Plugin Bounty: Spam Karma 2.2 port to Txp

Logoleptic · 2006-03-18 00:49:36

I’ve been using Dr. Dave’s excellent Spam Karma plugin for WordPress ever since it was in its first beta. Now at version 2.2, it’s officially the only way I can keep the blog running without drowning in spam.

This plugin is so crucial for me that I’m willing to start a bounty pot for the developer or developers willing to port the plugin to Textpattern and maintain that port in sync with updates to the original. I’ve already discussed the prospect of ports with Dave, and he says the plugin is written to be highly portable.

Here’s my $40 bucks on the table to get things rolling. I’d put down a little more, but money is tight this month. Anyone care to join me?

Logoleptic · 2006-03-20 21:59:23

Is nobody else interested in this?

Sencer · 2006-03-20 22:35:07

Well, fom my experience there is so little automated spam that makes it through with textpattern, that there is not really that much demand for anti-spam plugins. We had repeated reports in Decemeber (with 4.0.2 and earlier), which we tried to tackle with 4.0.3 with internal changes as well as providing a simpler way to develop anti-spam plugins – but demand for plugins has been low, and I have hardly read any reports about automated spam after that.

What is so special about Spam-karma? Have you checked it against the built-in features of textpattern, and the available plugins?

Logoleptic · 2006-03-21 04:50:53

The news that few new attacks have occurred is reassuring. I haven’t had occasion to use comments in a Txp site yet, but I’ll be doing so for the first time sometime in the next few weeks. After having read earlier reports of spam problems in Dec, and seeing the dearth of spam-handling plugins, I was dreading in influx of spam that may not actually be coming. Thanks for the update! :-)

What is so special about Spam-karma?

It’s a highly modular plugin that serves as something of a framework for other plugins that conduct various tests to measure comment spamminess. Each test can add or subtract from a comment’s “karma.” At the end of the line, a final plugin called Anubis determines a comment’s fate — moderation, deletion, or a second chance at redemption through a CAPTCHA test (if the comment is right near the border line).

Most of the included plugins were authored by Dr. Dave himself. They include:

User Level — Automatically approve comments by a logged-in user with privileges at or above a certain adjustable level.
Blacklist — Subtract karma for comments that trigger IP or URL matches in the blacklist, which is weighted and dynamically self-updating/self-adjusting. Unlike remote blacklist services, the SK2 blacklist only contains URLs and IPs from spam your site has received.
Link Counter — Penalize comments with more than a certain (adjustable) number of links.
Stopwatch — Penalize comments that are entered just a few seconds after the page is loaded.
JavaScript Payload — Embedded JS commands added to the comment form; a small penalty is exacted if these commands are not executed.
Encrypted Payload — Appears to embed a hash value in a hidden field, then check against it and penalize invalid results.
Entities Detector — Penalize improper use of HTML entities, used by spammers to trick keyword filters.
Trackback Referrer Check — Ensures that a link to the pinged post exists at the TB source page (irrelevant to Txp).
Snowball Effect — You enter the frequency (in days) with which you check comments and the number of comments one person can make in that time before they start being treated as suspicious. Commenters with many past approved comments are granted bonus points by this plugin.
Post Age and Activity — SK2 is stricter on old posts and posts with no recent comment activity. You can configure the number of days after which a post is considered “old” and the number of days without comment before a discussion is considered “inactive.”

Some of the plugins contributed by knowledgeable users:

RBL Check — Double-checks commenter IP against real-time blacklist servers. By default, it uses opm.blitzed.org and bl.blbl.org for IP lookups, and uri-bl.blbl.org for URLs. I have this turned off, since I generally distrust blacklist services and the other plugins do the job. (contributed by James Seward)
Simple Digest — E-mail digest sent every x (adjustable) hours that lists moderated and deleted spam and gives a score breakdown to show why they were treated as they were. Heavily spammed sites can adjust this digest to ignore spams below a certain negative karma threshold. (contributed by Peter Westwood)
Akismet — Includes ~~Matt Mullenweg’s~~ Automattic’s Akismet service as another test that can affect a comment’s karma. (contributed by Sebastian Herp)

SK2 is highly configurable, since every karma-affecting plugin can have its strength adjusted to one of several levels: disabled, weak, moderate, normal, strong, or “supastrong.” The CAPTCHA test also has levels of disabled, easy, enabled, and difficult. If spam is still getting through, or if too many good comments are being unjustly blocked, you can tweak the strength of the plugins that seem to be causing the problem.

Although it sounds like including all of this functionality in Txp would be overkill, perhaps this list could spark some ideas for future plugins or built-in features. For example, having the ability to close comments based on comment activity as well as post age would be an improvement over the current age-only option.

Last edited by Logoleptic (2006-03-21 04:57:20)

Sencer · 2006-03-21 07:57:10

It’s a highly modular plugin that serves as something of a framework for other plugins that conduct various tests to measure comment spamminess. Each test can add or subtract from a comment’s “karma.”

Something similar is built-in to textpattern.

Link Counter — Penalize comments with more than a certain (adjustable) number of links.

available as a plugin currently.

RBL Check — Double-checks commenter IP against real-time blacklist servers.

Core-feature of textpattern.

There is also some additional stuff built-in as well as available as plugins. The best way to currently get informormed is this page:
http://textpattern.net/wiki/index.php?title=Combat_Comment_Spam

perhaps this list could spark some ideas for future plugins or built-in features.

Sure, I think as soon as troubles are increasing the efforts into plugins will increase as well. Currently I think it’s just not much of a problem, and people are spendin their efforts on others things.

Logoleptic · 2006-03-21 08:40:38

Sounds like I’m just about all set then.

One more question related to blacklists being a core feature. I posted here with a question about using blacklists for other spam blockers in Txp and haven’t received an answer yet. Do all these blacklist servers work the same, or is there a chance I could get results back that Txp wouldn’t understand? What happens if Txp can’t make sense of a blacklist server’s response?

Last edited by Logoleptic (2006-03-21 08:41:50)

Textpattern CMS

Textpattern CMS support forum

#1 2006-03-18 00:49:36

Plugin Bounty: Spam Karma 2.2 port to Txp

#2 2006-03-20 21:59:23

Re: Plugin Bounty: Spam Karma 2.2 port to Txp

#3 2006-03-20 22:35:07

Re: Plugin Bounty: Spam Karma 2.2 port to Txp

#4 2006-03-21 04:50:53

Re: Plugin Bounty: Spam Karma 2.2 port to Txp

#5 2006-03-21 07:57:10

Re: Plugin Bounty: Spam Karma 2.2 port to Txp

#6 2006-03-21 08:40:38

Re: Plugin Bounty: Spam Karma 2.2 port to Txp

Board footer