So about an hour ago a spambot replaced the contents of my MIKE TYSON'S JUNGLE BEAT blog post with some garbage text and links. This naturally made me freak out, because I was pretty sure that random users couldn't just go around editing other users' blog posts.
After doing some research, I discovered that the reason that the spambot was able to do that was because I had made my blog post into a wiki page, so that I could link to it nicely, I guess. This is the first time that a spambot has edited our wiki.
We get a fair amount of comment spam right now that is caught by the automated spam filter, but that's happening much too late for my tastes. We must have hundreds of spambots who signed up and haven't posted anything (defeated by my email that doesn't contain a login link, perhaps), and whose accounts remain active.
Here's some stuff I'd like to do in the near future:
I've seen this doughhead,
I've seen this doughhead, testbot2 was his name?
Nah, the testbots are all my
Nah, the testbots are all my personal accounts, to test how the site looks to non-administrators. In this case I was trying to see what happened when I tried to edit the page as some random user.
OK, I've implemented all of
OK, I've implemented all of these things except the Drupal upgrade, which I'm going to do soon. Please please please let me know via email if you encounter any trouble, like suddenly finding yourself blacklisted from posting comments or something. My email is jeremy at rhinoceros catastrophes dot com. (I'm kidding to fool spambots, it's glorioustrainwrecks of course, but actually that would be a fucking great domain name.)
So Apache now IP bans all
So Apache now IP bans all spammers known to Project Honeypot? If so, then that's pretty gnarly.
It's actually a Drupal
It's actually a Drupal plugin, but yeah. It's kind of hard to test, though. If Project Honeypot has some doubts as to your spamminess, it's supposed to give you a link to apply for whitelisting.
I'm pretty much ready to
I'm pretty much ready to throw in the towel on using Project Honeypot as a basis for disallowing comments. Since I installed the plugin, it has blocked no spammers (and two spammers have been allowed to post), while GoreCore has had five comments blocked and jan_strach one. This might be OK, if whitelisting worked in a reasonable way, but it doesn't -- the default comment filtering does not supply the user with a link to add themselves to the whitelist, and when I added one in, it didn't appear to work. As well, the plugin whitelists by IP, rather than user, and none of the whitelisting functionality is exposed to administrators -- so there's no button I can push to say, no, it's cool, GoreCore isn't going to spam me, please stop eating his posts.
These problems are with the plugin, rather than Project Honeypot, but unfortunately I don't have the time or inclination right now to fix it up. I've disabled the IP filtering part of the plugin, but kept on the bit that adds an invisible link to every page for email address harvesters to wander into and get stuck harvesting fake addresses.
Think I might try Akismet next. Anyone had any experience with that service?
My user signup CAPTCHA, on the other hand, seems to be doing a decent job at keeping the site from having to send user registration emails to stupid bots. So that's encouraging.