hidden fields. As I don’t want to store the data clientside (cookies and the likes) this seems to be the best way out. The comment is saved only if the CAPTCHA test was succesfully completed.

A particular issue I face are special characters like backslashes, quotes,… things you might encounter in URL’s and such. Luckily, WordPress is quite flexible as it takes this into account during the process of saving a comment in the database. The issue I have to focus on is not breaking the HTML CAPTCHA form itself. This will probably need some extensive testing.

The new version is already protecting this blog against comment spam. If everything goes well, the moderation queue should stay empty of unprocessable spam. In fact, it changes the usage of the queue entirely: instead of an indispensable tool, it becomes an optional means to teach Mollom if a message contains spam, profanity,… You don’t need to use it, but it allows you to correct Mollom in those few cases that may slip through.

Next up: implement functionality against trackback spam. I hope to get that part finished near the end of next week so I can put out a new betaversion of the plugin.

Bon. De laatste 48 uren liggen we weer onder spamvuur. Akismet lijkt wat te falen. Nu ja, 30 berichtjes te modereren is geen groot aantal. Maar toch, het is een indicatie. Overigens heb ik willen merken dat een oude Movable Type installatie toch nog zo zijn nut heeft: als honey pot voor spammers. Ik heb met wat SQL een kleine 700 ip adressen van commentspammers weten te verzamelen. Jammer genoeg is het nogal erratisch zodat ik moeilijk hele ip ranges kan blokkeren. Voorlopig heb ik het gros in een htaccess file gegooid. Op zich is zoiets een eindeloos werkje (curse the man who invented DHCP!) en uiteindelijk blokkeert een mens het volledige interwab tot zijn website, maar voorlopig probeer ik zo de vloed een beetje in te dijken.

O ja, ik heb ook Spam Karma terug geactiveerd. Moesten er problemen zijn, mij even melden!