azurelunatic: cameo-like portrait of <user name="azurelunatic"> in short blue hair.  (_support)
Azure Jane Lunatic (Azz) 🌺 ([personal profile] azurelunatic) wrote in [site community profile] dw_antispam2009-06-02 04:41 pm

Securing your account against spammers

There are three major tools Dreamwidth offers to help you protect your account from spammers: comment access, comment CAPTCHAs, and comment screening. These can be set individually, in any combination you like.

Visit the My Account Settings: Privacy page, and take a look at your comment options. (To set options for a community of which you are an administrator, pick the community name from the 'Work as account:' menu, then click the 'Switch' button.)

These options cover a number of groups of users: Everybody/anonymous users, registered accounts, your Access List, and nobody. (When working as a community, the Access List applies to the community's members.) These options do not treat the people that you are subscribed to but have not added to your Access List separately, nor any custom access groups.

You control the members of your Access List. As a general best practice, if you know a Dreamwidth user to be a spammer, you should not add them to your Access List.

Registered Dreamwidth users are not typically sources of spam. As Dreamwidth uses invite codes to create free accounts, this means a would-be spammer who wants to register a Dreamwidth account must either request an invite code from another party, or pay to create an account. Neither of these options are particularly attractive from a spammer perspective. (If you learn that another Dreamwidth user is a spammer, please do take action. If they have left you a spam comment or a spam entry in your community, select the option to report it as spam and delete it. If they have not spammed you, but you can establish that they are behaving in a way that is against the Terms of Service, contact Abuse.)

Logged-in OpenID users (such as LiveJournal or InsaneJournal users) who have logged in and set and confirmed an email address are classified with registered accounts. (OpenID accounts cannot join communities at this time.)

OpenID users who have not confirmed an email address are currently classified with anonymous users. However, Dreamwidth plans to change this behavior in the future.

Anonymous users include your friend whose browser ate their cookies again, a well-meaning user who does not want to take credit for a good deed, a well-meaning user who does not want to be associated with the information they have just shared, friends from other sites who haven't got their OpenID accounts working quite right, friends and/or relatives who haven't gotten into the whole blog concept, anonymous users without accounts, spammer-controlled zombie computers posing as legitimate anonymous users, and that person you banned (along with several of their friends).

Why does Dreamwidth allow anonymous commenting at all, when it can be abused so easily? Why not make all anonymous users solve CAPTCHAs?

Some people, particularly people with visual disabilities and people who use screen readers or other browsers that do not load images, have difficulty with CAPTCHAs. Anonymous commenting is useful because it has so many legitimate applications. Some people can't get or just don't want accounts. Some information wants to be free, and some of that information really shouldn't be associated with any kind of identity. Some games are more fun when played anonymously.

However, you personally may or may not have a reason to want anonymous commenting in your journal or community. If you are having anonymous spam problems, review whether you can use a CAPTCHA or screening to reduce or hide spam, whether you can leave anonymous commenting turned on for only short periods of time, or whether you actually need anonymous commenting turned on at all.

Enable Comments settings:

Nobody: This disables comments completely, and hides all old comments. This is not typically used to control spam.

Access List: Only people on your Access List are allowed to comment.

Registered accounts: Allowing registered accounts to comment is unlikely to allow actual spam.

Everybody: This allows anonymous comments (only to public posts).

Anti-Spam (CAPTCHA) settings:

Dreamwidth allows you to display a CAPTCHA to people leaving comments. This is in addition to any site-wide reasons that a user or IP address might be given a CAPTCHA, for example, if they are commenting very rapidly or if spam has been associated with the IP address in the past. (This setting is separate from the Enable Comments settings, so you are not stopped from selecting a silly combination like no one allowed to comment but everyone given a CAPTCHA, even though it will mean that no one is allowed to even try to comment at all.)

Keep in mind that CAPTCHAs may also be difficult for genuine users with accessibility issues to decipher, particularly people with visual disabilities, and people using screen readers or browsers that do not display images. If you know that your journal is read by these people, think carefully about whether you need to enable CAPTCHAs or not, and for whom.

Nobody: No one will be displayed a CAPTCHA on your journal, unless there are site-wide reasons to do so.

Anonymous commenters: When this level is selected (and when anonymous commenters are allowed to comment), all anonymous commenters will be displayed a CAPTCHA, but allowed to comment if they pass the CAPTCHA successfully. All other users will be able to comment normally.

People not on your Access List: When this level is selected (when people not on your Access List are allowed to comment), any anonymous commenters (if allowed) and any registered user commenters who are not on your Access List will be displayed a CAPTCHA, and people who are on your Access List will be able to comment normally.

All commenters: Everybody gets a CAPTCHA, including people on your Access List.

Comment Screening:

Comment Screening allows you to make potential spam less of a problem for your visitors by reviewing comments before they are visible to others. Once you have reviewed the comment and confirmed that it is not spam, you can unscreen it so your visitors can see it as well. (Note: you must delete spam in order to report it.)

All comments: This includes people in your access list. (This level is often useful for things besides anti-spam precautions.)

Comments from people not on your Access List: Again, the risk of spam from registered accounts is low; this level is often useful for dealing with potential harassment, rather than anti-spam. (Anonymous comments will also be screened.)

Anonymous comments: Legitimate anonymous comments will not be seen until you have unscreened them. Anonymous spam comments will not be seen, and you can delete and report them.

Questions? Comments? Ask away!

You may also want to check out the FAQ or contact Support, depending on what you want to know.

Post a comment in response:

Anonymous( )Anonymous This account has disabled anonymous posting.
OpenID( )OpenID You can comment on this post while signed in with an account from many other sites, once you have confirmed your email address. Sign in using OpenID.
Account name:
If you don't have an account you can create one now.
HTML doesn't work in the subject.


Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.