From: Shaun M. <sh...@ae...> - 2005-12-14 17:42:51
|
On 14 Dec 2005, at 14:29, Don Seiler wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Matthew McNaney wrote: >> Adding the no-follow rel to a link is no problem. Of course the >> author >> of the above link feels this will do little prevent spam. > > This is what b2evolution does, seems to have worked alright for me. It didn't for me with an Advanced Guestbook install. I think that once your site is known, it doesn't make a difference. The trick is stopping yourself from being known and letting the spammer know what your site is running. Googling for 'Powered by blah-blah vX.X' is how many of the spammers find a victim which is why I usually remove the attribution rather than any copyright thing. I've got mod_security rules on my servers to stop that for customers who use the more frequently spammed software without knowing what they are doing. phpBB is *THE* biggest culprit for spam and hackers and I really wish I could dissuade people from using it at all. YABBse gets close too and fixed less often. The Advanced Guestbook install I had problems with now gets zero spam just because it now asks you to enter an extra field that the spambot doesn't know about, but that's not going to work for phpWebsite in general. So, a captcha for registrations is a must. A spam flood filter that stops new users from posting spam in quick succession? Maybe have some kind of grace period / sin bin whereby new users go through approval and you can sin-bin existing ones if they abuse the site. Engadget.com, TUAW.com and the other weblogs inc. sites let you post anonymously but every post has to be approved by clicking on an email sent to you. That seems to stop most spam. Ensuring all posted form data comes from a browser and not a bot is another method used by some systems. Adding these into phpWebSite instead of into something like Apache's mod_security would be useful. Shaun aegis design - http://www.aegisdesign.co.uk aegis hosting - http://www.aegishosting.co.uk |