Using 6.13, we have been banning IPs for posting spam in anonymous comments. In some cases, this seems to work, but in some cases we are getting additional spam from IPs that are banned.
Now, I am going through a process of copying out the spam list with IPs, filtering that down to just the IPs, running it through uniq -c to get a count of unique IPs, pasting it into Excel, looking through for duplicates and combining them, then sorting by count ... before I then start banning everything with a count of 10 or more (I'd do more, but it is pretty tedious). So, by the time I have actually banned an IP from the morning's batch, a fair amount of time has passed and it is possible that the ones that are getting through are doing so in that first day window before they are banned.
Is it reliable? Is there any caching or other delay factor?
Comments
You may try Mollom
You may try Mollom if banning by IP is unreliable.
Mollom is actively developed and maintained by Dries Buytaert, the founder and project lead of Drupal, and Benjamin Schrauwen.
http://drupal.org/project/mollom
http://mollom.com/
I think you'd have to ban
I think you'd have to ban only the first part of the ip because last I checked ips could still change. I like the spam module myself, though I haven't tried Mollom.
works at bekandloz | plays at technonaturalist
As we continue to collect
As we continue to collect data, some patterns are emerging which might suggest some useful additions to this module.
We have a small number of cases where there are a large number of spam from a single IP in a short period, e.g., within one day. For those, it seems like a good mechanism would be to automatically ban the IP after N spam, but to put this in a queue for confirmation in case they aren't really spam. I.e., there needs to be a clear work queue and/or log to track this.
We are getting a significant number of cases where an IP posts 1 -3 spam per day, but does so day after day. I am currently banning any that accumulate 10 spam simply because it is tedious to search out the record to do the ban. If there were a screen to easily ban by IP, I would lower the threshold to 5 or even less. When I go to ban these, I often find that the have 50-200 hits, i.e., there is a strong appearance that they have been sending 1-2 spam per day consistently over a long period.
The implication seems to be that we really need an automated long term record keeping system similar to what I am doing manually, i.e., the ability to delete all recent spam to facilitate review, but to retain the record of the spam so that one can build up long term statistics.
Out of 1800+ spam tracked since I began keeping records, all but 400 are from repeat offenders. I.e., blocking an IP provisionally based on 1 spam would have eliminated 2/3 of the spam received. The impact would have been nearly as high if the threshold was set at 2 spam. I.e., automated banning by IP appears like it could drastically reduce the spam burden.
There are cases where I am seeing multiple IPs within a single class C address space. I have not yet done any class C bans because none of these groups have been particularly high sources of spam. Thus, it appears that while spammers may be spoofing IPs, they are more likely to be doing so across some broad range of addresses than doing anything as obvious as cycling through adjacent addresses.
Subscribing
Subscribing