Dealing with Spam – Follow-up

In the beginning of June, I wrote about the rising number of spam missed by Akismet. The main issue was a noticeable increase in the number of spam messages which get through Akismet, which is kind of the de-facto spam filtering for WordPress. Twice a day, on avearage, I had to manually mark comments as spam, which really got under my skin. After writing that post, I’ve looked at a number of solutions.
Continue reading Dealing with Spam – Follow-up

Something gone wrong with Akismet?

Akismet is a great spam filtering service for WordPress which did wonders for my blog. Actually, it’s quite generic and can be used with any commenting service, for example with Trac (I used this for Open Yahtzee’s Trac before reverting back to SourceForge new ticket system). For a long time, Akismet allowed me to blog and not worry much about spam, as it hardly missed – usually less than 5 missed spams a month. But something went wrong in the last three months as can be seen in this chart:

spam_chart

As you can see, the number of missed spam increased rapidly from February to May (more than 15-fold) while the number of overall spam messages decreased. I have to manually mark the missed spam and I really can’t say why some of them are missed. They are spammy as always and surely not unique in any sense.

Although it’s not a deluge of missed spam, I really don’t like dealing with, so I consider adding CAPTCHA to supplement Akismet. This will also help with my backups, because Akismet keeps all the spam messages it flags 15 days, which means that unfortunately I backup more than 20000 spam messages each week (hopefully, one day I’ll find good use for it).

Has something gone wrong with Akismet? Do you experience the same problems?

“CC Yourself” and Spam

Every good web programmer will note that the following contact form markup is probably flawed

<form>
...
    <input type="hidden" name="to" value="support@example.com" />
...
</form>

as it is likely that if the value of the “to” field changes the message will be sent to the modified address. The problem with this kind of functionality is that it allows a malicious user to send emails from your mail server. More specifically, it can allow spammers to user your benign server t send their spam (and as a side effect you might be flagged as a spammer yourself).

As this case is pretty obvious one doesn’t see many real-life uses of it anymore (but careless programmers used it more often n the past until they learned better). However one can achieve similar goals (spam-wise) by utilizing a common feature in contact forms: the “CC yourself” checkbox.

Continue reading “CC Yourself” and Spam