phil ringnalda dot com warns about the latest idea from the lowlife scum also known as spammers: Target the comment sections of blogs using a script that posts a comment to every entry on the blog.
Why don’t we just do like we do at Daily Rush? When a comment is posted, the blog-software checks if a post like it (either exactly or using some isTextAlike-algoritm - I believe a couple exists in CPAN making implementation in ie Movable Type reasonably easy) has been made recently (or at any point). If it has, the post isn’t accepted.
The deluxe version could automatically ban the posting IP after a fixed amount of tries. It seems to me this would probably take care of most of the problems - at least until the spammers get a clue.
It's certainly one thing that comment scripts should be doing (to cut down on double-posting, if nothing else). However, it would only block spammers who are trying to insert some particular text. I assume that my spammer was trying for a Google PageRank boost, since only the lamest of lame idiots would believe that someone would buy Las Vegas real estate based on a weblog comment saying "This is a great site!" So the only thing he really needed to have constant was the URL (and even that could vary among several hosts in a link farm, which he apparently does run). So I think the deluxe version has to look at things like isTextAlike, but also how many comments per minute are coming in, are the URLs changing, are they coming from a single IP, and fight back in multiple ways as well: if a spamming script is just POSTing without paying attention to what's returned, it can fake different IPs, but if the script sometimes returns the filled out form, asking for a resubmit ("I think I'm being spammed, could you please prove you are a human by submitting again?"). It's so easy to think of ways around almost any inobtrusive scheme (especially since the source will be visible) that to have a chance of being effective we'll have to do enough different things that a script can't cover all of them.