Brief theory (November 23, 2004)

Come to think of it, what I’d like to see in comment spam detection next is this algorithm: whenever three comments are submitted within an hour, and all three contain the same URL, add the full hostname in the URL to the spam filter list and notify me.

Yeah, it’s open to denial of service, but it’s a weak DoS in that anyone who’s denied service can get around it easily by not posting URLs with that hostname. And there are significantly more spammers than there are people carrying out DoS attacks on my comments.

Comments

I'd worry about the frequent commenter to your blog who has their personal URL saved in the URL field, who just happened to be moved to comment several times in an hour -- but I hear you. :)

Posted by: Fred at November 23, 2004 2:37 PM

Heh. True. It's a better solution for me, who doesn't get many comments... I could screen out a lot of spam by just looking at the text field, mind you, and not the URL field. Hm.

Posted by: Bryant at November 23, 2004 2:59 PM

Sounds like an awfully good idea. And simple if you only look in the text comments.

Posted by: Arref at November 23, 2004 3:12 PM

The only commenter who posts multiple times in an hour is me, and I don't have a URL.

Posted by: t. rev at November 23, 2004 5:53 PM

Post a comment










Remember personal info?


Subscribe to this comment?
Yes




To subscribe to this thread without commenting, enter your email address here:

Trackback URL for this entry: http://popone.innocence.com/mt/mt-tb.cgi/1914