Comments on: Myqanda, Possibly A Simple Anti-Bot Solution To Fight Coment Spams?

By: Defend Against The Bot’s : How Do You Do That? : Your Online How To Source « How Do You Do That?

Wed, 24 Feb 2010 08:36:50 +0000

[...] Myqanda, Possibly A Simple Anti-Bot Solution To Fight Coment Spams … – Myqanda, Possibly A Simple Anti-Bot Solution To Fight Coment Spams? I just checked my server log between Dec 19, 2006 and today. SCode Plugin has successfully prevented 2140 comment spams, but there were 122 spams which slipped through … [...]

By: Protect Your Blog From The Bot’s : Secrets To Web Success : Internet Marketing and Consulting

Tue, 08 Dec 2009 06:46:36 +0000

By: acroatia

acroatia — Thu, 18 Jun 2009 16:03:42 +0000

very nice approach.This is very helpful to identify spammer.

By: SEO Liverpool

SEO Liverpool — Wed, 15 Apr 2009 13:54:06 +0000

Cheers for replying, we have decided to go with wordpress ourselves so any hints and tips would be welcomed gratefully.

Thanks Again
John

By: Cliffano Subagio

Cliffano Subagio — Wed, 08 Apr 2009 18:09:49 +0000

John,

I implemented it only as a Blojsom plugin with blog and installation pool of challenges, which worked very well. I didn’t get the chance to implement a public pool.

I’ve since moved to WordPress, and I’ve been quiet happy with Akismet.

When I have some spare time, I really want to revisit the idea of public pool as a service and attempt an implementation of it.

By: SEO Liverpool

SEO Liverpool — Wed, 08 Apr 2009 15:50:23 +0000

Hi Cliffano,

I noticed that this post was written a couple of years ago and that the theory behind your approach was a good one, did you ever put it to the test and if so how did it go. I’m creating a blog at the moment, which in itself takes up a great deal of time, the last thing I want to be doing is removing robot spam all the time too. Regards John

By: Jen

Jen — Thu, 05 Mar 2009 22:20:57 +0000

It never seems to fail that whenever you find a way to stop people from doing something like spamming, they always end up finding a way around it.

I have to admit though that the incidence of spam seems to be declining. At least it is for me anyway.

Good info.

By: Tina @ Low Book Sales

Tina @ Low Book Sales — Tue, 03 Feb 2009 17:43:08 +0000

Nice post. I totally agree with you. Spam comments are a real headache. There are plugins these days that block/delete spam comments. But the “question and answer” method is very useful. Simple but does the trick. Thanks for the information.

By: Cliffano Subagio

Cliffano Subagio — Sun, 11 Jan 2009 10:23:04 +0000

I agree that it’s going to be a constant battle. Reading what I wrote almost 2 years ago, now, I think that the key is neither on identifying the spams nor identifying the bots. The most important thing is on how to enable the various spam-fighting technologies to the masses.

I’m also in favor of having a bounty system for whoever can put those evil spammers in jail :p.

By: mike mills

mike mills — Fri, 09 Jan 2009 16:46:24 +0000

Lots of spam blockers start out really great, but those bots and spammers always find ways around them. It is a constant battle to stay one step ahead so that your posts do not get filled up with the nonsense.

By: Cliffano Subagio

Cliffano Subagio — Wed, 21 Feb 2007 08:13:12 +0000

I guess when it comes to hacking, the same argument could be applied to the blog server itself. It’s up to each party to come up with enough security.

Re compromising the pool data, that’s the reason why it’s better to have many pools with few challenges, rather than having fewer pools with many challenges.

I think it would be better if the spammers can’t even be bothered to compromise that many pools because it will just be a waste of time for them.

If every blog provides its own unique challenge, it will definitely be too costly for spammers. Well, until the day they come up with A.I. spambot, then it will be another ball game.

By: Martin Kautz

Martin Kautz — Tue, 20 Feb 2007 22:24:49 +0000

What happens to such a centralized pool, if it gets compromised/hacked by a spammer?

By: Cliffano Subagio

Cliffano Subagio — Tue, 20 Feb 2007 03:45:20 +0000

Great to hear that the approach has been successful for WordPress.
I might rename ‘My Q and A Plugin’ to ‘GateKeeper Plugin’ :). I’m really really bad with names.

Agreed with the fact that the approach won’t work for trackback. However, something like WordPress Trackback Validator plugin might be good enough in terms that it’s not something the spammer would want to do for all trackback spams.

I implemented similar method for Blojsom called TrackbackKeyword Plugin which checks for the existence of some keywords on the trackback page, so it doesn’t necessarily require a link back to the post.

By: Matt

Matt — Tue, 20 Feb 2007 00:32:47 +0000

This approach has also been successful in the WordPress world (wp-gatekeeper plugin) and I like it much better than CAPTCHA. One catch: This only works for comments, not trackbacks. Also if the question isn’t unique enough, it’ll be trivial for spammers to attack it. (Much easier than decoding CAPTCHA, at least.)

By: Martin Kautz

Martin Kautz — Mon, 19 Feb 2007 14:00:14 +0000

Sounds like a good aproach. Well, as long as the pool of challenges is big enough and does change the exact wording of the question often enough…

By: Cliffano Subagio

Cliffano Subagio — Mon, 19 Feb 2007 08:47:09 +0000

My initial thought was actually on ‘kindly forcing’ each blog to specify a pair of static Q and A which will push the uniqueness of each blog’s comment form (hence the name myqanda, i.e. My Q and A). But come to think of it, having a shared challenge pool would be handy for an environment with multiple blogs on a single blog software installation.

The idea of having a ‘global’ challenge pool (via a simple REST interface?) is even more interesting, but it’s not something I can pursue given my limited resources. It would be cool if some funky web company out there implements this service.

Specific to Blojsom implementation, Myqanda Plugin can easily support:
1) personal challenges (specific for each blog): configurable via blog properties
2) shared internal challenges (shared by blogs within the same Blojsom installation): configurable via bean declaration

And maybe in the future:
3) shared external challenges: pulled from public web services

By: Miles Metcalfe

Miles Metcalfe — Sun, 18 Feb 2007 15:01:44 +0000

I think this is a very interesting notion. It seems to me that it would rely on a relatively large pool of challenges, and that lazy admins don’t copy others’ pools. It occurs to me that it would be possible to provide a collaborative pool that served up random challenges via a web service.