[hashcash] Re: Hashcash for Blogs

Hi John,

Thanks for your comments. On the subject of your first suggestion:

JH> If your intention is to slow down the spammer and deter them
JH> from spamming your blog then why not just apply a delay at
JH> the server end? - Make it pause 15-20 seconds after they hit
JH> the 'submit' button before actually posting the comment. Would
JH> this achieve the same thing?

I don't think this will work. Spammers can establish several thousand
concurrent HTTP connections to servers all over the world. If all of those
connections are in a wait state then there is no CPU load on the spammers
end so no cost for them. The spammer would have to be a bit of a thicko not
to make their poster multi-threaded given the response times you see over
the Internet.

JH> Actually stopping spammers from placing adverts on blogs or
JH> forums is quite difficult. As you state on your webpage,
JH> they only have to post once, and they end up getting indexed
JH> by google and viewed by possibly hundreds of people.

Yup. So the intention is to stop them spamming, full stop. Big aim I know :)



Mitch Denny
w: http://notgartner.com
e: mitch.denny@xxxxxxxxxxxxxx
m: +61 (414) 610-141






 
-----Original Message-----
From: hashcash-bounce@xxxxxxxxxxxxx [mailto:hashcash-bounce@xxxxxxxxxxxxx]
On Behalf Of John Honan
Sent: Monday, 30 August 2004 9:05 AM
To: hashcash@xxxxxxxxxxxxx
Subject: [hashcash] Re: Hashcash for Blogs

Mitch Denny wrote:

>Hi Jonathan,
>
>I just read this post by James Moore:
>http://www.freelists.org/archives/hashcash/03-2004/msg00003.html
>
>It seems he had an implementation in JavaScript that was quite slow. So 
>maybe for web-form comments (as opposed to track-backs) the best 
>mechanism would be what Atom Smasher suggestion in the form of a 
>dynamically generated image which is hard for a machine to parse. Does 
>anyone know of how easily those are compromised? I'd prefer not to have 
>to have people download a Java applet to make this work, and most 
>browsers definitely won't let an externally loaded page query a HTTP 
>server on localhost - that would be a security violation.
>
>OK, so the way it is panning out is this:
>
>       1. Web-form posted comments are filtered using a image verification 
>system.
>       2. Track-back comments are posted using hashcash. The server can 
>choose to produce the stamps for the posting client (especially if it 
>is via the web-based admin interface), or the client can provide a set 
>of stamps that match the referenced URLs.
>
>  
>
Some more suggestions;

If your intention is to slow down the spammer and deter them from spamming
your blog then why not just apply a delay at the server end? - Make it pause
15-20 seconds after they hit the 'submit' button before actually posting the
comment. Would this achieve the same thing?

Another form of flood protection I've seen on forum software is to limit the
amount of posts coming from any one IP address. If you try and post again
too quickly, it won't allow you (in most cases you have to wait 2 or 3
minutes before you're allowed to post again).

Actually stopping spammers from placing adverts on blogs or forums is quite
difficult. As you state on your webpage, they only have to post once, and
they end up getting indexed by google and viewed by possibly hundreds of
people. If there is one posting coming from a person, and assuming they're
not trying to flood the database, then how do you figure out if it's a
genuine poster or a spammer? - In fact, the definition of 'spammer' kind of
falls apart in this scenario. Instead of sending out millions of emails,
they just make one posting and get it read by hundreds of people!

Another solution is filtering (does the post look 'spammy'?) - Or
moderation, where each new post is sent to you first for review/approval
before getting added to the blog.

John.

Other related posts: