Battling Comment Spam

January 31, 2007

Fighting comment spam seams like a never ending battle. I've done a lot over the last few years to try and squash it on my blog.

I started out by implementing a list of words that would trigger the comment to be blocked. I found myself updating this list on a weekly basis, never staying on top of it.

I solved that problem by implementing the Bayesian Filter CFC from fusionKit. The bayes filter has worked really well, and produced a suprisingly low number of false positives.

Now just over the weekend I was flodded with a ton of comment spams that were written well enough to get past the bayes filter. They were also all submitted within a few minutes, so there was no time to train my bayes filter.

I'm not a big fan of statically blocking IP addresses, since the owners of IP addresses can change over time. However I think temporary blocks on IP's are OK, so I wrote a little rate limiter that will block IP's that try to post more than 1 comment within a 5 minute time span or IP's that have attempted to post a large number of comments.

I'm sure some of you have probably experienced the same problem, so here you go:

<cfif IsDefined("application.rate_limiter")>
  <cfif StructKeyExists(application.rate_limiter, CGI.REMOTE_ADDR)>
    <cfif application.rate_limiter[CGI.REMOTE_ADDR].attemps GT 1 AND DateDiff("n", application.rate_limiter[CGI.REMOTE_ADDR].last_attempt, Now()) LT 5>
      <p>You are posting too many comments too fast, please slow down and wait 5 min.</p>
      <cfset application.rate_limiter[CGI.REMOTE_ADDR].attemps = application.rate_limiter[CGI.REMOTE_ADDR].attemps + 1>
      <cfset application.rate_limiter[CGI.REMOTE_ADDR].last_attempt = Now()>
      <cfabort>
    <cfelseif application.rate_limiter[CGI.REMOTE_ADDR].attemps GT 20>
      <p>You have made too many attempts to post a comment. Please try back in a few days.</p>
      <cfset application.rate_limiter[CGI.REMOTE_ADDR].attemps = application.rate_limiter[CGI.REMOTE_ADDR].attemps + 1>
      <cfset application.rate_limiter[CGI.REMOTE_ADDR].last_attempt = Now()>
      <cfabort>
    <cfelse>
      <cfset application.rate_limiter[CGI.REMOTE_ADDR].attemps = application.rate_limiter[CGI.REMOTE_ADDR].attemps + 1>
      <cfset application.rate_limiter[CGI.REMOTE_ADDR].last_attempt = Now()>
    </cfif>
  <cfelse>
    <cfset application.rate_limiter[CGI.REMOTE_ADDR] = StructNew()>
    <cfset application.rate_limiter[CGI.REMOTE_ADDR].attemps = 1>
    <cfset application.rate_limiter[CGI.REMOTE_ADDR].last_attempt = Now()>
  </cfif>
<cfelse>
  <cfset application.rate_limiter = StructNew()>
  <cfset application.rate_limiter[CGI.REMOTE_ADDR] = StructNew()>
  <cfset application.rate_limiter[CGI.REMOTE_ADDR].attemps = 1>
  <cfset application.rate_limiter[CGI.REMOTE_ADDR].last_attempt = Now()>
</cfif>

Permalink | Add Comment |

add to del.icio.us | Tags: spam, comments, comment spam, bayesian, bayes

Related Entries

Trick or Treat - Web 2.0 Goodies for ColdFusion - October 31, 2006
Analyzing Words in Spam Emails - August 3, 2005
How I block comment spam - July 19, 2005

14 people found this page useful, what do you think?

Trackbacks

Trackback Address: 623/E52715069FFF9476B54A05F9A9715994

Comments

On 01/31/2007 at 3:10:52 PM EST Jason Troy wrote:

Pete, check out this project from Jake Munson cfformprotect.riaforge.org

On 01/31/2007 at 3:16:13 PM EST jonese wrote:

Have your tried the CFAkismet CFC?

http://devnulled.com/cfakismet

We put it on our blog (http://blog.d-p.com) and love it.

On 02/01/2007 at 7:47:30 AM EST Dan G. Switzer, II wrote:

@Pete:

You might want to adjust the 1 comment per 5 minutes to at least 2 commments. 1 seems a little to strict--especially in the case where someone wants to post an addendum to what they typed.

On 02/01/2007 at 8:10:35 AM EST Pete Freitag wrote:

Hey Dan,

Actually it does allow for two comments since it says GT 1 and the attempts are incremented after that point. I wasn't clear about that in my post however. Thanks for pointing that out.

On 05/04/2007 at 12:56:09 AM EDT idwebtemplate wrote:

I can understand your code. Could you give me the PHP version please

On 08/14/2007 at 10:15:14 PM EDT Bob wrote:

Great site!e

On 08/23/2007 at 8:49:40 PM EDT Bob wrote:

Good luck with your site in the future!e

On 10/12/2007 at 5:30:16 AM EDT Tim wrote:

Good job, here and there!k

On 01/29/2008 at 6:58:32 PM EST Hiskseifs wrote:

Hello heavenly worck new look senks void akaaunting Bye

On 02/23/2008 at 8:03:05 AM EST Hannes wrote:

Just wanted to say helloo

On 02/25/2008 at 7:43:06 PM EST jammarlibre wrote:

Hi our little brothers.c

On 05/27/2008 at 6:33:35 PM EDT Melissa wrote:

Are you a big fan of movies and all the new releases on the big screen? Do you like to watch all the latest movies as soon as they are released? If the answer is yes, and you not only love to watch movies but you also like to get loads of other movie related products as well then there is a web site that is perfectly suited to you. The web site that you should consider taking a look at is called. The Films gives its visitors the chance to down load many of the latest movie releases as well as offering loads of news about all that is going on with in the movie industry and the actors in and around Hollywood. From this web sites well designed menu system you can also access movie sound tracks, and down load wall papers of you favorite movies and movie stars.

On 10/22/2009 at 7:12:02 AM EDT Daddy49 wrote: