[thelist] PHP comment spam

Matt Warden mwarden at gmail.com
Sat Dec 24 08:38:38 CST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul Waring wrote:
> I'm getting an awful lot of spam to my blog at the moment, but because
> I wrote the system myself there's no built-in comment spam prevention.
> Does anyone know of a good PHP function/class that I can pass the
> comment text to and get a "spam score" (a bit like SpamAssassin does
> for email), which I can then use to decide whether to accept, moderate
> or delete the comment? I don't really want to try and pull the comment
> spamming code out of something like WordPress as it's probably too
> integrated with the rest of the system.

But it wouldn't hurt to take a look at WP does it. I get *zero* spam
comments that get auto-approved, using the combination of these options
in WP:

1) comments with greater than X links in it are automatically deleted
2) comments posted by an author who has not had a previous comment
approved are put in the moderation queue

I am not sure of the details of #2 (it's probably based on email
address, which is required but not visible on the site).

Anyway, #1 would be easy for you to implement. You could also calculate
a ratio of how much of the comment is linked text and how much is
unlinked text. I don't think you can get by without using a moderation
queue.

Your other option is to use CAPTCHA (the type-what-you-see-in-the-image
stuff), which will probably hold of spam robots for quite a while. You
just have to make sure you get a CAPTCHA system that produces images
that your human users can read (sometimes CAPTCHA systems generate
random disfigurements and make it impossible to read by both human and
computer).

- --
Matt Warden
Miami University
Oxford, OH, USA
http://mattwarden.com


This email proudly and graciously contributes to entropy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDrV1urI3LObhzHRMRAjOTAKCof/jTaG4limJiVhCjTP3qLGr1lQCg9e7R
UzO5MJ/TjmTozWDfzOY9op4=
=MGEu
-----END PGP SIGNATURE-----

More information about the thelist mailing list