Comments on: A few blog changes, including no preview captcha
Have you ever been annoyed posting comments to this blog? Well, I have, and I wrote the code.
Over the last few days on the R3 blog, while discussing context self reflection, I think the strictness of the comment mechanism got in the way for many of us.
So, a couple minor improvements have been added:
- If you submit a comment, you don't need the captcha to preview your submission, only for posting the final comment.
- With the captcha addition, I've dialed down the abuse detectors, including the submission timers and link counters. Let's see how it goes.
Please watch for new abuse. To report it, click on the weekly or monthly comment review to mark the offending comments. Thanks.
Carl, I don't know why you don't have a registration system. That whay you just ask a question and use a drop down with a few different answers when a new user first registers. Then people can just log in and not even worry about a captcha thereafter.
Why not use an API like typepad's anti-spam ?
A simple help would be to automatically mark an item as spam, if a specific word, like "essay" or "loan" occurs in it. Phrases too. Such a phrase list would be easy for Carl to maintain. The scan would occur right on submit.
Furthermore, there could be two comment listings: One with marked spam and one where marked spam is skipped. Then we can choose what to see.
The spam marking and removal mechanism would just work like usual.
About registration systems: They take time to code and once they are compromised, you have to redo the machinery or patch it and thus begins the endless battle with a spammer.
BTW, it seems that spamming mechanisms won't post under known people's names. So, keep a list of approved names that will skip the spam detection mechanism. This could be done using a "really not spam" mechanism that we help eachother maintain.|
Henrik, you nearly caught yourself out there... :)
According to your first post you would have stopped yourself from posting if it had detected the key words you mentioned that would have removed the post...
Carl, thank you for the changes. I've had trouble in the past, and this submit routine is much more pleasant :) Can we have the code? Please :)
Henrik, cool idea to have two views - user's choice to see potential spam. Just include a "remove spam" link in the default view.
Well, my original note was about making the comment "input flow" easier. I see Nick likes it (thanks), and I hope others do too.
It's funny... I've been fighting spam with a wide range of algorithms over a number of websites for a long time, so I know it a lot more than I prefer. And each year I see spam engines get a little more devious and clever. (When we started using web forms, there was no web-spam at all, but we knew it would eventually come to be.)
The latest "state of the spam mal-art" will use your names and your content... but buried within is a link, the main purpose being to improve their search ranking. (We had one this week that honestly looked like a real posting until I examined the link itself.)
I've wanted to keep this blog open, meaning no account is required. I know that's a bit naive in today's web environment, but when I post messages on other sites, I appreciate not needing an account. Just keeps things simple.
Graham suggests the TypePad API, but whenever we've used third party solutions, they have always ended up as a big problem... because the provider shuts down, moves, goes commercial, becomes incompetent, changes the API, makes it too complicated, requires specific Linux libs, or some other problem. You get the idea. A few lines of REBOL takes a lot less time.
However, in conclusion, I do recognize that I'm swimming upstream. When you have an open system, despite your best efforts, it will always erode. Eventually, we will need to switch to an account-based submission method, or at least require such a method for known/registered names, as it prevents spoofing too.
Just checking how it works now. Yes, looks more comfortable, thanks. If this captcha becomes too easy, how about using a REBOL expression yielding a value to paste into the POST field?|
It looks like it is one line of REBOL to call the rest based API. The API is open source and uses an adaptive algorithm to learn from spam reported elsewhere. Typepad say it is free and will remain free.
So far 15 trillion spam comments have been blocked. And no need to type in blog ids.
Ladislav: good idea.
Graham: could be useful, can you post the one line?
Ok, not one line then because url-encode is not a standard mezz. If you change the author to vi a gra - test - 123 with the spaces removed it will return true.
url-encode: func [
"URL-encode a string"
data "String to encode"
new-data: make string! ""
normal-char: charset [
#"A" - #"Z" #"a" - #"z"
#"(at)" #"." #"*" #"-" #"_"
#"0" - #"9"
if not string? data [return new-data]
forall data [
append new-data either find normal-char first data [
rejoin ["%" to-string skip tail (to-hex to-integer first data) -2]
"user_agent" "REBOL/2.7.7 | Akismet/1.11"
"comment" "this is spam"
probe do create-data: has [ data ] [
data: copy ""
foreach [ var dat ] post-data [
append data rejoin [ var "=" url-encode dat "&" ]
head remove back tail data
read/custom api reduce [ 'POST create-data ]
Ok, thanks. This should be interesting.
BTW, you wouldn't happen to have a good search engine REST API that covers the entire REBOL.com website? Google and Bing are both falling flat with standard search. (Yes, sitemaps have been provided.)
Ladislav: I use a REBOL expression in my registration form at http://rebol.thruhere.net:8000/registration.rsp and this pretty much guarantees that only a REBOL user can register. Is that desirable though?
Your approach to this topic is unique and informative. I am writing an article for our school paper and this post has helped me. Thanks.
Post a Comment:
You can post a comment here. Keep it on-topic.