Home General support

Flooding of spam comments

slaattnes Member
in General support
I have zenphoto installed on a rather big web site with a lot of albums and zenpage texts. Every now and then the site are flooded with spam comments from different ip addresses. The attack usually lasts about 4-5 hours and results in around 100-200 comments with urls to porn and such.

Luckily the simple spam filter works great but to be sure no serious comments get discarded I have the forgiving function on. That leads to some work with looking through the spam comments though.

What I'm wondering about is why do this attacks start in the beginning? I guess they come from some script or program that picks the web site from google or something. Can something be done to hide the web site from such flooding programs? The url is trondheimkunsthall.com. It's a web site focusing on Norwegian contemporary art so it can't be very visible on google for the non-art interested people:-D

Best regards from a very happy zenphoto user!

Comments

  • kagutsuchi Member
    Unfortunately, there's no real way to hide a website on the internet. Spam bots will find it eventually if they can, and differentiating human from bot can be quite a tricky task.

    If you're finding that the simple spam filter isn't meeting your needs, there are other spam filters in the extensions section of the website that might further your protection and help alleviate the problem. However, no implementation will be perfect, so there will always be some level of vigilance necessary to prevent spam.

    I haven't looked at your website, but one other precaution you could take is to only allow registered users to comment. If anyone can comment, it will be significantly easier for spam bots to do what they do best.

    One other thought: I haven't looked through the `comment_form` code, but one common way of blocking spam bots is to use a hidden form field which is initially unchecked. Since spam bots do not (usually) use graphical browsers, they will unknowingly check the hidden field, thus disabling the comment form. The only caveats with this method are that not all spam comes from bots (though most does, in my experience) and not all actual users use graphical browsers (the hidden field would need to be denoted to these users so that they do not unwittingly deactivate the comment form).

    Another common way is to use an extra question, such as "What is the name of my website?" at which most bots will fail to answer correctly.
  • sbillard Member
    You can also enable the Captcha
  • slaattnes Member
    I finally used the captcha plugin:-) But I have one question. Is it possible to hack the code so the captcha check is not case sensitive?
  • sbillard Member
    No, but since you can specify the allowed characters why would that be needed?
  • slaattnes Member
    :-p I did not see the string. Thanks!
Sign In or Register to comment.