Comments on: A few blog changes, including no preview captcha
REBOL Technologies

Comments on: A few blog changes, including no preview captcha

Carl Sassenrath, CTO
REBOL Technologies
29-Apr-2010 18:31 GMT
Article #0473
Main page || Index || Prior Article [0472] || Next Article [0474] || 14 Comments || Send feedback

Have you ever been annoyed posting comments to this blog? Well, I have, and I wrote the code.

Over the last few days on the R3 blog, while discussing context self reflection, I think the strictness of the comment mechanism got in the way for many of us.

So, a couple minor improvements have been added:

  1. If you submit a comment, you don't need the captcha to preview your submission, only for posting the final comment.
  2. With the captcha addition, I've dialed down the abuse detectors, including the submission timers and link counters. Let's see how it goes.

Please watch for new abuse. To report it, click on the weekly or monthly comment review to mark the offending comments. Thanks.

14 Comments

Comments:

Paul
29-Apr-2010 16:06:58		 Carl, I don't know why you don't have a registration system. That whay you just ask a question and use a drop down with a few different answers when a new user first registers. Then people can just log in and not even worry about a captcha thereafter.

Graham
29-Apr-2010 20:54:39		 Why not use an API like typepad's anti-spam ?
Henrik
30-Apr-2010 1:01:33		 A simple help would be to automatically mark an item as spam, if a specific word, like "essay" or "loan" occurs in it. Phrases too. Such a phrase list would be easy for Carl to maintain. The scan would occur right on submit.

Furthermore, there could be two comment listings: One with marked spam and one where marked spam is skipped. Then we can choose what to see.

The spam marking and removal mechanism would just work like usual.

About registration systems: They take time to code and once they are compromised, you have to redo the machinery or patch it and thus begins the endless battle with a spammer.

Henrik
30-Apr-2010 1:04:48		 BTW, it seems that spamming mechanisms won't post under known people's names. So, keep a list of approved names that will skip the spam detection mechanism. This could be done using a "really not spam" mechanism that we help eachother maintain.
Luis.
30-Apr-2010 3:05:11		 Henrik, you nearly caught yourself out there... :) According to your first post you would have stopped yourself from posting if it had detected the key words you mentioned that would have removed the post...

Hmm...self reflection...

Cheers,

Luis.

Nick
30-Apr-2010 9:08:11		 Carl, thank you for the changes. I've had trouble in the past, and this submit routine is much more pleasant :) Can we have the code? Please :)

Henrik, cool idea to have two views - user's choice to see potential spam. Just include a "remove spam" link in the default view.

Carl Sassenrath
30-Apr-2010 11:52:41		 Well, my original note was about making the comment "input flow" easier. I see Nick likes it (thanks), and I hope others do too.

It's funny... I've been fighting spam with a wide range of algorithms over a number of websites for a long time, so I know it a lot more than I prefer. And each year I see spam engines get a little more devious and clever. (When we started using web forms, there was no web-spam at all, but we knew it would eventually come to be.)

The latest "state of the spam mal-art" will use your names and your content... but buried within is a link, the main purpose being to improve their search ranking. (We had one this week that honestly looked like a real posting until I examined the link itself.)

I've wanted to keep this blog open, meaning no account is required. I know that's a bit naive in today's web environment, but when I post messages on other sites, I appreciate not needing an account. Just keeps things simple.

Graham suggests the TypePad API, but whenever we've used third party solutions, they have always ended up as a big problem... because the provider shuts down, moves, goes commercial, becomes incompetent, changes the API, makes it too complicated, requires specific Linux libs, or some other problem. You get the idea. A few lines of REBOL takes a lot less time.

However, in conclusion, I do recognize that I'm swimming upstream. When you have an open system, despite your best efforts, it will always erode. Eventually, we will need to switch to an account-based submission method, or at least require such a method for known/registered names, as it prevents spoofing too.

Ladislav
30-Apr-2010 15:12:52		 Just checking how it works now. Yes, looks more comfortable, thanks. If this captcha becomes too easy, how about using a REBOL expression yielding a value to paste into the POST field?
Graham
30-Apr-2010 17:07:39		 It looks like it is one line of REBOL to call the rest based API. The API is open source and uses an adaptive algorithm to learn from spam reported elsewhere. Typepad say it is free and will remain free.

See http://akismet.com/development/api/

So far 15 trillion spam comments have been blocked. And no need to type in blog ids.

Carl Sassenrath
2-May-2010 13:04:41		 Ladislav: good idea.

Graham: could be useful, can you post the one line?

Graham
2-May-2010 16:44:41		 Ok, not one line then because url-encode is not a standard mezz. If you change the author to vi a gra - test - 123 with the spaces removed it will return true. 

rebol [
	file: %spam-check.r
	author: "Graham"
	rights: 'BSD
	date: 3-May-2010
]

url-encode: func [
    "URL-encode a string" 
    data "String to encode" 
    /local new-data
] [
    new-data: make string! "" 
    normal-char: charset [
        #"A" - #"Z" #"a" - #"z" 
        #"(at)" #"." #"*" #"-" #"_" 
        #"0" - #"9"
    ] 
    if not string? data [return new-data] 
    forall data [
        append new-data either find normal-char first data [
            first data
        ] [
            rejoin ["%" to-string skip tail (to-hex to-integer first data) -2]
        ]
    ] 
    new-data
] 

post-data:  [
"blog" "http://rebol.thruhere.net:8000/index.rsp"
"user_ip" 203.96.152.4
"user_agent" "REBOL/2.7.7 | Akismet/1.11"
"referrer"  "http://rebol.thruhere.net:8000/index.rsp"
"comment_type" "comment"
"comment_author" "Graham"
"comment" "this is spam"
]

probe do create-data: has [ data ] [
	data: copy ""	
	foreach [ var dat ] post-data [
		append data rejoin [ var "=" url-encode dat "&" ]	
	]
	head remove back tail data
]
api: http://api.antispam.typepad.com/1.1/comment-check

read/custom api reduce [ 'POST create-data ]
Carl Sassenrath
2-May-2010 16:50:31		 Ok, thanks. This should be interesting.

BTW, you wouldn't happen to have a good search engine REST API that covers the entire REBOL.com website? Google and Bing are both falling flat with standard search. (Yes, sitemaps have been provided.)

Graham
2-May-2010 17:03:17		 Ladislav: I use a REBOL expression in my registration form at http://rebol.thruhere.net:8000/registration.rsp and this pretty much guarantees that only a REBOL user can register. Is that desirable though?

buddyontobuddy
4-Jul-2012 21:40:30		 Your approach to this topic is unique and informative. I am writing an article for our school paper and this post has helped me. Thanks. learn more

Post a Comment:

You can post a comment here. Keep it on-topic.

Name:

Blog id:

 CS-0473


Comment:
 Note: HTML tags allowed for: b i u li ol ul font p br pre tt blockquote
 
 

This is a technical blog related to the above topic. We reserve the right to remove comments that are off-topic, irrelevant links, advertisements, spams, personal attacks, politics, religion, etc.

Updated 31-May-2023   -   Copyright Carl Sassenrath   -   WWW.REBOL.COM   -   Edit   -   Blogger Source Code