Friday, December 02


Turtles Turtles Turtles

You know you want to.

P.S. Turtles!

Posted by: Pixy Misa at 11:52 PM | Comments (11) | Add Comment | Trackbacks (Suck)
Post contains 10 words, total size 1 kb.

1 Wait....I was recruiting. What do we do?...Did I miss a memo?

Posted by: The Brickmuppet at Saturday, December 03 2011 02:38 PM (DOX7h)

2 If you hadn't already gotten me on a previous drive, I would have succumbed this time.

Although I don't think the spammers are likely to play.  Well, spammer (singular so far) since it's obviously the same IP.

Posted by: Hypozeuxis at Saturday, December 03 2011 04:27 PM (5eWak)

3 Years ago when I was running a site that was getting spammed I used JS to create a hidden form field; the code would silently drop the submission without it.  So far--probably 5 years later--as far as I know it's still effective.  So that it would help trick the spammers, the only thing that didn't happen was the insert into the DB.  Don't know if the spammers are smarter yet, but a simple trick like that might continue to work.

Posted by: RickC at Sunday, December 04 2011 09:28 AM (VKVOz)


J Greely has a trick like that he uses on his site. When you hit the "post" button, some Javascript runs and redirects you somehow. I don't remember the details; the point is that if the Javascript doesn't run, then instead of your comment being posted, you are automatically blacklisted.

Those kinds of things can work pretty well, but only if they're rare and obscure. If they become widespread then the spammers will change their spamming code, and then they don't work any more.

The only thing I know of that does really work and will keep working is captchas, even though everyone hates them. Handled properly, spambots can't fool them.

Posted by: Steven Den Beste at Sunday, December 04 2011 10:37 AM (+rSRq)

5 Brickmuppet, I saw your recruitment post and thought I'd pitch in too.

RickC - yeah, I have a hidden form field, and even a decoy form. It helps, but it's not perfect.

Steven - yep, I didn't want to do Javascript tricks in my original deployment, but these days it's probably not going to cause any problems.  If you turn off Javascript, 98% of the web will break anyway.

Posted by: Pixy Misa at Sunday, December 04 2011 10:38 AM (PiXy!)

6 Completely off-topic, but... whatever happened to Trixie's posts?

Posted by: Wonderduck at Monday, December 05 2011 02:14 PM (2YMZG)

7 They're in the system, but the far-future dates give it indigestion.

Posted by: Pixy Misa at Monday, December 05 2011 10:43 PM (PiXy!)

8 My trick is simply to use JS to replace the POST URL for the form. So, anyone grabbing the raw HTML (directly or out of Google's cache) will fail, and my log-scanner sees your attempt to reach that URL and adds your IP address to the firewall's block list for a while. It's quite effective, largely because it's different from what other people use; no one is going to go to the effort of customizing their tools to get past it, because the payoff is too small.

A less-severe alternative would be to have the non-JS version of the form force moderation or extra spam checks. I've been thinking about switching to that method when I upgrade my server, and adding randomization to both the JS and non-JS URLs, so that, say, today /post/43wrdfvk works and /post/tg34grtg fails.


Posted by: J Greely at Tuesday, December 06 2011 10:43 AM (fpXGN)


My trick worked probably because the site was relatively low volume; I don't think there was much payoff, and we didn't get much spam.

My goal was to get the effect that I wanted with minimum effort, and it worked.  I don't run the site any longer, and I don't bother to read the public-facing forums so I don't know if it is still effective, but I had plans for several other tiers of countering.

Posted by: Rick C at Wednesday, December 07 2011 01:20 AM (fXrun)

10 Pixy, any chance of getting a link to them?  I remember them being quite entertaining.

Posted by: Wonderduck at Saturday, December 10 2011 03:04 PM (Nf6le)

11 Sure, I'll dig 'em out.

Posted by: Pixy Misa at Saturday, December 10 2011 06:00 PM (PiXy!)

Hide Comments | Add Comment

Comments are disabled. Post is locked.
49kb generated in CPU 0.0195, elapsed 0.3572 seconds.
56 queries taking 0.349 seconds, 348 records returned.
Powered by Minx 1.1.6c-pink.