I forgot to mention in my previous message yet another issue that could arise.
You must be very careful who gets hold of the plug-in and probably impose a
difficult-to-fool registration mechanism. This is not a matter of getting paid
licences. There need to be a way of ensuring that illegitimate blogs do not
have access to spam-stopper.
A tool such as this in the hand of a spammer is dangerous. They may force you to
flush down your filters, starting from scratch again. Since you record blog URL,
you could probably weed out noise, but what if you have millions a la
Ping-o-matic?
Links exchanges and mass erection of blogs at Google's get-you-blog-in-5-minutes
schemes have shown the need for quality control. Spammer don't lack traffic.
Spammers don't mind destruction either. Give a spammer access to spam-stopper
and they will make their comments appear benign using brute force. Conversely,
let them make some mockup comments and report them as spam... solely in order
to break your filters and lead to false positives. In turn, as a direct
consequence, people may stop using spam-stopper, which has become overly
susceptible to spam. So, comments peculate yet again...
The bottom line is that one of the perils one faces is controlling the spam
reporters. You need to be provided with a statistical sample that is large
enough, but to have good 'quality control' at the same time. How can you then
handle zombies, dynamic IP addresses, etc? Will you need to authenticate with
those who report spam?
There are not questions to be discarded. Where there are gaps, there will be
exploits. Use word-matching spam mechanism and the spammers will use 1's and
4's to spell Viagra or use different encodings in HTML. Allow too lenient an
access to spam.automattic.com and the vulnerability will sooner or later be
spotted.
Roy
--
Roy S. Schestowitz | Bottom-post: as English goes from top to bottom
http://Schestowitz.com | SuSE Linux | PGP-Key: 74572E8E
7:05am up 26 days 19:19, 3 users, load average: 0.50, 0.43, 0.30
|
|
