Following up on the post I just made about the BotBlock plugin, I thought I should mention that the reason I'm getting comment spam is that I turned off the DisableComments plugin on LinLog. The reason I turned it off was to test out the TrackbackValidator plugin that comes standard with LnBlog 0.8.0.

The DisableComments plugin allows you to automatically turn off replies (TrackBacks and comments) on entries older than a given number of days. Since my big problem was TrackBack spam, and it was mostly on entries that were more than a month old, I "fixed" the problem by simply setting DisableComments to disable replies after 30 days. On the up side, this stopped the flood of TrackBack spam. On the down side, it stopped all legitimate replies too.

Well, it turns out that I don't really need the DisableComments plugin as much anymore, Happily, the new TrackbackValidator plugin, which only allows TrackBacks from URLs that actually link to you, has completely solved my comment spam problem. My server access logs will show lots of TrackBack pings, but not a single spam ping has gotten through.

The only down side is that now I need to worry about comment spam on old entries.

I added a new plugin to the plugins page today. It's called BotBlock, and it's just simple attempt to keep robots from posting comments.

I wrote this because, for the past several days, I've been getting a lot of comment spam. The messages were comming in groups of two to six messages at a time, had varying content, and came from varying IP addresses. However, the general format of all the posts was the same (short fake greeting, followed by lines of URLs and two or three word descriptions) and they all targeted the same blog entry. So obviously these were either being posted by a robot or a very stupid human.

Thus I implemented this stop-gap solution. Basically, it just adds a hidden field to the comment form that contains a hash value based on your LnBlog configuration and the client IP address. When the client submits a comment, it checks this hash. If it's either missing or doesn't match the calculated value, the comment is rejected.

Of course, this depends on the bot being relatively stupid and the spammer not being motivated enough to figure out your specific configuration. A determined spammer could bypass this protection without too much effort, which is why I call this a stop-gap. However for small-time blogs like mine, which aren't worth the effort to crack, this solves the immediate problem.

Sun	Mon	Tue	Wed	Thu	Fri	Sat
27	28	29	30	31	1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
1	2	3	4	5	6	7

LnBlog

A flexible file-base weblog

Site Map

Location

TrackBack spam solved

BotBlock plugin

Post a comment

Recent Entries

Links & Articles

Calendar

Search

Topics

News Feeds