molly.com
Saturday 22 May 2004
death to the comment spammer
Despite the fact that I have the most recent version of Jay Allen’s blacklist, that I have amassed a blacklist of my own that currently totals 1587 entries (as opposed to the 1238 on the official blacklist), I have been so badly attacked by comment spam in the past few days that one flood actually brought the web server molly.com currently sits on “to its knees.”
Please help me! If I’m using the tools I’m supposed to be using (with the exception of upgrading to MT 3.0 and implementing comment registration which I will not do) what else can I do to ward off these evil-doers?
Unfortunately molly.com has long been the target of spam. I have had the domain for a very long time, so my email is overwhelmed too, but I’ve got some good tools helping me manage that. I have a big site, with lots of posts and lots of open comments. I seem to be a massive target and it’s dragging me down. Deep down. I get so much joy from having this site and even more joy from interacting with the good people who visit that turning off comments is simply not an option. But I need more skills and I need more tools to battle this evil.
I’m currently considering closing all old comments but this goes against the open discourse I’d like to be able to keep alive on older comments – some of the most active discussions on this site take place on older posts. I’ve looked into the CloseComment plug-in, which will swoop in and close comments automatically based on my date configurations. But it appears to have a flaw, and that is I can’t override a given post’s closed or open status manually. So that means my only known alternative would be to close those posts I feel are reasonably tired by hand. That would be almost as time consuming as waiting for MT rebuilds!
Any help you have to offer would be, well, helpful. Right now, I’m debating whether I think comment spammers should be shot on sight or offered a long, slow torturous death for brutally and with no regard for human decency marring the experiences of so many people much less having the power to bring web servers to their knees, thus striking at the very heart of the Internet.
Yes, I’ve decided. Slow and torturous. I am filled with extreme rage toward these nameless people. Until I get the personal happiness of meeting one of you evil spammer filth in the flesh and administering said punishment, I raise my fist to the heavens and I curse you, spammers. I curse you, I curse you, I curse you.
Filed under: blogging
Posted by: site admin | 10:36 | Comments (17)
Asshats! (My new favorite term.) I’m sorry to hear about this. Unfortunately, since my site is virtually unknown to most, I do not share these problems and can offer no insights. What type of spam do you get?
1) Remove ALL leading periods from domains. By putting them, you are REQUIRING a subdomain, which makes it harder to match obvious spammers
2) Remove all /’s from the end of domains. By including them, you are requiring a slash which makes it harder to match obvious spammers
3) Don’t add a three-part domain to your blacklist when the two-part domain is obviously a spammer. You have a lot of these and you end up just racing the spammer in creating more free subdomains.
4) You can use the power of regular expressions FAR more than I can on the master blacklist. In fact, if you look at my PERSONAL blacklist, it’s only got 606 entries on it and I hardly ever get spam.
5) Submit your spam to the clearinghouse. While you already got the spam, I can at least add it to the master if I know about it. Plus, I will make sure to add the most effective form of the domain and not #1, #2, or #3 above giving you more protection in the future… It’s a nice feedback loop, but only if you use it.
“Nice discussion here, I feel I should add….”
Argh! I feel your pain Molly, I really, REALLY do. Today I came this close ( ) to getting rid of comments completely on my site. I spend so much time MT Blacklist it’s really ridiculous.
Why, why do these people have to try and ruin something that is so good. It really makes me sad. I mean, they are wasting their time, why are they soooo damn stupid!?!?
I vote for the long torturous death myself.
Molly, you sound pissed.
one of the simplest things that people often overlook, i think, is simply renaming your comments.cgi script. that did the trick for me a while back. change the name of the script and then update your mt.cfg file and rebuild. i change the name every couple of months. this only causes a problem if someone links directly to an entry’s comments, but how often does that happen? for me, i’d say never.
spammers have good programming skills but low self-esteem. most of them haven’t crawled out of puberty, even at the tender age of 30. you have to understand that they’re going through a very difficult phase, which could last between two and four hundred years.
oh, and did i say spamming a decent site is their unconscious expression of jealousy?
this is just me talking, so grab the salt, but when i think of molly on her knees, am i supposed to also conclude that this is a bad thing?
Spammers spam because _spam makes money_. As such I don’t think they are so much evil filth as normal filth.
The thing is: people actually _buy from spammers_. Those people are the _real_ scum. Without those people you _wouldn’t even have this problem_.
Let’s kill *those people* instead.
How do you filter out spam from your email account? I get 200-300 emails a day, most of which is spam. I gave up on using Outlook filters. Anyone have a good suggestion?
I have been using SpamBayes for a little over a week now. They are starting to work great. After a week of training, SpamBayes have cut my spam by about 99%, on a 7 year old email address. I use them with Thunderbird on both M$ and Linux.
http://sourceforge.net/projects/spambayes/
Well, I have developed one blog script for one of my sites, and the process of posting comments has 3 variants depending on this:
a) WORDS USED.- If the post contains any word from my forbidden words list (bad words and common spam words), the comment is not posted until approval.
b) REG-EX.- If the text contains certain patterns, like words with spaces every letter (w o r d), or more than 3 in a row, and so, the comment is not posted until approval.
c) DOMAIN BLACKLIST.- If the email address, or any URL included in the body is found in my personal blacklist, the comment is not posted at all.
Other way the comment is posted right away.
Oh, and a last thing, if the same session user tries to post a comment within 2 minutes from his last post, he is asked to try again once that time has elapsed.
Spammers should be isolated and banned from all technology higher than, say, chopsticks or toilet paper, for a length of time equal to the total aggregate time wasted by all the users dealing with the messages they’re responsible for. This could end up being close to a lifetime sentence for most of them
I had the same problem for a long time. I recently switched blogs from MT after 2 years to WordPress. It is so much more flexible and comment moderation is an option right out of the box. There is also a community updated spam blacklist if you do not want to moderate comments. Great blogging software and much easier to set up than MT. Take a look at http://wordpress.org
I find it annoying as can be and I’ve recently posted about it in the Movable-Type forums (that’s when someone pointed out to me the existence of MT-BLacklist, which is working for me so far, but it’s still a pain).
The solution is easy, but it’s up to some industrious programmer to make a reality: When someone posts a comment, they need to be *REQUIRED* to click a confirmation link which the weblog software will send to their email address. If it turns out to be spam, you BAN THE EMAIL ADDRESS (either in full, or by domain). This turns it into a race between you deleting spam and banning email, and the spammer who has to keep creating new legitimate emails. This is a race the spammer can NOT win.
But this isn’t my idea – it’s the method which has worked with unmitigated success for years with bulletin board registrations. Why it’s not used in MT? You’ve got me.
I do believe that I have found something much better, Molly. Check out this plugin – I think it’s just what you’re looking for. MT-SCODE:
http://mt-plugins.org/archives/entry/scode.php
Hello my friend, your site is very good! http://skzjoqwvqss.com
Hello my friend, your site is very good! http://xbebgxmceqx.com