Comments renabled, announcing spamquestion

Due to my recent comment spam issues I've created a new PyBlosxom plugin called spamquestion. It is similar to the existing Magic Word plugin but instead of using just the one question for any comment entry on the blog, it randomly selects a question from a larger set of configured questions. This makes it much harder for spammers to get past the comment form using automated software. Unlike CAPTCHA systems this scheme doesn't disadvantage visually impaired people or those on text based browsers.

The spamquestion plugin can be downloaded from my Code page.

Comments are now re-enabled on my site, with spamquestion enabled. It'll be interesting to see how the scheme holds up. I also plan to install the Akismet plugin as a second line of defense.

Tags: ,
posted: Wed, 31 Oct 2007 23:17 | permalink | comments

Spam: good news and bad news

The bad news...

My blog was hit by a comment spammer last week. Hundreds of entries were made, interestingly focussing only a few articles (perhaps with a higher Google ranking?). Running without a CAPTCHA system or similar was good while it lasted. Comments are now disabled until I get around to installing a CAPTCHA style plugin.

Lazy web: what anti comment-spam technologies do you find work well for you? Is CAPTCHA the best option we have?

The good news...

I started using SpamAssassin for my personal email over a month ago. Having seen the complete ineffectiveness of some anti-spam systems I was fairly pessimistic about how effective it would be. Boy was I wrong. Without any tweaks to the default filtering config (except for ensuring that the latest rules are being used) it stops virtually spam hitting my mailbox with zero false-positives so far. I get 20-40 spams a day and 1 or 2 a month get through to my inbox.

My mail volume is comparatively low so I just set Procmail to invoke SpamAssassin for each inbound message. For higher volume situations something like SA's spamd should probably be used. Using Procmail has the nice benefit of being able to direct spam to a separate folder for later persual and deletion.

A cron job is set to run sa-update ever night to ensure the latest default checks are being used. This is important; spammers develop new tricks to bypass anti-spam systems all the time.

Currently I have all suspected spam going to a spam folder. However SA has been so successful that I'm thinking of getting Procmail to automatically delete higher scoring spam and send only the lower scoring spams to the spam folder. Depending on attitudes towards false-positives some might just delete all emails that SA thinks is spam. Personally, I'd rather be a bit cautious. Losing real email scares me.

It's so nice when something works beyond expectation.

Tags:
posted: Wed, 24 Oct 2007 15:49 | permalink | comments

Announcing IMAPClient 0.3

I've just made a new release of IMAPClient (0.3). Changes are:

IMAPClient can be installed from PyPI using easy_install IMAPClient or downloaded from my Code page. As always, feedback and patches are most welcome

posted: Tue, 16 Oct 2007 15:20 | permalink | comments

FuzzyFinder

FuzzyFinder is a useful Vim extension that I've discovered recently (nothing to do with Fuzzyman). It has proven to be a great productivity enhancer, especially when dealing with large codebases with many files.

FuzzyFinder provides a mechanism to search through files on disk or Vim buffers using fuzzy filename matching. When activated it interactively searches the current directory for files matching the name you entered. Matching is very loose, so if for example you enter "abc", you'll get a list of all files matching *a*b*c*. It sounds strange at first but is very effective in practice.

Here's a screen shot of FuzzyFinder when first activated. A list of all files in the current directory is displayed. The arrow keys can be used to make a selection from the list (useful if you can see what you want). If the list is long, start filtering!

This screenshot shows what happens after a few characters have been entered. The list of available choices is filtered to match. Very powerful.

FuzzyFinder can also do recursive matching using the ** wildcard. This is great for large source code trees.

posted: Thu, 11 Oct 2007 13:55 | permalink | comments