azurelunatic: cameo-like portrait of <user name="azurelunatic"> in short blue hair.  (_support)
Azure Jane Lunatic (Azz) 🌺 ([personal profile] azurelunatic) wrote in [site community profile] dw_antispam2009-06-02 04:41 pm

Securing your account against spammers

There are three major tools Dreamwidth offers to help you protect your account from spammers: comment access, comment CAPTCHAs, and comment screening. These can be set individually, in any combination you like.

Visit the My Account Settings: Privacy page, and take a look at your comment options. (To set options for a community of which you are an administrator, pick the community name from the 'Work as account:' menu, then click the 'Switch' button.)

These options cover a number of groups of users: Everybody/anonymous users, registered accounts, your Access List, and nobody. (When working as a community, the Access List applies to the community's members.) These options do not treat the people that you are subscribed to but have not added to your Access List separately, nor any custom access groups.

You control the members of your Access List. As a general best practice, if you know a Dreamwidth user to be a spammer, you should not add them to your Access List.

Registered Dreamwidth users are not typically sources of spam. As Dreamwidth uses invite codes to create free accounts, this means a would-be spammer who wants to register a Dreamwidth account must either request an invite code from another party, or pay to create an account. Neither of these options are particularly attractive from a spammer perspective. (If you learn that another Dreamwidth user is a spammer, please do take action. If they have left you a spam comment or a spam entry in your community, select the option to report it as spam and delete it. If they have not spammed you, but you can establish that they are behaving in a way that is against the Terms of Service, contact Abuse.)

Logged-in OpenID users (such as LiveJournal or InsaneJournal users) who have logged in and set and confirmed an email address are classified with registered accounts. (OpenID accounts cannot join communities at this time.)

OpenID users who have not confirmed an email address are currently classified with anonymous users. However, Dreamwidth plans to change this behavior in the future.

Anonymous users include your friend whose browser ate their cookies again, a well-meaning user who does not want to take credit for a good deed, a well-meaning user who does not want to be associated with the information they have just shared, friends from other sites who haven't got their OpenID accounts working quite right, friends and/or relatives who haven't gotten into the whole blog concept, anonymous users without accounts, spammer-controlled zombie computers posing as legitimate anonymous users, and that person you banned (along with several of their friends).

Why does Dreamwidth allow anonymous commenting at all, when it can be abused so easily? Why not make all anonymous users solve CAPTCHAs?

Some people, particularly people with visual disabilities and people who use screen readers or other browsers that do not load images, have difficulty with CAPTCHAs. Anonymous commenting is useful because it has so many legitimate applications. Some people can't get or just don't want accounts. Some information wants to be free, and some of that information really shouldn't be associated with any kind of identity. Some games are more fun when played anonymously.

However, you personally may or may not have a reason to want anonymous commenting in your journal or community. If you are having anonymous spam problems, review whether you can use a CAPTCHA or screening to reduce or hide spam, whether you can leave anonymous commenting turned on for only short periods of time, or whether you actually need anonymous commenting turned on at all.

Enable Comments settings:

Nobody: This disables comments completely, and hides all old comments. This is not typically used to control spam.

Access List: Only people on your Access List are allowed to comment.

Registered accounts: Allowing registered accounts to comment is unlikely to allow actual spam.

Everybody: This allows anonymous comments (only to public posts).

Anti-Spam (CAPTCHA) settings:

Dreamwidth allows you to display a CAPTCHA to people leaving comments. This is in addition to any site-wide reasons that a user or IP address might be given a CAPTCHA, for example, if they are commenting very rapidly or if spam has been associated with the IP address in the past. (This setting is separate from the Enable Comments settings, so you are not stopped from selecting a silly combination like no one allowed to comment but everyone given a CAPTCHA, even though it will mean that no one is allowed to even try to comment at all.)

Keep in mind that CAPTCHAs may also be difficult for genuine users with accessibility issues to decipher, particularly people with visual disabilities, and people using screen readers or browsers that do not display images. If you know that your journal is read by these people, think carefully about whether you need to enable CAPTCHAs or not, and for whom.

Nobody: No one will be displayed a CAPTCHA on your journal, unless there are site-wide reasons to do so.

Anonymous commenters: When this level is selected (and when anonymous commenters are allowed to comment), all anonymous commenters will be displayed a CAPTCHA, but allowed to comment if they pass the CAPTCHA successfully. All other users will be able to comment normally.

People not on your Access List: When this level is selected (when people not on your Access List are allowed to comment), any anonymous commenters (if allowed) and any registered user commenters who are not on your Access List will be displayed a CAPTCHA, and people who are on your Access List will be able to comment normally.

All commenters: Everybody gets a CAPTCHA, including people on your Access List.

Comment Screening:

Comment Screening allows you to make potential spam less of a problem for your visitors by reviewing comments before they are visible to others. Once you have reviewed the comment and confirmed that it is not spam, you can unscreen it so your visitors can see it as well. (Note: you must delete spam in order to report it.)

All comments: This includes people in your access list. (This level is often useful for things besides anti-spam precautions.)

Comments from people not on your Access List: Again, the risk of spam from registered accounts is low; this level is often useful for dealing with potential harassment, rather than anti-spam. (Anonymous comments will also be screened.)

Anonymous comments: Legitimate anonymous comments will not be seen until you have unscreened them. Anonymous spam comments will not be seen, and you can delete and report them.

Questions? Comments? Ask away!

You may also want to check out the FAQ or contact Support, depending on what you want to know.
ajatshatru: (Lilacs)

[personal profile] ajatshatru 2009-06-03 12:32 am (UTC)(link)
So long as ip can be logged, I'm fine with the anon comments. I will handle it as well as I can. Not that I've got any anon comments as yet :)
pne: A picture of a plush toy, halfway between a duck and a platypus, with a green body and a yellow bill and feet. (Default)

[personal profile] pne 2009-06-03 02:57 pm (UTC)(link)
Word to the wise: it's rarely useful to set "Who can comment" to "Access List" and then put up a public entry saying "Friends only - comment to be added".

(I have seen this happen on LiveJournal.)
pne: A typographical ligature of the lowercase letters "wtf" (wtf ligature)

[personal profile] pne 2009-06-04 07:39 am (UTC)(link)
I haven't seen that yet, but it wouldn't surprise me.
sherron0: (Default)

[personal profile] sherron0 2009-06-14 10:07 pm (UTC)(link)
nice icon! steal-able?
pne: A typographical ligature of the lowercase letters "wtf" (wtf ligature)

[personal profile] pne 2009-06-15 04:12 am (UTC)(link)
As far as I'm concerned, yes!

According to my records, it seems to be originally by [ profile] skibinskaya and "jupiterboy" (not sure whether that's supposed to be a LiveJournal username, too; I didn't mark it up as one).
chris: (wtf)

[personal profile] chris 2009-06-24 10:09 pm (UTC)(link)
Taking your citation back a step further, while the original image is no longer available, it was posted here by user jupiterboy on the typophile website; I'm unclear if he's on LJ at all, but presumably not. I checked with the aforementioned jupiterboy and he said that he wouldn't mind if I were to use it as an icon, credited to him, and he confirmed that he would prefer the credit to go to Mark Hatley. Thanks, Mark!

I've seen at least one other version of the wtf ligature from that page doing the rounds since then, but never yet any of the lol ligatures, for what it's worth.
pne: A picture of a plush toy, halfway between a duck and a platypus, with a green body and a yellow bill and feet. (Default)

[personal profile] pne 2009-06-25 08:13 am (UTC)(link)
Thank you for digging up the probable origin! I'll try to amend the image comment accordingly.
chris: (whoops)

[personal profile] chris 2009-06-24 10:10 pm (UTC)(link)
Ooh, and your version has a border which mine doesn't. This probably makes yours look better than mine against the backgrounds of most layouts. :-)
matgb: Artwork of 19th century upper class anarchist, text: MatGB (xIdiots)

[personal profile] matgb 2009-06-24 11:30 pm (UTC)(link)
I have—from the then boyfriend of a pretty good friend, but he was never the brightest spark ever.

There are some very special snowflakes in the world—the scary thing is LJ/DW are mostly inhabited by relatively intelligent/literate people...
szeretni: tussilago (Default)

[personal profile] szeretni 2009-06-03 07:04 pm (UTC)(link)
Ohh... LOL
msilverstar: (billy-viggo Narita)

[personal profile] msilverstar 2009-06-25 05:48 am (UTC)(link)
Is there any Captcha arrangement for community posts? I've been looking, but it seems like a choice between widespread moderation or nothing, and I'd like something in the middle.
bohemianeditor: an old-style typewriter (probably 1940s Remington Rand) (atheist goat)

[personal profile] bohemianeditor 2009-07-15 08:14 pm (UTC)(link)
What can I do about spam comments that reply to a comment I made, in a post I did not make? (In other words, I made a comment to someone else's post, and there's a spam reply to my comment. I get the reply notification and can see that it's spam, but I can't delete the comment, so I don't have a "mark as spam" option.)