Spam protection in s9y – issues and thoughts
Posted: Wed Feb 26, 2014 5:30 pm
Let me preface this by outlining my current “line of defense” in terms of spam protection:
1. Spamblock Bee – I only use the Honeypot feature, not the hidden captcha (see below as to why)
2. Spamblock Bayes – manual borders (60/95), learn: yes, ignore: ip, referer, trashcan: 98%
3. Spamblock – no content filter, no Akismet; moderate trackbacks: 28 days, no captchas, moderate comments: 42 days, moderate links: 3, block links: 10
I also recently reset my Bayes database and learned all comments which already are in the blog as ham. I'm not using any imported databases in Bayes. This is a rather low-traffic blog with a very specific audience, yet it seems to get quite a lot of spam.
Now I notice the following issues:
1. The hidden captcha in Spamblock Bee sometimes fails for human users (i.e. valid comments). If that happens, the log file states “1 != ?” (“?” in fact being the infamous black diamond question mark character) which I believe indicates some issue with UTF-8 encoding. This is especially bad since Grischa as the original plugin maintainer is M.I.A. at the moment.
I've had at least one valid comment and one valid contact form email fail to this behaviour in 2014 (that I know of) which is why I've disabled the hidden captcha.
2. Spamblock Bayes is not working at all right now. All comments which are not caught by the Honeypot feature of Spamblock Bee go directly to the standard Spamblock plugin, although Spamblock Bayes is placed before standard Spamblock in the plugin list. I have no idea why.
3. Actually, I get most of my blog spam through the contact form. As far as I know, at least some of the spamblock features should work on the contact form as well (I know captchas do, but I really don't want to use captchas), but I'm not sure which ones. Bee does, but do Bayes and Standard as well?
4. Even though I set Bayes to ignore ip and referer, the Bayes database seems to include them. At least it has some entries for ip and referer. Are those ignored in Bayes' analysis and kept in case I ever remove them from the ignore list?
Apart from my current issues (which might just as well be because I don't understand the various spamblock plugins and their settings properly) I think this is an area in s9y which has room for improvement. I'm not a new user, and I have been using these plugins for quite some time now, yet I still don't think I really understand them. I reckon this must be utterly confusing for new users.
YL
1. Spamblock Bee – I only use the Honeypot feature, not the hidden captcha (see below as to why)
2. Spamblock Bayes – manual borders (60/95), learn: yes, ignore: ip, referer, trashcan: 98%
3. Spamblock – no content filter, no Akismet; moderate trackbacks: 28 days, no captchas, moderate comments: 42 days, moderate links: 3, block links: 10
I also recently reset my Bayes database and learned all comments which already are in the blog as ham. I'm not using any imported databases in Bayes. This is a rather low-traffic blog with a very specific audience, yet it seems to get quite a lot of spam.
Now I notice the following issues:
1. The hidden captcha in Spamblock Bee sometimes fails for human users (i.e. valid comments). If that happens, the log file states “1 != ?” (“?” in fact being the infamous black diamond question mark character) which I believe indicates some issue with UTF-8 encoding. This is especially bad since Grischa as the original plugin maintainer is M.I.A. at the moment.
I've had at least one valid comment and one valid contact form email fail to this behaviour in 2014 (that I know of) which is why I've disabled the hidden captcha.
2. Spamblock Bayes is not working at all right now. All comments which are not caught by the Honeypot feature of Spamblock Bee go directly to the standard Spamblock plugin, although Spamblock Bayes is placed before standard Spamblock in the plugin list. I have no idea why.
3. Actually, I get most of my blog spam through the contact form. As far as I know, at least some of the spamblock features should work on the contact form as well (I know captchas do, but I really don't want to use captchas), but I'm not sure which ones. Bee does, but do Bayes and Standard as well?
4. Even though I set Bayes to ignore ip and referer, the Bayes database seems to include them. At least it has some entries for ip and referer. Are those ignored in Bayes' analysis and kept in case I ever remove them from the ignore list?
Apart from my current issues (which might just as well be because I don't understand the various spamblock plugins and their settings properly) I think this is an area in s9y which has room for improvement. I'm not a new user, and I have been using these plugins for quite some time now, yet I still don't think I really understand them. I reckon this must be utterly confusing for new users.
YL