New Message: Re: SPAM

webmaster at userland.com webmaster at userland.com
Sun Feb 4 14:58:47 CST 2007


A new message was posted:

Address: http://manila.userland.com/discuss/msgReader$2280

By: Tom Clifton (tclifton at es-designs.com)

It's not so much a security breach as a "feature" gone awry. But it needs fixing.

Here are some suggestions for UserLand based on my problems with comment spam in Manila and how I dealt with them.

1) Limit the length of comments (they are comments, not disertations).

2) Add a challenge that must be answered before a comment is posted. I use randomly generated simple arithmatic problems that are updated hourly.

3) Don't automatically add commenter as new members to the site. Make this optional (similar to Movable Type's implementation), with the default being No.

4) Make it easier for Managing Editors to delete comment spam (add a select all button) and actually delete the messages not just flag them as deleted.

A final note, comment spam is more than an annoyance. If left unchecked it will bring a server down. A flood of comment spam last November caused my server to freeze and require restarting every half hour. Since I deleted several thousands comment spam messages and implemented most of the measures above (1,2, and 4) the server is once again very stable and responsive.

The server is still getting hit by POST requests to add comment spam, but over 99% of these are ignored. I am still trying to figure out how one or two posts get through each week.

This is a Manila site... http://manila.userland.com/.




More information about the Manila-Users mailing list