Latest sites

Quick news

  • 2014-03-27: MongoDB Watchdog module ported to Drupal 8 at the Szeged Dev Days.
  • 2014-01-26: My post on the Symfony web profiler in Silex selected in Week of Symfony. w00t !
  • 2013-10-18: My first commit went into MongoDB today. And, guess what ? It's in JavaScript
  • 2013-09-20 to 29: Working on Drupal 8 EntityAPI at the extended code sprints during and around DrupalCon Prague
  • 2012-08-19: Working on Drupal 8 EntityAPI at Drupalcon Munich
  • 2012-06-15: Working on Drupal 8 EntityAPI at DrupalDevDays Barcelona
  • 2012-03-23: Working on the future Drupal Document Oriented Storage at DrupalCon Denver. D8 or later ? Bets are on Later

First spammer working around captcha

After almost six months without abuse following the installation of the captcha module, a spammer found its way through it, to promote a ringtones site.

Not that it did him/her much good, since comments are premoderated anyway, but still...

Sheer luck, of astute pattern matching and module workaround ? Oh well, it's still six months of peace gained. Well worth the almost nonexistent hassle, it seems.

And another spammer today...

Another spammer today makes it through captcha to push some blue pills. Looks like the basic captcha is now taken into account by some spammer tools :-(

Time for a stronger anti-blue-pill-pusher pill ?

I noticed that too

I was getting spam from some guy using sdial.biz email addresses so I installed the captcha module but it didnt make a difference. I guess he probably just wrote some code that parses the maths expression and computes the result.

Sdial.biz too

Might be the same: (s)he claims an sdial.biz address too. However, they may just as well be victims as us. The one thing I wonder about, though, is why (s)he lets the bot attempt again and again although it fails at publishing anything.

Captcha Security update

Scope it out....referring to Captcha on Drupal.org security.

http://drupal.org/node/114364

...although I'm digging your question and answer fix.

Cool.

Thanks for the warning

Well, it looks like it was time to add update_status to this blog too :-)

It definitely makes system maintenance easier!

Alas, poor Yorick...

It looks like the captcha fix does not prevent the same spammer from still submitting: fresh new comment spam just 90 minutes after I installed the latest captcha module.

Maybe they actually parse and interpret the captcha, instead of relying on hacking it...

Akismet

Have you checked out the Akismet module? It catches almost every piece of spam for us at Wise Bread under the most open conditions -- no captcha, unmoderated anonymous commenting.

[non-]Commercial use ?

I did consider Akismet. However, after reading their take on commercial use vs non-commercial, I did not feel I could really claim my blog to be strictly personal:

  • On the "commercial" side:
    • it runs on hosting paid for by one of my companies
    • it links back to one of my company's sites, so this has some
      visibility impact to the company
  • On the "non-commercial" side:
    • I never promote the company's products or services on my
      blog, nor even comment directly about them
    • I do not make a dime from the blog
    • most of the content is related to my musical experiences,
      not to professional endeavours or even a resume

As the Akismet page itself says, the line is hard to draw: by the criterium they mention, I would not need a "pro-blogger" key, since I make 0 income from my blog. But the blog is hosted by one of my companies and links back to it, so one might argue I would have to use an "enterprise" key. But the cost of an "enterprise" key
is higher than the monthly hosting cost for the whole assortment of sites, which does not really make sense, especially considering the fact that the company does not gain anything from the fact that comments exist on this blog and not on any of the other sites.

So, in the end, a line had to be drawn, and I thought my blog fell on the non-personal side of the line... and chose not to use Akismet for now.

This being said, should someone from Akismet chime in saying I would really fall under their "personal, non-commercial" rules from reading this description, I would certainly try it: most of what I know about the service and the experience of its users is positive.