Spamorama

August 14, 2006 @ 5:12 am

Ok, it’s finally gotten too much. I’ve been getting a steady but manageable stream of spam on this Blog for a while now, but over the last few weeks it seems that the effort by Spam bots has gone into high gear and it’s become difficult to keep up.

So, even though I’m no fan of Captcha controls, I decided I can’t afford the time to spend every day to clean up the spam mess, and so I added a Captcha control to the comment section here.

I’m using an ancient version of .Text here and I used Jeff Atwood’s Captcha control which worked great, although there were some issues I had to resolve with .Text to make it work. .Text basically doesn’t use Session State and the control requires it to pass the captcha key around. .Text works great for me and it’s well designed, but making changes to the application is not exactly trivial. The code is spread out over many different projects and a million components and finding the right place to make a change is always an adventure <g>. No different with this – I had to dig up one of the base pages and an IRequiresSessionState handler interface to the base class to make this work. Quick fix – if you know where to look <g>…

I guess I’m not the only one. I actually got inspired a few weeks back when Scott Mitchell who has run into this same situation – same old version of .Text and recent Spam attacks. Incidentally Scott also posted a nice simple comment viewer/deleting utility for .Text. Duh, now why the heck didn’t do that myself? <s> I tell you why – because I didn’t think of writing an external utiltity, but rather was dreading having to fix the existing comment list in .Text…

Speaking of dreading changes in.Text – I started building my own a while back and it’s almost ready to go, so there will be a switchover in the near future. The new blog will be link compatible with the current one so there should be no changes for most existing URLs. It’s just easier to deal with modifications on my own codebase especially now that .Text feels positively ancient with the .NET 1.1 codebase.

The Captcha Control seems to have helped. Since it's gone up none of the repeating Spam has been coming in, although there's still plenty of morons who type the ever popular:

glfghdasx

BTW, speaking of spam, I was browsing through some of my application error logs the other day and noticed an annoying trend: There seems to be more and more traffic coming in that is blindly spamming any POST link with data. One of my errors is for my West Wind Web Store’s Item Page, which has a single input field on it for the number of items to get – and I end up with a 3K link message – Hi, my name is Sasha and I like you (followed by 100 links)… Thanks Sasha – How’s about a trade: you buy that ASP.NET developer toolkit and I’ll visit your sites? Ha, whaddaya think?

We live in strange times when people try to push crap that nobody cares about everywhere. And most of these links end up on Google peppered pages. I think we have Google and the other ad pestering services (no mostly Google) to thank for this freaking mess.

If you find this content useful make a donation

Feedback for this Weblog Entry

# re: Spamorama
by Fabio August 14, 2006 @ 8:19 am

Hi Rick

About the .Text thing, do you checked SubText (http://subtextproject.com/)? Is a nice fork from SubText.

# re: Spamorama
by Bertrand Le Roy August 14, 2006 @ 12:23 pm

You know, I never looked at it this way, but you're right. Google and its brilliant (at the time) idea to rank based on links to the contents is the main culprit for that madness. If only all search engines could back up from that obviously inefficient method, spam would maybe start to disappear, but I know I'm just dreaming here. Instead, we all need to add stupid captchas that everybody hates, and that will only work until spambots learn how to read them...

# re: Spamorama
by Rick Strahl August 14, 2006 @ 1:19 pm

Yes, I've been thinking about Google's "do no evil" policy lately and Google really is an excercise in social engineering, which in my book is the most evil of all...

Google is making a killing on advertising and benefitting hugely from spam related activities because everybody is hosting Google Ads these days which is supposedly making them money. It's money for nothing so to say even if it's only a little.

# re: Spamorama
by Steve from Pleasant Hill August 14, 2006 @ 1:42 pm

Yes, Google is part of the NWO (somehow I can't buy into my gMail id and what I search on not getting co-mingled somewhere...)

It is interesting to see you use Jeff's control -- it is the very one that I intend to use shortly on a "Feedback" page. His encryption articles helped a lot too.

# re: Spamorama
by Peter Bromberg August 14, 2006 @ 5:41 pm

One little Captcha, Two little Captchas... Ah Ah Ah! I LOVE to count Captcha! This program has been brought to you by the letters S, P, A and -- M!
Cheers, good thinkin' dood!
Peter

# re: Spamorama
by Ryan Williams August 14, 2006 @ 10:31 pm

Personally, I bypassed the .Net blog engines in favor of Wordpress and the Akismet spam service. A decision I've never second-guessed.

# re: Spamorama
by Rick Strahl August 14, 2006 @ 11:50 pm

Ryan, that's fine, but doesn't work for everybody. For example, I want a blog running on my own site with my own branding and the ability to customize the thing so that is part of a cohernt Web site.

Yes I have to deal with issues like this on my own now but most of the big (ie. non-.NET <g>) engines like Blogger and WordPress are amongst the worst for usability from a visitor perspective if you ask me.

Obviously many of the big engines force logging in, in order to post comments at all, which helps keep SPAM down significantly I'd think, but it also greatly reduces the amount of input you'll get on posts... I know when I go to Blogger site for example, it's rare that I'll leave a comment because the interface to post is such a pain in the ass.

# re: Spamorama
by Ryan Williams September 01, 2006 @ 11:09 am

I was sad to miss PADNUG the other night, hope it went well.

Just to be clear, I meant the WordPress applcation installed on one's own site, as opposed to the WordPress hosted blogging site. This can be completely customized, (but does require running php).

Regardless though, my main point is that Akismet is a great spam fighting service that doesn't require a commenter to log in or complete a Captcha. I imagine non-WordPress blog engines could probably even use it, cuz comments have pretty similar meta data across all blog engines.

# Scott on Writing
by Scott on Writing November 08, 2006 @ 11:31 am