Sunday, August 06, 2006

victory over comment spam via moderation

I am constantly asked why I have hardened my site against intrusive attack.

People question me about why I have comment moderation. They don't like having to type an additiional several letters from a captcha, then clicking submit. Then waiting for hours to see their comment published. It's annoying. Sometimes they mis-type the letters, and have to type in a whole new character series.

Here's a fast, oversimplified explanation.

Spam Blocker.

You type in a series of letters, then the comment is saved for moderation, with an email alert appearing in my Gmail inbox.

I see the alert, click on link in it to visit moderation page, I approve any comment except UCE commericial link spam. ("Great blog, read almost entire post. Will return later. Check out my Vlagra Robocet site").

You will type and submit only once. If you do it twice, it means you typed the characters incorrectly.

If I turn off the captcha and comment mod, I'll be swamped with botspam, programs poised to inject naughty or con artist link embedded "comments" into my blogs.

If I turned off comment mod for one minute, I'll get about 12 to 30 spams. I've been through the spam wars and achieved victory only by comment moderation.

If a newbie comes around and gets offended, calling it "censorship", I don't care.

I know what I am, I am not a censor, I am a spam victor. The price I pay for keeping a clean blog? Upsetting a percentage of users.

Why fight spam so hard?

Because the links in spam can lead to con artist, criminal, pornographic, or otherwise undesirable, malicious sites.

Just clicking innocently on the embedded link is a victory for the spammer. Each innocent click counts as traffic. And simply by visiting a site, spyware, or worse, can be attached to your computer and enter your network.

No comments: