Wednesday, February 27, 2013

Spammers. Again.

Six comments! Six comments, at time of writing, on my last post!

And every single one of them was spam.

I can't begin to describe how much I loathe spammers. If you were to catch one, tie it spreadeagled in the sun, spread marmalade all over it and then drop a hornets' nest on its face, I would consider that a good start. These are the scum who wrecked Usenet, who ruined e-mail, who have forced search engines to adopt a war footing, and now have turned their attention to little personal blogs like this one.

But how can I stop them?

Captchas (those stupid wonky letters you have to type in, to prove you're a human) have past their window of usefulness. I often find myself stumbling over them, and I suspect that for particularly tough ones (such as Google's), computers may now be better at reading them than humans.

Moderation? That would require me to log in pretty much every day, to check for new comments. I would consider it pretty rude to leave comments hanging around for longer than necessary. And I'm a busy person, I don't have that kind of time nowadays.

Disable anonymous commenting? That would disqualify some of the people I most like to hear from, including most of my family.

Join Facebook? That would combine the disadvantages of having a non-public blog with the drawback of never hearing from my family again, to say nothing of the downside of having to log in regularly and the nuisance of giving untold insights on my life to one of the world's most evil companies.

The suggestion box is open. Even if you don't know what to do to keep spammers out, I'm always interested in innovative and painful ways of punishing them. Let your imagination go wild.

5 comments:

bahumbug said...

1. Have you investigated what automated tools blogger provides? At wordpress, akismet keeps most of the spam away. I don't think I've had any reach my blog this year.

2. What notification of comments do you get? I as a visitor can sign up for a feed, and either that or email will alert you immediately to comments. Useful with or without moderation.

3. Can you operate a hybrid policy? Whitelist people you know (starting with those whose comments you've had before), and send others for manual moderation?

vet said...

Oh lookie. Spam.

How nice.

bahumbug, I don't get any notification of comments unless I log in to my Google account and look for them. I'll look into what other automated tools Google offers.

I must admit, your blog seems to have this issue sorted: it's easy to comment, and no spam. WordPress must be doing something right.

bahumbug said...

I see your latest spam points to a page at unileon.es. That domain appears to belong to a legitimate university, who might be as keen as you keen to deal with their spammers.

Are all the spam comments anonymous? Therein might lie a route to another solution: banish or moderate comments that don't provide a verified identity (Google account or OpenID). Maybe moderate rather than banish, in case of further glitches in verification of bona-fide users.

mumsie said...

Seeing the amount of spam you're getting I'd change to using wordpress.

mumsie

vet said...

OK, so Google's options for controlling spam are:
1. Moderation. This can be applied only to posts of a certain age. I've used this up to now to make sure I don't miss comments on old posts.
2. Captchas. There is no option to be selective about when you use these: either everyone has them, or no-one.
3. Disable anonymous posts.

And that's it. Colour me unimpressed.

I decided moderation was the least-bad option, but that has a big downside: I still have to read all the sodding spam.

bahumbug - I toyed with the idea of writing to unileon.es, but - well, I spent 4 years of my life tracking e-mail spammers (through e-mail headers, with nslookup and traceroute and what have you) and sending off carefully researched reports to ISPs all over the world... and it was a tedious and thankless business even in the 1990s. Barely one report in ten got any kind of reply, and at least eight out of ten of those were form letters saying "You realise spammers fake their headers, just because it says our domain in the 'From' field that's not true, have a nice day", which meant they hadn't actually looked at my complaint at all...

Nowadays, I'll be surprised if anyone even reads reports from random unknown internet users. And even if they do, there's no realistic way of proving that the owner of that site was responsible for that spam.

(I've tried advocating for a law that allows spam investigators to audit - at their own expense - the accounts of companies advertised in spam, to determine whether they paid for the spam to be sent, and if so, apply for punitive damages. But I don't think I've yet found anyone who even understands the idea.)