I got my first comment spam the other day. Guess I’m no longer innocent and unknowing. It was rendered harmless because all input to Bloget is HTML encoded which makes the post look silly at best and gives the spammer no reference links. Still it’s just a shame that you have to defend against these things.
This motivated me to start hacking in some basic spam protections. I’m not a fan of CAPTCHA’s which is why you won’t see one in Bloget. I’ll probably add a hook for one if someone really needs it. And besides, CAPTCHA’s not handicapped friendly. There are other measures you can take however, and without giving too much away, here are some measures I’ve recently added to Bloget.
Limit the number of comments per post. This is settable both globally and per post. It puts a cap on comments in case you have some bot going berserk on your site. Comment throttling keeps a poster from posting too often and comment aging disables comments on posts that have had no activity after a preset period of time.
All comments are emailed to the webmaster should you choose to enable it. The message indicates the posting, the comment and if it was posted to the blog. On the off chance that Bloget was too aggressive in it’s spam protection, the web master can resubmit the post. It’s a short term solution until I get to adding comment moderation.
There are other measures as well but like I said, I don’t want to give too much away.
Bloget continues to improve. I keep thinking I’m close to a first release, then something like comment spam happens and I think, “I can’t release without fixing that first.” It’s an occupational hazard I suppose. I worked with guy years ago who use to say, “There comes a time in every project when you have to shoot the developers and ship.”
One of these days soon I’ll pull the trigger. Really…