SIDEBAR
»
S
I
D
E
B
A
R
«
The War on Spam
August 22nd, 2005 by scaredpoet

I hate spam.

Yeah, I know, the above comment is a lot like saying “I breathe air.” But I really do. Not only because it’s well, spam, and it is the epitome of everything that is wrong with humankind (greed, stupidity, arrogance, etc.), but also that because of spam, millions of lines of extra code has to be written into e-mail relay servers, web site comment forms, SMS gateways, and even blogs just like this one, to prevent a wash of useless text from Ephedrine and Viagra-mongering morons, who by the way, think that you really really need to check out their online poker site. Long ago, this site was undefended against such spam, and my “lilo must DIE” diatribe on the matter became site history.

But then relief came in the form of Dr. Dave, and his lovely Spam Karma code. I threw the plugin on, flicked the switch, and watched all of my spam related troubles disappear. No more would my blog be a free billboard for dubious pharmaceuticals intended to enhance one’s genitalia.

And all was good. Until just this morning. A good and trusted friend, and a regular site visitor, discovered that he was being blacklisted for posting comment spam. And soon, I discovered that anyone posting comments would be barred from doing so, and (albeit courteously) accused of attempting to hawk their wares.

No sir, that’s not good for business.

Thinking the database tables governing the spam filter were corrupted, I cleared the database and went with a fresh one. No dice. So I logged into mySQL as an administrator, and tried to do some manual editing.

And this is a good time to stop and inform everyone about how very dangerous it is for a person with only a basic knowledge of SQL to have root password access to the server. Right?

Right. So, after crashing the whole site, I dug up my backups and restored the database, and that brought things back up. Great! But I still had McCarthy lording over my comments.

Finally, I discovered the cause: encrypted hash payloads.

See, part of what Spam Karma does is test your browser, to make sure there actually IS a web browser viewing the page and posting the content. If it’s really a web browser, then chances are there’s a real human being behind the keyboard with something to say, as opposed to a mechanical bot that a spammer deployed to generate thoughtful pearls of wisdom about Texas Hold’em. To do this, the server sends a small mathematical problem for your computer to solve that can only be seen by the computer if the browser passes that information along. A real browser (and thus, real human being) means the server will get a correct answer back, and the comment can be approved. Pretty simple, and very transparent: the user generally doesn’t even realize they were tested to see if they were a spammer or not. That is, until it breaks.

Well, I’m not sure why, but with the recent upgrade of wordpress to 1.5.2, this new version of wordpress somehow puts the kibosh on this. The result is that all the answers to these anti-spam riddles come back wrong, or not at all. And to Spam Karma, no solved riddle equals a likely spammer. End result: everything gets trashed.

In theory, a “second chance” mechanism can be put in place known as a captcha. This is a riddle that is designed such that only a human can solve it, as it (presumably) is beyond the current level of artificial intelligence. Unfortunately, that too is broken on Spam Karma! Somewhere in the code is a bug that makes Spam Karma look for the captcha page in the root directory of the site, instead of the directory where it’s supposed to be. Joy.

So for now, both captcha and encrypted payload tests are turned off on the site, until these bugs can be fixed. There are still other “weapons” that the system has in place, such as referring to blacklists and also checking the comment history of a frequent visitor as they post new comments. Hopefully, this will keep spammers out while continuing to let legitimate comments in.

In the meantime, if anyone experiences ANY problems posting a comment here, please let me know immediately so I can take further steps to correct the problem.


3 Responses  
  • CrazedPenguin writes:
    August 23rd, 2005 at 12:38 am

    ...

    The “Good and trusted friend thing”...That just put the biggest smile on my face ever.

    And good luck with correcting the problem. I wish I could help but I’m only a script kiddie or, more to the point, a complete dumbass with coding. Good luck though.

  • Jennifer writes:
    August 23rd, 2005 at 8:43 am

    I am testing.

    I am human.

    Yay~

  • scaredpoet writes:
    August 23rd, 2005 at 10:07 am

    Humans are good! 🙂


Leave a Reply


XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>




 

»  Substance:WordPress   »  Rights: Creative Commons License