The Daily Whim: MT Plus Comment Spam Equals Dead Site
Grok Headline matches for The Daily Whim: MT Plus Comment Spam Equals Dead Site
Weak Spam Laws Plus No Enforcement
Equals Waste Of Time
Weak Spam Laws Plus No Enforcement
Equals Waste Of Time
04/16/2004 11:32 AMOver in the UK, where they passed their own weak anti-spam law last
year (saying it was okay to spam businesses) it turns out things are
worse than they seem - as the law is only window dressing for a year
or more. The authorities charged with enforcing the law are saying
they don't have
the necessary resources to actually enforce the law, and probably
won't get around to do anything until next year. So, spammers in the
UK have just been given notice to... keep on spamming.
Comment Spam Changes
Comment Spam Changes
03/06/2004 02:03 AMAfter giving up on the fight against Comment Spam on my blog, I have
resorted to opening up comments on my most recent entries, and
monitoring them for spam, and closing comments after they have had
plenty of time to...
MT Comment Spam Fix
MT Comment Spam Fix
06/22/2004 12:20 PMAfter the spam problem of a few weeks ago, I took a single step
that Adam Kalsey talked about
a long time ago that has fairly well fixed my spam problem: I renamed
the Movable Type comments script. I have had exactly one spam in the
last three weeks.
Spam bots, it seems, are designed to go after the default script
name. You can rename the script (view the source sometime to see what
I called it) and change the value in the mt.cfg file. I'm sure my log
file is full of 404 requests to mt-comments.cgi.
It doesn't seem that spam bots are parsing the comment forms to
find the name of the target script. It's probably just a matter of
time.
Click here to comment on this entry
No more comment spam
No more comment spam
02/01/2005 09:33 PMI've been waiting forever for someone tp pick up doing a particular
project to fight comment spam. A couple of days ago I got tired of
waiting and put it together in an evening. It's no silver bullet, but
it did cut the amount of comment spam I get down to a fraction of what
it was before. And it should scale in a way so the spammers can't
easily program their way around it if many people start using...
Comment spam again
Comment spam again
10/29/2003 01:15 AMI was recently hit by a mass comment spammer, leaving 21 comments on
old entries in my blog, and so...
Comment Spam
Comment Spam
10/28/2003 11:06 PMNow that I am back home and rested, it is time to share an
amusing story... as
Randy noticed, I got some comment spam on Monday, all
referencing an online gambling site.
32 comments in the course of 65 minutes. The last 9 of
which were not seen by anybody as I had blocked the ip address by
then.
65 minutes to create. Carefully crafted to appear to be on
topic. 10 seconds to wipe out.
Comment spam
Comment spam
12/09/2003 05:05 PMI started to come under comment spam fire again today. It didn’t
last long. (It could be that they’re just taking a break.)
What happens to people that they grow up to be so unethical? Just
wondering.
"comment spam"
"comment spam"
07/05/2004 09:37 AMComment Spam (Again)
Comment Spam (Again)
12/19/2004 02:58 PMTo continue my own post about running MT-Blacklist: Comment spams
blocked: 2735 Comment spams moderated: 238 Duplicates blocked: 1
Blacklist...
MT Comment Spam
MT Comment Spam
01/16/2004 11:05 AM So let's say you run a reasonably popular weblog that's open to
comments from anyone and everyone. Let's also say in the same breath
that you don't necessarily believe that turning off comments on older
entries is a good...
Fighting comment spam
Fighting comment spam
02/01/2005 08:40 PMJay Allen has written a very nice document on how to fight comment
spam Jay Allen should know a thing or two about comment spam. Before
joing Six Apart he wrote the now famous MT-Blacklist plugin for
Movable Type. If...
Solving comment spam
Solving comment spam
01/27/2004 10:57 PMThere are two main schools of thought concerning comment spam: the
optimists and the defeatists. Optimists believe that comment spam can
be beaten with technology; defeatists (maybe I should call them
pessimists) believe that comments are as doomed as email and we're all
going to hell in a hand
basket.
The story so far
I fall squarely in to the techno-optimist category. Back in
September I started blacklisting domains linked to
from spam comments, defending against return visits from spammers and
allowing others to syndicate my block list to run on their own site.
Then in October I tweaked my comment system to eliminate PageRank from
links in comments, making spamming for search engine optimisation a
futile exercise. Of course, this measure only works if spammers
realise it's there (I know at least
one has) which is why I'm personally very happy to see that the
latest release of Moveable Type has adopted the
technique - to mixed reviews from the MT community.
There have been a whole bunch of other technological innovations
over the past few months. Sam Ruby has implemented throttling to ban people who post three
consecutive comments, and has some great ideas about guarding against
strangers. Jay Allen's MT-Blacklist
makes the blacklisting concept available to a wide audience.
Meanwhile, James Seng's MT-Bayesian introduces trainable spam filters
adapted from the fight against email spam.
The challenges ahead
So those are the solutions so far; the critical question is whether
they work. The amount of spam I've been getting has definitely
decreased, but as I run a completely custom blogging system I'm safe
from the automated scripts that target more widespread systems - other
sites make easier targets. Now that the less ethical search engine
optimisers have started to catch on to the potential of comment spam
to improve their PageRank the amount of spam can only increase. Some
bloggers have already started to disable comments
entirely (thankfully Dan turned them back on again shortly
afterwards), setting a worrying precedent for the elimination two way
interactions comments allow between bloggers and non-bloggers.
I'll put it in writing now: I will never disable comments on this
blog. In the past few months the comments here have proved far more
interesting and valuable than my actual posts, and I really appreciate
the quality of the discussions that have arisen here. I will take
whatever steps are necessary to keep this a useful environment for
discussion.
Many people have hailed user registration as the ultimate solution
to spam. It isn't, because the value of PageRank is just too high -
and writing a script to automatically create accounts (even with email
confirmation required) is child's play to anyone who is competent in
an internet-aware scripting language. Even accessibility-impeding captchas are no defence against
spammers who can afford to employ cheap labour to defeat them - and
with search engine rankings as critical as they are there's no
shortage of spam dollars.
With those ruled out, let's look at the remaining solutions:
The killer
Without links, comment spam has no purpose. To eliminate spam,
eliminate links. Redirecting them through a PageRank killer already
achieves this, but proves too subtle for spammers intent on spreading
their links as widely as they can. Too truly eliminate spam, strip out
links and anything that even looks like a URL and force the spammer
to preview their carefully crafted advertisement before hitting
submit. Seeing as hyperlinks are the single most important feature of
the web this may seem draconian - and indeed it is. But on a site that
serves more as a discussion forum than a farm and where the
alternative to killing links is killing comments entirely this could
be the saving factor.
For most blogs however links are an essential part of the discourse
- I certainly wouldn't want to disable them here. Now only do they add
huge value to the discussions, but more importantly they act as a
"signature" for many commenters - knowing a comment is by "Dan" is far
less useful than knowing that it's by Dan from www.simplebits.com.
Finding a compromise
Draconian measures such as the above wouldn't be necessary if
spammers would wise up to the fact that their carefully crafted
missives were having no effect on their precious PageRank. The real
challenge then is to make anti-PageRank measures obvious to even the
most brain-addled viagra peddlers. I've taken the first step towards
this by turning on compulsory previewing for comments, which should
have the added benefit of reminding legitimate commenters to use
paragraph tags. I'll be working on ways of making the anti PageRank
measures more obvious over the next few days, as and when work
permits.
I've seen people argue that depriving legitimate commenters of
PageRank is a poor compromise. I disagree: if the only cost of
eliminating the incentive to spam is the loss of some Google ego then
I see it as a price well worth paying. Of course, I say that as
someone who's already built up their Google ego but at the end of the day it's my blog, my
rules. One solution I've considered is creating a whitelist of sites
that frequent commenters use in their signatures, causing them to be
displayed without a redirect.
Comment spam is a solvable problem. Furthermore, blogging about
comment spamming is almost as dull as blogging about blogging. Let's
hurry up and solve it so we can go back to blogging about cats.
New comment spam technique
New comment spam technique
07/30/2004 01:38 AMThe arms race against comment spammers has been stepped up a notch.
I received a flurry of spam that linked to entries on other blogs.
Curious to see what that was all about, I clicked on one of the links,
fully expecting to be redirected to porn or an online casino. I was
surprised to see a discussion of patent law; this comment spam linked
to a legitimate site.
The comment that I received was certainly spam — other than
the odd link, it was the typical formula: the name was “online
casinos,” fake generic email address, and a vapid comment.
Certainly a Stanford law professor hadn’t actually sent the
spam. There was another reason this spammer was promoting someone
else’s blog entry.The blog entry in question was full of comment
spam. In the last 3 months, this entry had accumulated thousands of
spam links in the comments.
It appears the spammers have a new tactic in increasing their
PageRank. They find a site that doesn’t delete comment spam and
fill it with links. Then they boost the PR of that site by
spamming it in blog comments. Once the spam-friendly’s site has
in increased Google ranking, all those spammed links in their comments
will get a boost in rank as well.
It’s rather clever, actually.
I’m leaving out a link to the spam-ridden blog entry on
purpose. I don’t want to give the spammers the link they want.
If you want to see the page in question, find Elizabeth Rader’s
March 1, 2004 entry called “All rights reserved in Birth Control
for Flatworms” on cyberlaw.stanford.edu.
If you are a site that is apathetic toward link spam, it is now
time to choose a side. If you continue your apathy and allow comment
spam links to linger on your site you are helping the spammers. Spam
friendly sites will now be placed on the list of blacklisted domains
that are not allowed to post comments on this site.
In the war on spam if you are not for us; if you choose to look the
other way and allow spammers to use your site; if you feel that
keeping your site free from spam is too much trouble — you are
against us.
Comment Spam Flood
Comment Spam Flood
01/16/2004 11:33 AMI just got 500+ comment spams (mainly for zoo sex, apparently) from
someone who changes IP addresses every 3 msgs and changes the
offensive link in every message. This defeats the MT Blacklist program
I've been relying on. Help! I don't have time to manually strip out
500 spams. I will have to close comments (if I can figure out how to
do so for all previous entries)....
United against comment spam
United against comment spam
02/01/2005 08:43 PMThis is already being blogged all over the place, but I have to
shout about it, too: several major search and blogging organizations
(including Google, Yahoo! and Six Apart) have agreed upon a simple method to significantly reduce comment spam.
new trends in comment spam
new trends in comment spam
08/02/2004 05:25 PMkalsey has some good info as well. the hard part is getting people to
upgrade.
Comment Spam Attack
Comment Spam Attack
02/05/2005 09:12 PMSo, apparently I'm not
the only one that was hit by some bleepity-bleep-bleep spammer
trying to post 400+ comment spams to my blogs. MT-B blocked about 300
of them, moderated 80, and let 4 through. That's pretty decent. The
other 80 all had the same base domain so future attacks will fail for
that one domain. There are also regular expressions in place now that
should moderate the more ... interesting ones.
Your comments may get moderated if you include any terms relating
to animal sex or incest. If so, I'll notice when I check my mail next
and approve/reject it, so don't worry. A little delay is all. Keep
those illegal-in-Alabama discussions going! Woo! 
That said, I'm wondering if going TypeKey-only is the way to go.
Yes, it makes you make an account (boo-hoo) but it keeps things a
little more sane on the management end. If I get two more of these
full-on assaults I'll do it, but not until then. It will alienate the
more lazy amongst you.
Comment and Trackback Spam
Comment and Trackback Spam
03/14/2005 05:05 PM Comment spam has increased to the point where I've reluctantly had to
disable allowing unregistered readers to post comments for submission.
I'm spending too much time cleaning it up as well as trackback spam. I
am also disabling trackbacks. This is a shame as it undermines the
connectivity that...
comment spam eliminated?
comment spam eliminated?
05/29/2004 07:36 PMVive Le Canada,Canada-1 hour ago ... If you're interested, these
comment spammers are trying to improve their ranking in google by
dropping thousands of links to their shady websites all over the ...
Comment spam update
Comment spam update
12/17/2004 06:44 PMI've taken additional steps to prevent comment spam which will no
longer affect normal site operation, so full posting features are once
again avaialable.
[[ Visit http://www.macmegasite.com for full article ]]
Dynamically Typed: More on Comment Spam
Dynamically Typed: More on Comment Spam
12/29/2004 09:43 AMWith a bit more on the "automated comment spam" front,
Harry
Fuecks has a new post -
Comment
Spam Compiled and Interpreted - that might help to clear a few
things up.
"Six Apart Guide to Combatting Comment
Spam"
"Six Apart Guide to Combatting Comment
Spam"
01/06/2005 05:05 PMComment spam load issue
Comment spam load issue
12/17/2004 06:37 PMHi everyone, my name is Jay Allen and I am the Product Manager for
Movable Type. I'm writing today to...
Six Apart Guide to Combatting Comment
Spam
Six Apart Guide to Combatting Comment
Spam
01/05/2005 11:33 AMSix Apart Guide to Combatting Comment
Spam
sixapart.com/pronet/comment_spam.html
track this
site | 4 links
MT-Blacklist/Comment Spam Clearinghouse
MT-Blacklist/Comment Spam Clearinghouse
11/11/2003 07:06 AMThe MT-Blacklist/Comment Spam Clearinghouse .. Jay Allen's
MT-Blacklist
jayallen.org/comment_spam
track this
site | 6 links
MT 2.66 is released, some comment spam
fixes
MT 2.66 is released, some comment spam
fixes
01/16/2004 11:26 AMapparently, the biz dev guy's suggestion of going with version number
2.666 just gets ignored around here
Guide for Fighting Comment Spam
Guide for Fighting Comment Spam
01/04/2005 08:15 PMCall it a late holiday gift or a great way to start the new year. In
either case, we are...
Comment spam and its social equivalent
Comment spam and its social equivalent
01/18/2004 09:21 PMNow that I'm awake from the hotel spam. I guess I should channel my
annoyance into at least one more blog entry.
Comment spam is becoming more "sophisticated". Originally, my
policy was to erase stuff that linked to commercial sites if they
didn't add to the dialog in the comments. Now comment spammers are
actually trying to contribute to the discussion, but still leaving
links to their commercial sites. It is much harder to identify as
spam. Only by looking at the site that is linked do you realize that
its probably spam.
This is sort of the social equivalent to hanging out at someone's
party and handing out flyers for penis enlargers at the end of the
party.
The problem is, I've always had people who post on my blog
partially to promote themselves and their own sites. There are some
borderline sites that the spammers are promoting that don't have to do
with pharma, sex or gambling. So where do we draw the line?
The
new version 2.661 of Movable Type has a feature that allows you to
throttle the number of comments from a single IP address over a
certain (configurable) time period. It also causes a redirect before
linking to the web page of a commenter. (Prevents google juice from
being transfered to commenter.) These features are like banning flyers
at parties or only allowing a person participate in one discussion at
a time at a party. I think this will help, but the question turns into
a question that we are faced with in real life. What do we do about
people who are blatantly self-promoting in a context where you are
allowing anyone to speak freely?
Nigerian Scam as comment spam
Nigerian Scam as comment spam
02/01/2005 08:40 PMNigeria scammers using comment spamming to fish for fools is certanly
a new and "novel" approach. Hopefully anyone reading this post will
understand exactly what kind of a scam this is.
"Mena on comment spam and the new
version of MT"
"Mena on comment spam and the new
version of MT"
12/24/2004 01:00 PM"MT-Blacklist/Comment Spam
Clearinghouse"
"MT-Blacklist/Comment Spam
Clearinghouse"
11/10/2003 11:14 PMComment Spam Prevention Goes Nuclear
Comment Spam Prevention Goes Nuclear
12/28/2004 01:10 PMElliot Back has come up with the best anti-comment-spam measure I've heard in quite a
while.
Taking Matt's stopgap spam solution, which sends precomputed
hashes to be echoed back by the user-agent's form, I've added dynamic
generation of the md5 hash. Rather than write it to a hidden field, we
wait until the form is submitted to compute the hash. This prevents
spammers from automatically scraping the form, because anyone wanting
to submit a comment must execute the javascript md5.
Here, as I understand it, is the method:
- Before the form is generated, the server creates a short MD5 hash
and includes it in the comment form. It also includes an MD5 hash
javascript function in the page.
- When the user submits the comment form, the original MD5 hash is
re-hashed by the browser using the js function, resulting in
a new hash. The new hash is included in the post to the server.
- The server makes sure that the new hash is a proper result of
hashing the original hash.
This ensures that the browser end must have executed the javascript
code. Pretty slick. Of course, if everyone uses it, comment spam tools
will be quickly rewritten to be able to handle MD5 hashing, but until
then we could enjoy a little spam-free blogging. Well done.
Via Waxy's Links.
The Comment Spam Arms Race
The Comment Spam Arms Race
09/15/2004 03:32 AMMark Glaser (Online Journalism Review): Bloggers Declare War
on Comment Spam, but Can They Win? Spammers find a way to game
Google search results by posting links in comments sections of popular
blogs. Now the makers of Movable Type and bloggers are banding
together to try to keep real-time interactivity alive in the
blogosphere.
Devilishly clever comment spam
Devilishly clever comment spam
02/10/2004 02:56 AMGo to pystl dot org. Looks like your standard open source Wiki, in
this case for the Python St. Louis user group, doesn't it? If someone
left a comment with that as the url, it would seem pretty innocuous,
even if the comment was a little random and unfocused, wouldn't it?
But check out the links at the top of the page. All for commercial
products that have nothing to do with Python. One almost has to
respect the artistry of the scam and the degree to which they have
studied bloggers, and know our prejudices. It is amazing the lengths
that people will go to get a few links to their site. I guess somebody
must buy their trash. I said almost respect them. It is still comment
spam, so into the trash bin it goes. But the spammers get points for
effort on this one....
WordPress comment & trackback spam
WordPress comment & trackback spam
02/06/2005 03:07 AMspampop
candygenius.com/spampop
track this
site | 2 links
Step one in comment spam fighting
Step one in comment spam fighting
11/14/2003 10:54 PMOne of the drawbacks to rolling your own weblog software is that any
time you want to add a feature you have to do it yourself.
For instance, I’ve wished a few times that I could use Jay
Allen’s
MT-Blacklist
plugin. It would make it easier to fight comment spam.
(I have very good reasons for sticking with my own weblog software.
I’m not going to change; please don’t suggest it.)
However, my software has a feature that would be cool to see in other
weblog software, so I wanted to mention it: there’s an RSS feed
that shows the last n comments, no matter which post they’re in
reply to.
This means that no comment spam appears, even in very old posts, that
I don’t see. I still have to go to the trouble of deleting
it—but it’s much better than not knowing about it.
It may be that some other weblog software packages already have this
feature. If so—cool. If yours doesn’t have this feature,
you might want to consider it. I totally rely on it myself (and not
just for fighting comment spam).
You might say—well, my weblog software does email notifications
of comments, so an RSS feed of recent comments isn’t needed.
And I’d reply—well, my software has email notifications
too. I found that I hardly ever looked at them. In amongst all the
other email noise, comments notifications don’t work that
well.
But an RSS feed for recent comments works wonderfully.
Feedster, Technorati, and Webl0g Comment
Spam
Feedster, Technorati, and Webl0g Comment
Spam
05/12/2004 11:09 PMIn reading Scott's post about weblog comment spam, I was reminded of a
thought I've had for some time now. But rather than just tell you,
I'll tell you how I came upon the idea and see how quickly you come to
the same conclusion. When I'm asked to interview job candidates at
work, it's usually in one of a few capacities. Most often it's "the
database interview" in which I get to figure out how much the
interviewee knows...
Fractured Realities: Fighting Against
Comment Spam
Fractured Realities: Fighting Against
Comment Spam
02/01/2005 09:14 PMIn a
new
posting over on Fractured Realities (Davey Shafik's weblog) today,
he talks more about the eternal struggle these days with that menace
of weblogs everywhere -
comment
spam.
comment spam fixes for TypePad bl0gs
comment spam fixes for TypePad bl0gs
01/23/2004 02:26 PMdon't worry, it's been bugging us too
Grok Description matches for The Daily Whim: MT Plus Comment Spam Equals Dead Site
GrokA matches for The Daily Whim: MT Plus Comment Spam Equals Dead Site
The Daily Whim: MT Plus Comment Spam Equals Dead Site
