I'd like to provide the ability for visitors to leave a comment
on my site. I've been burned in the past with a blosxom[1]
blogger that got spammed so I took it off my site.

I'm not talking about providing a web based forum or email
front-end, just a link to a comment form for blog entries or
photos etc. I'll be hand coding it.

I could establish a "members only" type approach and if visitors
wanted to leave a message they would have to be registered or
something. Wasn't sure if there were any other, simpler,
approaches or tricks.

What are the latest/current solutions or philosophies for
deterring spam hitting my comments?

[1] http://www.blosxom.com/

--
Troy Piggins ,-O (o- O All your sigs are belong to us.
http://piggo.com/~troy O ) //\ O
RLU#415538 `-O V_/_ OOO
hackerkey://v3sw5HPUhw5ln4pr6OSck1ma9u6LwXm5l6Di2e6t5MGSRb8O Ten4g7OPa3Xs7MIr8p7

On Mon, 15 Jan 2007 12:09:20 +1000, Troy Piggins wrote:
> I'd like to provide the ability for visitors to leave a comment
> on my site. I've been burned in the past with a blosxom[1]
> blogger that got spammed so I took it off my site.
>
> I'm not talking about providing a web based forum or email
> front-end, just a link to a comment form for blog entries or
> photos etc. I'll be hand coding it.
>
> I could establish a "members only" type approach and if visitors
> wanted to leave a message they would have to be registered or
> something. Wasn't sure if there were any other, simpler,
> approaches or tricks.
>
> What are the latest/current solutions or philosophies for
> deterring spam hitting my comments?

I found (the hard way) that having the comment page 1 directory lower
than the referencing page _and_ having robots.txt disallow it (the
sub-directory) keeps the sewage-sucking septic slugs from posting on it.
The reason? They probably find message boards, etc. by Googling for
them. And, your comment page will not be indexed by the search engines,
so it does the scum-sucking slime snakes no good to post on it.

The Hard Way (that I referred to above) was having _correctly_ deny'ied
(via robots.txt) only 2 out of 3 message boards built that way on a
domain I have. I fat-fingered the entry for the 3rd one. Guess which
one started getting slammed by postings from botnets? The other two
have not even seen a dead simple probe -- which usually precedes the
'payload' postings.

Of course, that ain't the _only_ tactic. Disallowing any href/http/www
references is A Damn Good Thing, too. If it does them no good they
won't pick on you -- there's too many *easy* targets out there.

Another option: .htaccess. All 3 of my message boards are/should be
USA-centric. I deny'ied by high level ip net block ranges as I saw
problems show up.

GL & HTH
Jonesy
--
Marvin L Jones | jonz | W3DHJ | linux
38.24N 104.55W | [at] config.com | Jonesy | OS/2
*** Killfiling google posts: <http//jonz.net/ng.htm>

* Allodoxaphobia wrote:
> On Mon, 15 Jan 2007 12:09:20 +1000, Troy Piggins wrote:
[snip]
>> What are the latest/current solutions or philosophies for
>> deterring spam hitting my comments?
>
> I found (the hard way) that having the comment page 1 directory lower
> than the referencing page _and_ having robots.txt disallow it (the
> sub-directory) keeps the sewage-sucking septic slugs from posting on it.
> The reason? They probably find message boards, etc. by Googling for
> them. And, your comment page will not be indexed by the search engines,
> so it does the scum-sucking slime snakes no good to post on it.

Your pronouns are truly poetic :)
I feel the same way about them.

> The Hard Way (that I referred to above) was having _correctly_ deny'ied
> (via robots.txt) only 2 out of 3 message boards built that way on a
> domain I have. I fat-fingered the entry for the 3rd one. Guess which
> one started getting slammed by postings from botnets? The other two
> have not even seen a dead simple probe -- which usually precedes the
> 'payload' postings.
>
> Of course, that ain't the _only_ tactic. Disallowing any href/http/www
> references is A Damn Good Thing, too. If it does them no good they
> won't pick on you -- there's too many *easy* targets out there.
>
> Another option: .htaccess. All 3 of my message boards are/should be
> USA-centric. I deny'ied by high level ip net block ranges as I saw
> problems show up.

Thanks for the advice, mate. I'll give that a go.

--
Troy Piggins ,-O (o- O All your sigs are belong to us.
http://piggo.com/~troy O ) //\ O
RLU#415538 `-O V_/_ OOO
hackerkey://v3sw5HPUhw5ln4pr6OSck1ma9u6LwXm5l6Di2e6t5MGSRb8O Ten4g7OPa3Xs7MIr8p7

* Allodoxaphobia wrote:
> On Mon, 15 Jan 2007 12:09:20 +1000, Troy Piggins wrote:
[snip]
> Jonesy
> --
> Marvin L Jones | jonz | W3DHJ | linux
> 38.24N 104.55W | [at] config.com | Jonesy | OS/2
> *** Killfiling google posts: <http//jonz.net/ng.htm>
^^^
By the way, your sig is missing a colon :)

--
Troy Piggins ,-O (o- O All your sigs are belong to us.
http://piggo.com/~troy O ) //\ O
RLU#415538 `-O V_/_ OOO
hackerkey://v3sw5HPUhw5ln4pr6OSck1ma9u6LwXm5l6Di2e6t5MGSRb8O Ten4g7OPa3Xs7MIr8p7