The advantages of a home-grown comment system
A while ago, I was investigating the possibility to move blog backend to something else; something like, say, drupal, so that I wouldn't have to maintain it too much myself.
For those who care, this blog is a very strange contraption based on subversion, blosxom, php, and a postres backend for the comments.
I've now dropped that migration thought, for a very simple reason: comment spam.
A while back, the spammers had found my blog, and started placing comments using a bot. They might think that these comments will eventually show up on my website, but that's wrong; I always moderate away spam. First, they posted a few comments. I changed a few details about the form, and the bots (who only went to the POST URL, never checking whether the form they requested was unchanged) failed miserably. Then, they posted loads and loads of comments, in a weird attempt to overrun me with comments. One psql run and one DELETE statement later, those comments were gone -- and one minor form change later, the bots failed miserably, again.
This went on for a few months, until the stupid spammer finally understood that he was wasting loads of his time in trying to post something on a website that wasn't ever going to enable his comments, anyway. Or so I thought.
You see, the thing they're really after is my pagerank. In itself, grep.be is nothing special -- but planet.grep.be is, and apparently some of that pagerank score trickles to the other grep.be subdomains. Or, at least, that's what the spammers seem to think, in case it isn't (I wouldn't know).
When the comment spam on my blog had been silent for a few weeks, I found that the spammers had found my gallery installation, and had posted some several thousand comments there. One DELETE statement later they were gone, but a few hours later some of them were back.
I don't know the gallery source code well enough to pull the same trick here (disable comments until manual moderation), and unless I want to do something like using a CAPTCHA on my gallery site (I don't) or disabling comments altogether (I don't, either), I'll just have to resort to removing these comments from the database.
At least by doing that, I can remove them all in one go. And at least the spammers are easily recognizable. For now.
Perhaps I'll have to look into changing gallery's source code after all... or, perhaps, just use something else. Sigh. Stupid spammers
Wouter, this looks like a clear case AGAINST home grown systems. At least with a Wordpress (and the likes) any spam problem you might have, has been solved many times over by the time they get to you. On top of that you have plugins to filter the spam and help the fight.
My spam filter has caught something like 240000 spam messages in the last 3 years or so. Those represent a lot of "DELETE FROM" statements...
Take care, Matt
Hey Wouter
If fear of comment spam is the only thing holding you back from moving to Drupal, check out Mollom, a free web service that helps prevent web form spam (comments, contact form submissions, ...).
Highly recommended.
I had the same problem with my gallery setup. I did enabled the captcha, but it failed
So, if you happen to change the code, I would like to give it a try