There has been a lot of discussion here recently regarding strange users registering on my site. There have been several potential solutions discussed as well. One of the solutions discussed is to use CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) to prevent spam bots from registering on your site. To address this need, I have released gl-captcha-1.0, a CAPTCHA implementation for Geeklog utilizing the custom registration feature.

gl-captcha-1.0 is a combination of the previous beta releases and contains both the dynamic and static image support. This version also supports the use of a language file and improvements to the memberdetail.thtml template to allow users to refresh the CAPTCHA image and to email the administrator if having difficulties registering.

Three months ago, we released an update for Geeklog's Trackback handling that stopped Trackback spam by simply checking if the site in the Trackback URL was actually linking to your site. At least one spammer has now figured out how to circumvent that check and so it's time for the next round ...

Yet another update for Geeklog's lib-trackback.php is now available for download. This is a drop-in replacement for the lib-trackback.php of all Geeklog 1.4.0 releases (up to and including 1.4.0sr5-1).

Note: The download link was still pointing to the old file. If you downloaded it before September 15th, 2006 2 PM EDT, please download it again to get the correct version!

SLV (Spam Link Verification) is a service run by Russ Jones at www.linksleeve.org. The idea is that interactive sites like Geeklog or forums send all user-contributed posts to SLV first which then checks if certain links show up in unusually high amounts. In which case it considers those to be spam and flags them accordingly.

The SLV module for Geeklog's Spam-X plugin makes use of that service. See the included README for installation instructions.

This module should be considered experimental for now. I've been using an earlier version on two sites for several months now, though, and it did help quite a bit. And it can only get better the more sites use it.

We're probably not the only ones seeing a sharp increase in the amount of Trackback spam over the last couple of weeks. Trackbacks are a new feature in Geeklog 1.4.0 and we're still learning ...

So here's a first result of that learning process: A new version of the lib-trackback.php for Geeklog 1.4.0 that contains a few improvements to better fight Trackback spam:

• a separate speedlimit setting for Trackbacks
• stricter handling of the speedlimit for Trackbacks
• can optionally check if the site that sent the Trackback actually contains a link to your site
• option to log rejected Trackbacks

You may want to check if you have a registered user on your site who's email address is new@sys54.3fn.net or new1@sys54.3fn.net (or a variation thereof). On at least two Geeklog sites (including geeklog.net) that user has suddenly started posting comment spam (for drugs and pills) after the account lay dormant for a year or longer. The oldest accounts found so far date back to August 2004.

Account names differ but follow a pattern: 9NoraRebecca, 3BillAlika, 7FlossieOma, 9AlmaNoguri

We suggest that you delete or at least ban that user (banning a user is only supported as of Geeklog 1.4.0). If you find any interesting variation of the above patterns and suspect it's the same user, feel free to email us and send us the details.