Comments and track-backs disabled after spam flood

Yesterday was the Random Oracle blog’s turn to become targetted in a track-back spam attack. Each post ended up with a handful of track-backs to articles on the same bogus blog, which appears to be nothing more than an undigested collection of random paragraphs from different WordPress blogs.

Requiring a CAPTCHA solution with each comment/track-back would have solved this problem. Windows Live Spaces (formerly MSN Spaces) has this option. It is far more effective than the alternatives of allowing public commenting or requiring authentication. The latter is not a barrier since the underlying identity system is disconnected from the real world and has no reputation attached. Spammers can register one account, use this to spam hundreds of blogs and move on to start from clean slate when the ID is black-listed. WordPress controls on commenting are primitive by comparison. Ping-backs and track-backs can be disabled, comments can be disabled or held in the queue for moderation. Finally comments can bet limited to users who had a previously approved comment, which creates a boot-strapping problem. Proof-of-work by solving CAPTCHAs is much better suited to this problem: users serious enough to comment on an article will not mind taking a few extra seconds to solve the puzzle. Spammers will give up and move on to the next blog.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s