Over the last couple of weeks, my comment-spam filter has been breaking down. Considering how basic a test it was, I'm pretty surprised it held up as long as it did; it relied on the fact that the strategy of the bots was very dumb: grab the page, parse it, and submit. It happened so quickly that it was pretty easy to distinguish from a valid comment, since rarely do real people submit a comment within a handful of seconds of loading the page. Now, as I've been expecting for some time, the bot pattern has changed to: grab a bunch of pages to parse, wait a minute or so, then post to all of them. They are even smart enough to make sure that although they are rotating through proxies to prevent IP-filtering, they always match up the proxy that requested the page and the proxy used to post the comment, so there's no obvious attack point there.
So now I've implemented another silly trick that shouldn't really work in general, but will in fact catch all of the spam that's been slipping in recently. Hopefully that will hold until I decide what my next big gun will be.
Category: Geek
Subscribe