Y’all haven’t noticed it but out of the blue starting Saturday my blog has been getting blasted by spam. Usually I don’t have a problem with spam because the list of black listed words I have is extensive and unforgiving and any comment that has one of those words gets dropped with no notification to anyone; everything else comes to me for moderation.
The amount of spam got to an annoying level of several hundred messages a day and I thought I could just turn on authentication and that would solve it… Then I realized, what a pain in the ass. Why should I allow some morons to force me to authenticate people and force my viewers to have yet another userid and password that they have to remember? Â
So I realized, hey this WordPress software is… well software… and I have the source code for it… I am not a PHP coder but honestly, how tough can it be? I have learned many programming languages already, what is one more? Plus hacking existing code is much easier than writing from scratch so I took a chance and I am trying out something to stop the spam.
I looked at the comment code and decided to throw in a new checkbox for people to specify a comment isn’t spam. I don’t expect that real spam will check that box so it should block it. If it doesn’t, I expect it will be because the spam is checking all boxes so I will change the code to block the post IF the box is checked and if that doesn’t work, I will try something else. I have no doubt I can relatively easily outsmart the generic spam folks. If someone specifically targets me that will be tougher to handle but I expect that I could get them as well if I really want to.
So, when you go to leave a new comment, I am expecting you will be able to figure out what to check. If you can’t, I am not sure I actually want to see a comment from you anyway. 
Oh hmmm, I just realized I can kill my spam word blacklist too… Cool. That way if you need to post something about viagra and rohypnol you can actually do so. I was always a little concerned about comments that were getting dropped that just happened to have one of the spam key words in it but not so much I was willing to deal with the spam. 
  joe
May 31st, 2006 at 1:09 am
If only changing Outlook’s junkmail filtering were this easy…
May 31st, 2006 at 2:38 am
Crap… I want this too! My blog (which is hosted by Carlos) has been locked down because of this.
May 31st, 2006 at 10:07 am
So does your comment blacklist include phrases like “I voted for Bush…twice”?
(Guess I’ll find out in a minute, won’t I?)
May 31st, 2006 at 10:10 am
Nope, the only intelligence test I have in place is around that checkbox.
May 31st, 2006 at 11:08 am
This is really a logical extension of the evil bit. Since this is RFC, you might want to ensure you are playing by the rules.
http://www.ietf.org/rfc/rfc3514.txt
May 31st, 2006 at 3:19 pm
if it doesn’t work, try a CAPTCHA — there should be plenty of readily available plugins for wordpress comment captchas — there certainly are plenty for PHP in general.
June 1st, 2006 at 1:06 am
~Eric:
Yes, this is evil bit technology. I believe I am fully in compliance with the appropriate RFCs and State and Local Laws.
Jackass:
I am not a fan of the CAPTCHA stuff. I realize why generic solutions use them but since I am not producing a generic solution I don’t need a generic response such as the CAPTCHA. Thanks for mentioning it though.