There have been some technical changes here at Matt’s Mindless Musings, inspired partly by boredom and partly by the never-ending war on spam. Unlike previous changes which added more cumbersome restrictions in an attempt to keep spammers at bay, some of the latest changes might actually make the site more friendly to casual visitors.
Previously, any feature which was likely to be abused by spammers (adding comments, emailing articles, etc.) required users to register and log on. The requirement of receiving a password via email to log on prevented spambots from bombarding me with “comments” advertising their porn, drugs, or whatever. It also discouraged an occasional visitor who may have tried to comment, but decided the procedure wasn’t worth the hassle, but the spam problem was so severe that price had to be paid.
But in the ever-escalating arms race, that tactic lost its effectiveness. The spammers programmed their bots to receive the password via email and use it to log on and dump in their comments.
So the next tactic was to require that all new user registrations be approved before they were effective. That stopped the spam, but it made the site even more unfriendly as anyone who bothered to register still had to wait. And I was getting tired of all the approval requests from the spammers.
Then the Geeklog creators came to the rescue with CAPTCHA support. Even if you don’t recognize the acronym, you may have already seen CAPTCHA on other sites. The most common implementation, and the one used here, displays some distorted text and requires the user to type in the appropriate characters, a function easy for a human yet difficult for a computer.
The first CAPTCHA support added to Geeklog was used only for the new user registration process. This prevented spammers from registering, allowing me to drop the approval requirement. It didn’t eliminate the need for requiring users to register before commenting.
Fortunately, it was soon enhanced to allow its use on other areas subject to abuse. So now visitors who don’t want to hassle with registration/logon can comment anonymously, email stories, etc. by passing a CAPTCHA test. There are still some advantages to registration/logon that anonymous users don’t get, and those who do logon will not have to face the CAPTCHA test again.
In addition to eliminating the need for registration/logon, I’ve eliminated another potential stumbling block. I had been using the Bad Behavior filter to block spammers. It was blocking a lot of access attempts, but I’m afraid not all of them were spammers. I saw some indications that looked like legitimate users had been blocked after passing a CAPTCHA test. I’m keeping my fingers crossed and hoping that some of the other new spam-blocking technology will provide adequate protection without the occasional “friendly fire” of Bad Behavior.
You may be wondering whether all this spam control is really necessary, or whether it’s just something geeks do to occupy their time. Anybody who has tried to run a blog or any type of website that allows public input without spam control could answer that question for you.
For the last couple of months, this site has been blocking about 20,000 attempts a week from a single spammer who would like to add trackbacks to this site with links to his site. Fortunately, the technology works, and not a single attempt has been successful. But without the capability to block jerks like that, this site would be totally overwhelmed with garbage.
You might wonder why he continues with his futile effort. Quite simply, because he can, and because it doesn’t cost him anything. I’m sure this site isn’t the only one he’s hammering on. I don’t know if he’s having more luck anywhere else. But it would probably be more trouble for him to check to see if any of his attempts have actually worked than it is to just leave his bots running 24/7 without any attention. And that is the unfortunate nature of spam, and why it’s such a problem. It’s so cheap and easy for a spammer to trash a site with a few hundred thousand comments, or send a million email messages, that they continue to do it regardless of whether it actually gains them anything, and regardless of how much trouble it causes their victims. But at least for now, this site seems to have a slight lead in the battle.