Robert McLaws: FunWithCoding.NET

I think its a good idea, but expand on the idea some having a signup / qualification process to be able to submit bad IPs.

Yeah, that's a part of the plan. I figure, I already have 400 rows in the DB and I've only been collecting them for 3 days, for the time being my collection will be a big enough chunk to build from.

Any other ideas guys?

Any plan to deal with dynamically assigend IP addresses? There are millions of internet users out there that get a different IP address everytime they go online, it seems that the proposal will not work at all for them, but might even prevent legitimate people from posting comments. Obviously if someone is posting comment spam from a dynamically assigned IP address, this system will also not stop him.

One might be able to inform the providers whose users post spam, but this seems a huge task in terms of different legal systems in the world etc.

The key problem seems to be to authenticate users before they can post a comment. Doing that by IP address doesn't seem to tackle the issue for these scenarios. I guess the real solution to this problem will come with something like Passport or Liberty, when there is a universally accepted method on the net to authenticate users.

Still, great to tackle the issue!! There is certainly a need to somehow deal with this.

Yeah. Actually, we're going to validate against more than just the IP address. I'm storeing the entire content from the span, so I have URLs and what not in the system too. Eventually, I want to do some spam content pattern matching, and create an algorithm that calculates the probability based on the number of hyperlinks, number of times the IP is found in the DB, etc.

In regards to legal rammifications, we're tracking dates and times, so it is entirely possible to go to the ISPs of the worst spammers and get them shut down.

Also, not all comment spammers are using a bot, so authentication is only a part of the solution. I do recommend an option on the site for verification in .Text (http://www.commentspam.org/resources).

Keep the ideas comming.

I suggest using a CAPTCHA control to ensure human-entered comments. I have a pretty nice one that I implemented as a full-bore ASP.NET server control-- just drag it on the form and set a few properties:

http://www.codinghorror.com/blog/archives/000095.html

Check it out; it's really quite good, IMO of course ;)

CAPTCHA is great if you want to prevent bots from spamming your comments. It still does not solve the problem of individuals manually spamming your site. That's why on CommentSpam.org I recommend a dual approach that uses both methods effectively.

I seriously doubt comment spamming is done by individuals in any significant number. Do you have any data to support this?

Plus, a simple 10-15 second comment throttle per IP will pretty much kill any individual's ability to comment spam. At least not efficiently.

Dunno, I see this as a 99.8% bot problem. How we handle that 0.2% is basically gravy to me.

LOL. Why you do not use DNSRBLS for IPs ??

Comment spammers can use same open proxies and troyaned PCs as for regular email spam.

This will be very huge list of IPs in your format. As well open-proxy search will duplicate others block-lists efforts.

Take a look for example on one recent IP http://openrbl.org/ip/219/234/194/189.htm

As for your "future" plans - here is they already implemented - Spam links checkers: http://spamlinks.openrbl.org/filter.htm

Comments spam is no way different from regular email spam. You can use the same technology to prevent it.

P.S> This is trivial to add Microsoft passport to Microsoft blogging websites.
This way you can autorize a few regular visitor of weblogs.asp.net / blogs.msdn.com to kill manualy entered comments.

I do not understand why http://channel9.msdn.com does not allow to use Passport for logon. This can be an optional feature - login with username/password or via Microsoft Passport linked to your account.

Robert puts comment spammers in his cross hairs: CommentSpam.org - Taking The Fight To The Spammers Three