Dammit. Another burst of comment spam today. Nothing that showed up on the front page, but because the URL was innocuous (which is a bad sign of spammers getting smarter), MT-Blacklist didn't block them outright, but instead threw them into Moderation due to the comments going against an old post. Which is better than nothing by a long shot, but hardly ideal (since it means I still have to clean out the bad comments, and there's still the risk of some of it coming through if it updates a recent post).

(MT-DSBL caught a goodly number of these, but by no means all of them.)

So I'm going to be looking more seriously at added protection, either the SpamLookup package announced the other day, or MT-Approval, or both.

Or, conversely (and most easily) I could turn on comment registration through TypeKey.

Okay, let's do a poll on the latter.

Comment registration would require a commenter to, before commenting the first time, register (name and password, and an e-mail to confirm it by) with TypeKey (there are other mechanisms, but this one's already built into MT, and it's free and straightforward). If the person already has a TypeKey account, no registration would be needed.

Thereafter, when you went to comment on something here, you'd need to (through a simple on-screen mechanism) be signed into TypeKey. (it's not clear whether this is a per-boot or per-browser-session or per-visit basis) before you could put in a comment.

I've been reluctant to turn it on here because some folks dislike doing sign-ins of this sort. Others, no matter how anonymous the service is meant to be, cavil at registering in any fashion. But I'm inclined to give it a try because:

1. Comment registration is generally regarded as one of the most effective ways to block automated spamming techniques. While it's possible that someone would create a TypeKey account and then spam through that, I've not heard of this happening on a widespread basis.

2. It's the easiest and simplest and least intrusive tool (for me) to put in. No plug-ins or hacks necessary.

3. I think it has the least burden on the host servers -- determining the state of TypeKey sign-in should be trivial, and should cut off invocation of the comment module very quickly (unlike, say, MT-Blacklist, where the comment is fully entered and processed before its contents are parsed for blacklisted URLs and strings, or for age of the underlying post). I think this is the case, and, if so, that's a big argument in favor, since I'm sensitive to host burden.

4. The burden on commenters is not significantly higher (once registered) than other accepted mechanisms (captchas, preview-then-approve), and, in fact, is lower for folks who comment on multiple posts.

So, hit the poll (and, secondarily, the comments). If I get major push-back on registration, I'll reconsider, but, failing that, I'll likely implement it this weekend, at least as a test (it's easy to turn back off, too).

Filed under :: Blogging :: Spam
Link · Print · Edit · TR/G

My feeling about comment registration depends on how it's implemented. If it's implemented in a way that allows Camino to fill in the username and password for me, then it's probably so little additional effort that I won't mind. If it's implemented in a way that prevents Camino from doing this little job and in a way that makes me do the typiing myself, it might reduce the amount of commenting that I do.

Quoth AmandaHelstrom ...

Doesn't make any difference to me really.

Quoth ***Dave ...

I can't speak to Camino directly, but I believe that both the password caches of IE and Firefox, as well as Roboform, can be used to fill in the info.

Quoth ***Dave ...

An article here from a host's perspective on why they're requiring use of comment registration in MT.

Quoth ***Dave ...

On a related note, another acronym I need to start making more use of: AGATM.

Quoth ***Dave ...

A further note on the problem with MT and comment spam server loads (with some unkind words for TypeKey).

I've seen some folks have horrible problems with TypeKey, and other sites where it seems to work just fine. To the limited extent that I've used it here, it's been on the "fine" side, so I'm not concerned on that account.

I have no objection to registering.

I have no objection. If I could get it to work on my site I'd use it. As it is I've just turned comments off all together because I just got tired of never being to take a day off of comment moderating.

Sorry to hear that (as one of your occasional commenters).

Another site mentioned something I'd not thought of, i.e., most discussion types of sites (other that blogs) require some sort of registration, be it listservs or bulletin boards or forums. A few don't, but almost all do. The trick, of course, is to (a) creat content compelling enough to get new users to register to comment on it, and (b) make the "cost" of registration and use of the reg system as trivial as possible.

Quoth ***Dave ...

At this point the tally on the poll (from all four of you) is 3 people saying it will make no difference, 1 person saying it's irksome enough to comment less.

With due respect to that latter person, I'm probably going to implement it today. It should be easy enough to turn on (and off) that, should it turn out to have Some Horrible Problem, I can back out fairly quickly.