How Spammers Limit Platform Choice

By Deane Barker on December 17, 2004

Joe and I have been working with eZ publish for the last few months. It is, without a doubt, the best content management system I’ve ever used. I got more done in one week with eZ publish than I did in nine months with Documentum.

I like it so much, that I’d like to use it here, on Gadgetopia. But I can’t. Why? Spammers.

Gadgetopia racks up tons of comment spam. We’re running MT Blacklist, and it automatically intercepts hundreds of spams a day. In addition, I manually delete a couple of dozen more every day that didn’t trip the filter, but that were entered on entries more than two weeks old.

If we switch to eZ publish, I have no anti-spam solution. This is offset a little by the fact that I wouldn’t be using a “standard” comment interface, so there wouldn’t be any spammers out there with scripts written to find and enter comments on an eZ publish-powered site. But what if someone wrote such a script? I’d be screwed beyond belief. I’d have to shut down commenting completely.

I could try to obfuscate the comment form as much as possible, but it’s still going to be a HTML form of some kind. And I’m quite sure that comment spamming has evolved to the point where a spammer can isolate a particular site and write a “plugin” or “profile” of the form on that site in about 30 seconds, so their script can handle that form specifically. (That’s how I would have written it, anyway.)

Even if they didn’t write a spidering script, you could put together a JavaScript-powered bookmarklet in a few minutes that would prefill my comment form and submit in one second flat. There are even Firefox plugins that will do that. Someone with that bookmarklet and an hour to kill could wreak havoc.

My only solution would be to write a Blacklist implementation for eZ publish (there are already implementations for other platforms, like WordPress), but there’s just no way I have the time to do that.

So there you have it, spammers are limiting my platform choice. I can’t afford to leave a well-marked trail through the jungle because there are dangers lurking in darkness that would finish me off for good.

Too bad. Spammers ruin everything.

Gadgetopia

Comments

  1. It might be a little annoying for the person who comments very often, but would it be that bad \ difficult to add a ‘type the random letters you see in the photo above’ dialog? The only time that’s really bothered me is when capitalization and spacing was ambigious.

  2. Would it be possible just to turn off new comments for a post after the post was two or three weeks old? You likely would get most of your valid comments during that time period anyway.

    I realize that’s just addressing the symptom, not the actual problem, but it might save you from having to sift through old posts. If you come up with a better solution, though, please post it .

  3. My web host (www.textdrive.com) is looking at doing something at the server level. I suspect that they’re not alone and that other hosting services are also trying desperately to come up with some form of effective defence, so it might be worth asking your host, or consider changing to one more concerned about the issue?

  4. I’m glad you see the large gains in productivity that can be found using eZ publish cms/cmf! Thanks for the nice words :)

    //kracker

    Billy Corgan : The CameraEye

Comments are closed. If you have something you really want to say, email editors@gadgetopia.com and we‘ll get it added for you.