[wp-hackers] Re: Subscribe to Comments plugin

Alexander Beutl xel at netgra.de
Sat May 10 19:33:36 GMT 2008

Yep sure - everything allright - I don't say every secret script is a hit
and will kill spam... and I don't belive in IP-Block being a protection
agains spammers. It is a protection against known spammers slowing down your
site but thats that... in my eyes.

What I ment is spam protection onsite.

Spam Karma 2 works pretty good for me - no spam did manage it onto my site
since I installed it. But they keep getting closer and closer to the border
were they would be published... I see them coming and all I can do it
setting the rules a bit tighter everytime they come too close. There is not
much room left and some of my visitors need to do an extra captcha for
varifiying they are human...

I can see the end of SK2 protecting my blog is near - it comes nearer and
nearer every single day and it trashes about 80 to 120 spam comments every
day - while about 6 per day are near being published.

I will have to write something to prevent them to do that.
There are easy ways to manage this - while I am not too sure how long it
will take them to get around that easy ways... but everything one could
imagine they will burn out if too many people are using them... we had this
discussion on this list not long ago so I think there is nothing more to add
then what Matt allready said (Attatched)

And inside the post Matt linked:

This [IP banning] is virtually guaranteed to fail in the long run, as
> evidenced by the overwhelming failure of email blacklists.

Matt wrote:

> My conclusion from this is:
> Because you do something that almost no one else does, and your site is not
> a large enough target, spammers have not yet done the trivial workaround it
> would require to get past this. If it was put into core, they most certainly
> would.
> So, continue to do this if it helps, just don't tell anyone. ;)
> From 2002:
> http://diveintomark.org/archives/2002/10/29/club_vs_lojack_solutions
> "The really interesting thing about these approaches, from a game theory
> perspective, is that they are all Club solutions, not Lojack solutions.
> There are two basic approaches to protecting your car from theft: The Club
> (or The Shield, or a car alarm, or something similiar), and Lojack. The Club
> isn't much protection against a thief who is determined to steal your car
> (it's easy enough to drill the lock, or just cut the steering wheel and
> slide The Club off). But it is effective protection against a thief who
> wants to steal a car (not necessarily your car), because thieves are
> generally in a hurry and will go for the easiest target, the low-hanging
> fruit. The Club works as long as not everyone has it, since if everyone had
> it, thieves would have an equally difficult time stealing any car, their
> choice will be based on other factors, and your car is back to being as
> vulnerable as anyone else's. The Club doesn't deter theft, it only deflects
> it.
> "Similarly, installing a secret form field on your comment form will stop
> spammers from spamming your comments, until enough people do that that it's
> worth the spammer's time to upgrade their scripts. Ditto referer hacks (just
> set the referer); ditto registration schemes (just auto-register); ditto
> time limits (just hit each weblog sequentially). Ditto ditto ditto."

More information about the wp-hackers mailing list