Seeing as how I’ve taken a renewed interest in my blog, I figured it was probably a good idea to start paying attention to my comment spam filter, Spam Karma. It’s been working well, deleting at least 20 spams a day, but I’m worried it might start eating legitimate posts. Unfortunately, seeing as how I’m the only one that reads this blog, I have no way of testing that just yet.
However, Michael Heilemann over at Binary Bonsai seems to spit on Spam Karma (and many other comment spam plugins), claiming they’re too aggressive. I respect what Michael has to say, and I too am worried, but I’m not yet ready to pull the plug. Instead, I decided to read everything I could find regarding Spam Karma, and tweak it to find that sweet spot of spam-eating goodness and comment-friendly environment. Here’s what I’ve found so far…
- SK uses a captcha as a backup check by default. It might not work on your host, so test it and fix it if necessary. In my case, the SCRIPT_FILENAME from superglobal _SERVER was way off, so I had to manually enter the path to the captcha image. If you running your site on DreamHost, I suggest you look into fixing this. If the captcha scripts are enabled but don’t work on your host, you’ll most certainly have false positives
- Disable RBL checks. RBL checks are designed for checking received mail, and their databases are skewed to represent the fact that most dynamic IP users shouldn’t be sending mail. However, most of your comments will likely be from dynamic IP ranges.
- Same goes for IP banning. That dynamic IP some guy used to spam your blog last night could be dished out to your best friend the next morning. I never approve permanent IP bans.
- Disable HTTP_VIA and HTTP_REFERER checking, they’re huge holes for false-positives.
- When you first install SK, start with the Lenient treatment algorithm, and watch how it performs. Adjust up or down as necessary.
I think this is a good configuration to begin with, but every blog is different. The only problem I have with SK is that its very aggressive right out of the box. Most people will simply install it, gloss over the options, and wonder why it starts eating legitimate messages. Most people, particularly impatient blog authors, don’t RTFM. Good software designers know this, and author their programs in such a way as to do the least amount of harm after a default install. SK could use a little of this.
Now, if SK did SURBL checks, that would be really nice.
0 Responses to “Comment spam killa”