Capcha activated [Briefly...Never mind]
I begin to see why more and more blogs have capcha-style validation on their message forms.
Yes, Spam Karma 2 has been capturing spam–but because at least one valid comment was flagged as spam, I’ve been trying to check its harvest.
And the harvest is just getting too big, up over a hundred a day. I don’t know what these cretins think they’re accomplishing (one semi-spam got through, but I deleted it), but their automated forms result in way more than I’m willing to look at.
I’m not wild about capcha techniques, particularly since the image can be hard to decipher (I haven’t used this one yet), and there are accessibility issues (you can always send me email if you have trouble commenting, noting that the email is intended to be a comment; if it passes muster, I’ll add it myself). But I don’t want to turn off commenting, I don’t want to require registration, and I don’t want to spend more time checking lists of spamments than I do writing posts…
Two things have happened since then:
1. When I tried to see how Capcha was working, by using my wife’s notebook, the routine failed for some bizarre TrueType reason.
2. Checking here after three hours, it’s clear that the spam just keeps on flowing. Which suggests to me that this Capcha, if it’s doing anything at all, is downstream of Spam Karma for some reason. Which means it’s useless.
So I’ve deactivated it. For now.
One consequence: I don’t expect to keep checking the Spam Karma logs for erroneous spam capture. There’s just too many to go through, particularly when I’m away from the blog for a few days. So, if you post something and it never shows up, chances are Spam Karma didn’t like it. Sorry about that.
April 29th, 2006 at 7:03 pm
Hey Walt, it was hosed on both my machines (Mac and PC) and in 3 different browsers FYI.
May 1st, 2006 at 7:11 pm
Walt,
I occasionally track down and complain about spamming. Most legitimate hosts and ISP forbid it, and take complaints quite seriously.
For the IP address, there is a tool at
http://www.toolsforselling.com/v1/1/iplookup.htm
that will identify who is assigned the block that contains that IP. Start an email complaining about the spam posting, include the IP owner, the FTC (uce@ftc.gov, the government entity that is *supposed* to be regulsting this crap), then look at any links or trackbacks in the message. There are also online tools that will do this lookup.
iwhois.com is a quick, easy site to look up domain registration. I chain back a couple of steps. First I find the domain name in the link, and include the email address of the admin contact, tech contact (host), and registrant on the email I started.
Then I look up the domain of the host contact or name servers for the domain. That is right, I also alert my complaint to the host that leases out the offending site’s server. I include the admin and tech contacts from that domain, too.
I only do this once or twice a day, on the days that the spam annoys me. I still get spam occasionally, but I don’t get the large amount of traffic Walt At Random gets. These occasional emails seem to keep a lid on growth.
On another site, http://www.draftresource.com/, spam got so bad on the guest book I had to shut it down. The problem with automated tools is that there is no penalty for leaving my site on their list. That is one big reason I never simply delete or ‘black hole’ spam — I bounce it back to the sender. On the rare occasion that the email address is legitimate, I hope I help overflow the sender’s email and bring the improper usage to the attention of the site host.
On the complaint email — I insert ‘SPAM COMPLAINT’ in the front of the subject line.
Happy Monday!
Brad K.
May 2nd, 2006 at 12:34 pm
Brad,
Thanks for the useful information. I’ll consider it if Spam Karma starts letting stuff into the blog on a regular basis. (Walt at Random doesn’t really get loads of traffic, but somehow it seems to have attracted spammers.)