[PyCS-devel] Comment Spam in PyCS comments
Status: Alpha
Brought to you by:
myelin
Menu
▾
▴
[PyCS-devel] Comment Spam in PyCS comments
|
From: Bauer, G. <ba...@gw...> - 2005-01-19 13:40:05
|
Hi! Recently comment spam showed up in several blogs on pycs.net, so I think it might be time to do something against it. It's not a simple thing and there are no bulletproff ways, but I fear if we don't start to address this, it will only become even more ugly. A first take could make use of ideas from the OSA plugin for WordPress: - a comment form carries two hidden fields: the IP and the timestamp of the requester, both encoded. - a comment POST request must carry those two hidden fields with it - the IP of the POST request must be identical to the IP of the GET on the comment form - the POST must come in some predefined timeframe with regard to the GET (3 sec min to 10 min max is OSA default) - the POST must come with a referrer that points to the GET And some other checks that make sense, I think: - the comment mustn't contain more than 2 URLs - the IP shouldn't have more than 5 comments in a given timeframe (1 Minute?) If a comment doesn't match those requirements, it should be set to be moderated. Moderated comments should only show to the logged-in admin and should allow either to accept or reject the comment. Maybe add a checkbox "accept/reject all from the same IP" to allow mass deletion. Comment feeds maybe can show the to-be-moderated comments, too - but only if the user gives the password in the URL with an additional parameter, so feedster and friends (who happily spider comment feeds) won't show them. So the user needs to fetch the full feed with password to get a notion on what comments need to be moderated - maybe we can set up an alternative moderated-comment-feed, too. Additionally trackbacks should go into the moderation queue directly until someone figures out a better way to filter those that doesn't just use keywords. Another idea might be to make use of the fact that we run several blogs on the community server and keep a global storage of IPs whose comments went into the moderation queue and to check first against that to allow other blogs to benefit from each others. I don't think it would be a good idea to build this on the old metakit based version, so how is the status on the PostgreSQL stuff? Is the current version fully migrated? bye, Georg |
