The comment spambots have gotten more clever lately. My blog has open comments, protected by Mollom. On average, I get one or two real comments a day, and 20-30 blocked spam. Lately I have been getting more comment spam slipping through. This new spam is made up entirely of snippets from previously accepted comments, with a couple new links slid in. Cute.
I think I need a second level comment filter, after Mollom, that immediately publishes comments without links, but pops any comments with links into a moderation queue. I wonder if such a thing already exists.
wow
It's damn smart to make comments from previously approved comments. Got to admit that some of those spam guys are doing their job "right".
captcha
why not just add captcha?
I used to have a captcha for
I used to have a captcha for everyone, but they annoy the heck out of me. If there is a way for good guys to not have to fill them out, I am all for it.
Follow WordPress
Matt Mullenweg from WordPress recently spoke in Hong Kong, and he mentioned a clever way of dealing with comments, that may work for some people. Basically, all posts are visible by the poster, immediately. Then, after human moderation, they become publicly visible. Maybe this could also fool some of the spambots into thinking their post was successful, even if you don't make it public.
Good idea, but
I think Tao's point offers something additional of value: if the moderator is lazy or on vacation, the comments show up immediately, meaning readers can add value without approval.
This wouldn't be that hard to set up using some input-filter fun.
Yeah, it is easy enough to
Yeah, it is easy enough to just have all comments go to moderation (no need to psych out the bots), but that really dampens the conversation if I am not staying on top of things.
Configurable CAPTCHA?
Hmm, in the Using Drupal book it claims that Mollom will conditionally display a CAPTCHA only if the submission is borderline possible spam.
Wonder if it is possible to tweak the Mollom CAPTCHA settings to treat all comments containing links as borderline.
I suppose “Block anonymous
I suppose "Block anonymous links" (http://drupal.org/project/blockanonymouslinks) is not exactly what you want because it blocks ALL comments which contain links.
The Spam (http://drupal.org/project/spam) module allows post-moderation and can be configured to be very sensitive on link count. But I don't know if it plays well in combination with Mollom?
But you could borrow some ideas from those modules.
Blocking Blog Spam w/out Captcha
Barring captcha, you could test a comment by purging its links and comparing it -or chunks of it- to the comments you already have. If there's a match, it can go to human moderation. Ns how much you want to load your db server (or how much time you want to spend), but you could do multiple passes at different chunk-sizes to generate a statistical analysis of whether a comment in question is spam or not.
Alternatively, you could institute a policy of stripping out links and force commenters to use "at" syntax. I don't really like that, but I think everyone empathizes with the reason for it.