It’s been a rough couple of weeks over on the add-ons site. The once-manageable trickle of comments spam on individual add-ons exploded into a deluge of ads for shoes and cheap handbags. We apologize to all of you who’ve been on the receiving end of this, especially to the add-on developers whose add-on pages were so heavily hit.
We’re tackling this in a couple of separate stages. We just rolled out stage one, which is to temporarily disable commenting on the add-ons site. Add-ons can still be uploaded, downloaded, and rated — the only functionality we’ve removed is the ability to comment. This is not an ideal solution, nor is it a long-term solution. It was, however, a very quick and direct way to immediately stop the problem.
A few of you have asked us why we don’t just use a captcha. Funny story: we’ve had one for years! It appears during our account signup process, and all of the spam we’re seeing is coming from newly generated accounts who successfully make it through the captcha as part of signing up. We use Google’s reCAPTCHA. A little bit of searching tells us that reCAPTCHA isn’t as mighty as it once was, so we’re going to investigate alternatives. Once we identify a route forward, we’ll roll that out as stage two and get comments re-enabled.
Again, we’re sorry for the mess! It bums us out, too.
1 Trackback
[...] que POTI à décidé de fermer les commentaires sur la plateforme d’extensions suite à un problème de spam, je vous invite à publier vos [...]
15 Comments
SubscribeI had to turn off thread creation for new users on my forum, I know how you feel. For a while there recaptcha solved spam, looks like the arms race is back on.
If you do happen across a magic new anti-spam solution could you make another post about it?
Good to see you are working on this issue, and also communicating
Computers are solving reCAPTCHA… take over imminent.
Thanks for the update and good luck.
The same problem has been happening for a lot of forums on the ‘net. The solution that has been used on a lot of phpBB boards is a “Question and Answer” style CAPTCHA.
For example, “Enter the third word in this sentence” (the answer is “third”) would be able to stop a lot of spambots in their tracks.
Of course these questions would be most effective if they were rotated and changed.
You could give akismet.com a go, it’s stopped all the spam form comments and contact forms on my website. It does catch the odd normal message, but with my site they are placed into a queue for manual checking.
Good luck, sure appreciate the aggressive steps. Hate hate hate hate hate spam!
http://research.microsoft.com/en-us/um/redmond/projects/asirra/
pleeeeease
@Evan that is delightful.
@Evan – that’s awesome! Though providing a simple binary does mean the spammers have a 50% chance of ‘winning’ every time.
@Gryphon, not quite binary, you have to find ALL the cats, and I guess they can vary the ratio. No doubt someone who remembers probabilities can work out the odds
here are some alternative you can take a look at
Sblam! http://sblam.com/en.html
Open-source implementation of server-side spam filtering of blog comments and forum posts.
look at nucaptcha http://www.nucaptcha.com/
It is different than other services because it uses a video-based CAPTCHA and can adapt to easy challenges for legitimate users and difficult ones for attackers.
http://en.wikipedia.org/wiki/NuCaptcha
and there is also mollom http://mollom.com/
http://mollom.com/how-mollom-works
http://www.stopforumspam.com/
What’s up still not found a decent solution ?
Interesting. Yet comments are working right here. Maybe take a look at how spam is being prevented right here on this page, and put it to work over there?
We’re manually deleting the spam off the blog every day.
Haven’t even begun to investigate a solution for the add-ons site.