-
Website
http://blog.disqus.com/ -
Original page
http://blog.disqus.net/2008/11/21/improved-spam-catcher/ -
Subscribe
All Comments -
Community
-
-
Top Commenters
-
Popular Threads
- Disqus: The Official Blog - Disqus Comments: Translated in over 40 languages
- Disqus: The Official Blog - Disqus Comments: Moderating comments from your Post
- Disqus: The Official Blog - Disqus Comments: Closing comments on Wordpress and some bug fixes
- DISQUS | Service Status - Maintenance window
- DISQUS | Service Status - Everything is back to normal.
Oh, nope. Of course not.
Because that couldn't be remotely valuable whatsoever.
--Kyle
We are working on the function to tag spam within the admin section. Don't worry, we are on it!
Giannii
Community Manager
How long does it take to make a link, some quick JS, a small script that changes what's most likely a boolean value in a db?
You could do it in under 30 minutes, and even have a rollover image setup for it.
So you want to explain to me how this is a "work in progress" rather than "oh, right... here it is!" situation?
--Kyle
Sure. This is how Disqus handles spam: we filter contents ourselves then pass them through a few different anti-spam providers. This requires a little more finesse than what you wrote above. Otherwise, I agree, it's a seemingly minor addition.
The issue is around improving our handling of comment states in our system for future development. This is being done right now, as well as working in an improved interface that makes it clear for most people.
I can go into more detail, but I hope this provides some insight.
Not that I like *not* having one, but I appreciate the details. Being a programmer myself, knowing why something doesn't work like you think it should is always nice ;-)
Thanks
--Kyle
I'll let you know if it continues. Thanks.
Oh, nope. Of course not.
Because that couldn't be remotely valuable whatsoever.
--Kyle
We are working on the function to tag spam within the admin section. Don't worry, we are on it!
Giannii
Community Manager
I just checked both of your sites and it seems pretty clean. Have you been deleting them manually? Also which site is receiving the spam?
Giannii
Community Manager
www.captaindigital.netis getting the brunt of the spam. Interestingly,
the spammers are hitting
older posts almost exclusively - not the new stuff (I try to post to my
blogs on a daily basis).
Here's a question for you - even though I've got Disqus installed on both,
some of the comments I get are on the blog comments - not through Disqus. Is
there a way I can force EVERYTHING to go through Disqus?
Thanks!
- Brad
I just checked both of your sites and it seems pretty clean. Have you been deleting them manually? Also which site is receiving the spam?
Giannii
Community Manager
www.captaindigital.netis getting the brunt of the spam. Interestingly,
the spammers are hitting
older posts almost exclusively - not the new stuff (I try to post to my
blogs on a daily basis).
Here's a question for you - even though I've got Disqus installed on both,
some of the comments I get are on the blog comments - not through Disqus. Is
there a way I can force EVERYTHING to go through Disqus?
Thanks!
- Brad
How long does it take to make a link, some quick JS, a small script that changes what's most likely a boolean value in a db?
You could do it in under 30 minutes, and even have a rollover image setup for it.
So you want to explain to me how this is a "work in progress" rather than "oh, right... here it is!" situation?
--Kyle
Sure. This is how Disqus handles spam: we filter contents ourselves then pass them through a few different anti-spam providers. This requires a little more finesse than what you wrote above. Otherwise, I agree, it's a seemingly minor addition.
The issue is around improving our handling of comment states in our system for future development. This is being done right now, as well as working in an improved interface that makes it clear for most people.
I can go into more detail, but I hope this provides some insight.
Not that I like *not* having one, but I appreciate the details. Being a programmer myself, knowing why something doesn't work like you think it should is always nice ;-)
Thanks
--Kyle
Hacking tests to follow (not cracking).
<b onClick="javascript:alert('hello');">Click me or Just let the script load without any help.
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=javascript:alert("XSS")>
<A HREF="javascript:document.location='http://www.google.com/'">XSS
However, JavaScript is NOT FILTERED out of comments from MY site. Why? Is there something I need to do to fix this?
Hacking tests to follow (not cracking).
<b onClick="javascript:alert('hello');">Click me or Just let the script load without any help.
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=javascript:alert("XSS")>
<A HREF="javascript:document.location='http://www.google.com/'">XSS
However, JavaScript is NOT FILTERED out of comments from MY site. Why? Is there something I need to do to fix this?
:Update:
Tests were run from a "localhost" machine. The IFRAME that is loaded by the JS request doesn't seem to process comments. Why not? Is this only for localhost or once I put the site live will I still have the same problems?
female libido supplements
Web Tasarım | Bilgisayar
thanks for sharing. really helped a lot here.
--------------------------------------------------
Ugg Boots | Uggs
I'll let you know if it continues. Thanks.