I'm thinking about permitting customers to publish to my website without getting them register or provide any determining information. If each publish is distributed to some db queue and that i then by hand screen these posts, what kind of issues might I encounter? How might I handle individuals issues? tia

Screening every publish could be tiresome and tedious. And vulnerable to annoying admin junk e-mail. My suggestion is always to automate because screening as you possibly can. And besides, supplying any determining information does absolutely nothing to prevent junk e-mail (a bot will just generate it).

Lots of projects implement recognition system: first the consumer needs to publish 1-2 posts which are approved, then by IP and (maybe) a cookie he's recognized like a reliable poster, so his posts appear instantly (and then could be marked as junk e-mail).

Several heuristics around the content from the publish might be used (like quantity of links within the publish) to instantly discard potential junk e-mail posts.

Probably the most apparent problem is the fact that you will get overcome by the amount of distribution to screen, if your internet site is sufficiently popular.

I'd make certain to include some admin tools, so that you can instantly kill all posts from the particular Ip, or that match a specific regex. That ought to help eliminate apparent junk e-mail faster, however, you'd need to be driving its that.

Tedium appears to become the finest concern – screening posts by hand works well against junk e-mail (I am presuming this is exactly what you need to discount) but boring.

It may be best fixed with coffee and nice music to hear while weeding?

I have discovered that requesting the response to an easy question sent the browser being an image (like "2 + three to four =", a varient of the 'captcha' although not so annoying), having a wee little bit of Javascript does very well.

Send your form using the image and answer area, along with a hidden area having a "challenge" (some at random produced string). Once the user submits the shape, hash the task and also the answer, and send the end result to the server. The server can look into the valid answer before adding it towards the database for review.

It appears like lots of build up front, however it helps you to save hrs of review time. Using jQuery:


<script type="text/javascript">

//   Hash function to mask the solution

function answerMask()



</script>

  <form onsubmit="answerMask()" action="/cgi-bin/comment.py" method="Publish">

    <table>

      <tr><td>Comment</td><td><input type="text" title="comment" /></td></tr>

      <tr><td># put image here #</td><td><input id="p" type="text" title="a" size="30" /></td></tr>

      <tr><td><input id="c" type="hidden" value="ddd8c315d759a74c75421055a16f6c52" title="c" /></td><td><input type="submit" value=" Go "></td></tr>

    </p>

  </form>


Edit update...

I saw this method on an internet site, I am unsure which, which means this idea is not mine but you will probably find it helpful.

Give a form having a challenge area along with a comment area. Prefix the task with "Select the third word from: glark snerm hork morf" therefore the words, and which to choose, are simple to generate around the server and simple to validate once the form contents return.

The thing is to create the consumer do something, use a couple of cognitive abilities, and much more work than it's worth for any script kiddie.

  • posts that make an effort to look legit but aren't
  • the sheer volume

Fundamental essentials problems that I see on my small blog.