DonnaM » Blog Archive » Typekey anyone?

Typekey anyone?

I’m still being seriously swamped by spam and am thinking about how to manage it better. One option is to only accept comments from people with a Typekey token. I’m hesitant to do it as it puts the burden onto commenters rather than me, but right now I’m not even posting as I’m spending too much time deleting spam.

So I was wondering – if you are a regular reader, how would this affect you? Let me know:

  • Do you already have a typekey account?
  • Would you register with Typekey (it would allow you to comment on any blog that is using this method)
  • Would you just not bother commenting?
  • Would you stop reading all together?

Thanks!

7 Responses to “Typekey anyone?”

  1. Thomas Baekdal Says:

    - I do not have a Typekey account
    - I do not plan to register
    - Yes, I would probably stop commenting on sites that require this
    - I would still be an active reader

    I know this does not solve your situation, but a change in the commenting system would be a better approach.

    4 things your could try:
    1: Change the name of the form fields
    2: Change the name of the form script
    3: Require the email to be included
    4: Rearrange the layout of your form (place the name, email, url differently)

    …if that does not work – dynamically change the form field names and validate it.

  2. Christina Says:

    - I do not have a Typekey account
    - I do not plan to register
    - Yes, I would probably stop commenting on sites that require this
    - I would still be an active reader

  3. donna Says:

    Thanks Thomas – I’m going to change the commenting form/scripts tonight, but that will only slow things down somewhat. I already ask for an email address – that doesn’t stop spammers at all!

  4. Thomas Baekdal Says:

    Donna, I realize that requiring the email address will not stop spammers as such, but… the reason I added it was that by naming your email field something “strange” and validating that this particular field does contain an email address – then the spammer would have to change their scripts to handle your specific site (unless they identify the email field by looking at the label tag).

    My problem is that I lack detailed information on how the spammers do it. There are several ways:
    1: They submit data to your cgi script (perhaps with the added complications that they fake the header info).
    2: They have a program that actively opens the browser, and fill the form fields just like any human would do.

    For the first option they would have to index your site, and locate your commenting form and action value. This they would must likely add to their databases, so that a second script can submit data directly.

    Changing the form fields and script filename would solve this – at least temporarily. since they would have to reindex your site to start spamming again.

    Another thing that would eliminate this kind of spamming is to use sessions. Set a session when a reader enters the page – then validate that it exists in the form script. Anyone posting externally (regardless if they fake the header info or not) would be stopped.

    The second option is much trickier, since changing the script filename does nothing, but changing the field names would most likely help. The reason is that the program filling the fields, would not be able to identify the form.

    Here is another trick. The spammers most likely have some kind of program that identifies a commenting form – in some way or another. They could essentially just be looking at the type of fields on a page (so they could spam regardless of what you try to do).

    So one solution would be to change the field and script names – then javascript enkode the entire form – just like Hiveware/Automatic email enkoder (you can actually use their web form for this too). This should prevent the spammer from doing anything with it in the future (note: this is an issues in regards to the entry number (one of the hidden form fields) – so you might need to encode the first part of the form, then add the entry-id field as normal, and finally encode the rest of the form).

    Example:
    www[dot]baekdal[dot]com[slash]x[slash]encode[dot]html

    Note: Web address is de-spammer-blockified to prevent you from having to spend time approve it manually :o )

    PS: Sorry for the long post – anyway – hope it helps

  5. Bj Says:

    What you might try is what all kinds of registration services already do: use a script to generate a few distorted characters and let the user have to type those into a field.

    A machine will not be able to recognize the text, but a human will.

    Such anti-spam features do not annoy me as a user, it’s not more work than typing in 4-5 characters.

  6. Antony Shen Says:

    - Do you already have a typekey account?
    Yes.

    * Would you register with Typekey (it would allow you to comment on any blog that is using this method)
    I would, it’s far easier than registering on each individual blogs just to write comment.

    * Would you just not bother commenting?
    Fine with me.

    * Would you stop reading all together?
    No.

    You can use TypeKey account as optional, and use Scode plugin to stop spams.

  7. Susan Says:

    Is there a way you could moderate the comments from the same username (like the above commentor)? And they cannot submit the same comments?