Use Project Honey Pot HTTP Blacklist for Spam Prevention

[thorfinn]

Title:
Use Project Honey Pot HTTP Blacklist for Spam Prevention

Area:
spam prevention

Summary:
Project Honey Pot at http://www.projecthoneypot.org/ has a Blacklist available for catching comment spammers, link harvesters, and the like by IP.

It could be used by DW to block and/or better identify spammers.

Description:
First refer to the contents of:

http://www.projecthoneypot.org/services_overview.php
http://www.projecthoneypot.org/faq.php

The HTTP Blacklist could be included for either or both of:

1. realtime use on the Dreamwidth servers
2. Informational use by the spam prevention team when they need to look up an IP address

In addition it could be possible for dreamwidth to help out project honeypot also.

Poll #5118 Use Project Honey Pot HTTP Blacklist for Spam Prevention

Open to: Registered Users, detailed results viewable to: All, participants: 40

View Respondents

This suggestion:

View Answers

Should be implemented as-is.
7 (17.5%)

Should be implemented with changes. (please comment)
1 (2.5%)

Shouldn't be implemented.
3 (7.5%)

(I have no opinion)
28 (70.0%)

(Other: please comment)
1 (2.5%)

Comments

[liv]

I really, really hate IP address blacklists. They always seem to cause more annoyance to innocent users who happen to have a dynamic IP address (and that's nearly everybody these days) than have actual positive effects in preventing spam. There's a reason why DW won't let individual users ban by IP address; doing it site-wide would be even worse.

[matgb]

Actually, yes, I got hit by an IP blacklist when I lived in London, and was using a spamblocker on my WP self hosted blog that used one. I couldn't access my own blog, at all, without going in via FTP and deleting the plugin.

Turned out a housemate was running a very old windows machine with no protection and leaving it on all the time, but...

So I've changed my vote to no, shared IP addresses are going to be more common given how close we are to running out of IPv4 numbers anyway, don't want to hurt legit people sharing one with illegit ones.

[marahmarie]

+1

Last year some LJs got blacklisted. I was the one who blew that wide open in comments to the relevant LJ News post, but upon further examination by others, the blacklisting turned out to be a coincidence based on, I forget, but - the fact that those journals were getting more visits than usual? It was really odd, considering these were no-index, no-follow personal journals that got briefly popular for posting info on the link hijacking while it was in progress, getting spam blacklisted. Seeing that happen to those people's journals sort of burned me on blacklists.

[thorfinn]

*nod* I think including it for use informational lookup by humans is still useful though.

Actual blocking is certainly more controversial and potentially issue filled, yes.

Not sure if DW uses any automated measures to detect spam and flag it for human review, but if it does, it could form part of that heuristic too.

[azurelunatic]

I would be all over a tool that gave previously-reported IPs a CAPTCHA before commenting anonymously, with the understanding that CAPTCHAs do pose accessibility problems, and if a user who has problems with CAPTCHAs is faced with them in places they did not expect to be faced with them, that they should contact us with their IP at the time of facing them, so we can review & maybe take them off our copy of that list.

Using an external blacklist as a full block list is something I'm not comfortable with unless things get amazingly dire and all other options are exhausted.

[cesy]

I like this tool idea.

[cesy]

But isn't an IP address blacklist effectively what the antispam team are creating on an ongoing basis, every time they ban an IP forever?

[faithofone]

I voted "other" because the issues raised in previous comments have me nervous about implementing a blacklist, however I do not have enough knowledge on the issue to make an informed decision.