Winds of Change.NET: Liberty. Discovery. Humanity. Victory.

Formal Affiliations
  • Anti-Idiotarian Manifesto
  • Euston Democratic Progressive Manifesto
  • Real Democracy for Iran!
  • Support Denamrk
  • Million Voices for Darfur
  • milblogs
Syndication
 Subscribe in a reader

Dealing With Comment Spammer Infestations

| 21 Comments | 15 TrackBacks
(Oct. 14th Update: MT-Blacklist has arrived!) ...our comments are being porn-spammed (at Armed Liberal as well, and I'll be emailing some other blogs to see if they've been hit as well). We're cleaning it up as fast as we can, but we've been hit by a series of spams from a Russian porn site. The last one appears to have left several hundred comments, and additional mutations are possible. So far we've seen "Lolita," Preteen," and "Underage". Teresa Nielsen Hayden has more info. on the spammers, Scriptygoddess has a slew of admin. options for you, and Burningbird has a fairly simple way to make it harder for spammers next time (Hat Tip: David Janes). JK: It's an organized effort... was highly ranked at Blogdex.net a couple days ago, but I think they've put in filters. We may do the same soon, and meanwhile I've disabled all comments. We've also got a Swedish neo-nazi group that hangs out here and occasionally posts long rants. If you want to see an example, do a search for "Conspiracy and Truth Week" because I delete it everywhere else. Re: the comment spams... why does this matter? And what can be done?
This matters because if pornospams et. al. are left unchecked, they will significantly impair the entire weblogging community - not just by killing comments as a normal blog feature, but by triggering automated filtering software at some workplaces once they notice all the porno links. What do we need to prevent that? Software, and support. Software: Yoz Grahame's Cheerleader has a very intelligent set of suggestions, in "7 Tips for a spam-free blog". The article addresses tools vendors as well, which I especially appreciate. It also references Mark Pilgrim's outstanding overview of Club vs. LoJack solutions, which is finally available again after going down yesterday. If you're looking for serious long-term thinking about how our tools need to evolve and what we need to do, Mark's piece can't be beat. Though Shelley has a good one, with some worthy cautions about trust networks and smart feature requests. Roald and Macdonald have an Open Letter to Google which is very much on point. We all have a mutual interest in stopping this, and working together from both ends just makes sense. I'll add another thought. Not only do we need MT-Blacklist, we also need a clean-up utility. One that looks in the comments for the "URL" field, and when it finds a match with our ban list (or even a specific entered value for v1.0), it collects that comment and presents us with a "Power Edit" list that allows us to delete comments in batches of 25-100 at a time. When we're done, one site rebuild would allow us to have a completely clean blog. Support: In addition, hosting providers have to get smarter. Tens or hundreds of weblogs rebuilding hundreds of entries will have the same effect on their servers as a denial-of-service attack. Comment spam should therefore be treated like one. For starters, hundreds of incoming data posts from the same IP ought to raise a red flag and cause diversion or access denial. Mwanwhile, our provider at Bloghosts.com has already moved to firewall out the following netblocks from their servers: 209.120.176.0/24 and 62.42.228.0/24. This will help for now, but over the long term they may want to consider an add-on service. It would include installation of MT-Blacklist, configured to draw from a central blacklist hosted and updated by bloghosts.com themselves, plus renamed CGI submission scripts in their MT(Movable Type) installations to make blogs they host a lower-profile target. The Cadillac option could even include an upgraded Host-specific MT package with a full-fledged spamtrap configuration. That would be a substantial draw for many bloggers, I think, who would gladly pay additional fees for services that take this problem off their hands. This much I do know - we'll need these measures sooner rather than later. Preteen, Lolita and the spawn were just the beginning. There's no reason these attacks couldn't be scaled to add hundreds of comments to each weblog, and no reason why they wouldn't be. Brace yourselves, because you ain't seen nothing yet.

15 TrackBacks

Tracked: October 12, 2003 3:30 PM
Blogging: Comment Spam from Richy's Random Ramblings
Excerpt: Like practically everybody else in the blogsphere at the moment, I'm suffering quite a bit of comment spam: I had to block my first IP address yesterday - and now I'm blocking the following 7 IP addresses: 209.210.176.19 209.210.176.20 209.210.176.21 2...
Tracked: October 13, 2003 2:23 AM
Comment Spam - sending IPs from Asymmetrical Information
Excerpt: Here is a list of IPs from whom I/we have received this sort of thing. The first one was eight
Tracked: October 13, 2003 2:25 AM
Excerpt: Excuse number 94.
Tracked: October 13, 2003 2:41 AM
Blog Spam! from Creative Destruction
Excerpt: Winds of Change.NET: Comment Spammer Infestations: Report I got blog-spammed for the first time today, and lo and behold I found this link on Instapundit....
Tracked: October 13, 2003 3:04 AM
Beware Of Spammers from Jay Reding.com
Excerpt: Winds of Change points out that there's been a rash of porn-site comment spammers across the blogosphere. So far I've...
Tracked: October 13, 2003 6:58 AM
Unwanted Comments from The Curmudgeonly Clerk
Excerpt: In the past, I have had some unkind words for comments features on weblogs. I have since opted to retain...
Tracked: October 13, 2003 7:45 AM
Comment spam from holycola.net
Excerpt: Just when I thought blogs could be this cool ad-free zone, those fucking spammers have concocted bots that automatically post comments onto blogs run under Movable Type, and maybe others. I only heard about this happening yesterday, and since then...
Tracked: October 13, 2003 1:32 PM
Excerpt: The folks at Winds of Change.NET have disabled comments until they have a solution to the comment spam problem. Earlier this morning I received email notices from comments to this blog. My personal spam receipt level has been low enough that a robots.t...
Tracked: October 13, 2003 9:14 PM
Back, foul spammers. from The Ankle Biter @ Quibbling.net
Excerpt: Here's a good summary of links about the epidemic of comment spamming that has been going on lately. There's a...
Tracked: October 14, 2003 12:28 AM
Lolita, preteen from JD on MX
Excerpt: Lolita, preteen: Spam in blog comments reached new heights this weekend... I heard of several sites that got "hundreds" of blog entries spammed with porn ads under the names "lolita" and "preteen". In the Flash community Michael Gunn got hit...
Tracked: October 14, 2003 5:27 AM
Bricklin IT from au currant: politics, media & lowbrow culture
Excerpt: I may not have comments anymore (too much porn spamming and not enough inclination to delete hundreds of comments and...
Tracked: October 14, 2003 4:22 PM
Slew of Blog Spam from blog^2
Excerpt: Argh! At first I read Mitch Kapor complain about how he was getting a few spams a week on his...
Tracked: October 14, 2003 8:12 PM
Excerpt: I just sent the following letter to suggestions@google.com. If anybody knows anybody who works there, please feel free to...
Tracked: October 20, 2003 6:13 PM
Excerpt: I just sent the following letter to suggestions@google.com. If anybody knows anybody who works there, please feel free to...
Tracked: November 14, 2003 5:32 PM
Blog Spam from Flame Turns Blue
Excerpt: Spam is becoming an increasing problem for blogs. I've had my fair share of spam in the comments, but the volume has been pretty minimal. Other sites haven't been so lucky....

21 Comments

Here is a list of IPs from whom I have received this sort of thing. The first one was eight months ago or so:

207.88.76.143
219.95.12.122
219.95.14.239
209.210.176.22

You should consider Bayesian content-filtering. I've been using it on both my work and home emails for about a year now, and it's produced amazing results. The disadvantage is that you need a lot of "good" mail and "bad" mail in order to get the databases intelligently built, but the advantage is that they continue to get "smarter" as more and more spam is "caught".

Email for more details if you have no idea what I'm talking about.

Yep, our blog (Random Nuclear Strikes) got the same Lolita crap spam.

MT-blacklist can't come too soon.

Here are some more IPs I've recently had to ban:

61.189.229.61
209.210.176.20
219.95.14.69
216.228.168.110

They even hit low volume blogs like mine.

I found one more obvious porn comment when cleanup Pacific Views today:

80.50.117.113 (klaus -- selling viagra and hardcore sex)

Warning: 209.210.176.0/24 may not cover enough ground. My 21 Lolita-spams came with last numbers 20, 21, 22 -- and 33. I got 4 more on my other site (www.curculio.org), the one with only 15 posts and 2 genuine comments in the last 6 months (maybe I should spend more time there).

I'm having the same problem, but it looks like there may be something of a solution. In particular, see the comments section of this post.

The latest trick is to leave an ambigous message "I'm not sure to what extent this statement is true." is one I got today, in the hopes you'll visit their website.

Sad.

Oh, and for what it's worth, here's my current banned list. Not all spammers though, but it may be handy for comparison purposes:

211.10.197.13 2003.06.23
81.135.77.87 2003.07.26
134.28.148.47 2003.08.14
203.62.10.3 2003.08.28
212.69.231.226 2003.09.16
66.111.50.170 2003.09.26
209.210.176.21 2003.10.09
209.210.176.* 2003.10.10
219.95.14.69 2003.10.12

I got hit by the comments from preteen too.
I am low volume enough that I was able to catch them and delete them.

I have had the same problem at PoliBlog. Like StarHawk I have been able to catch, delete and then IP ban. I have had the Lolita one several times, and from at least two different IPs. Plus numerous Viagra-related ones and several Direct TV ones as well.

I've been getting them too, but not in the volume you are.

Sometimes I wish I weren't so straight-laced. Otherwise I might consider a solution I learned on slashdot recently

Instead, I'll just volunteer to help Jay test his application on an older version of MT.

Same problem with my site tonight -- and a problem I've been dealing with all week long.

I've seen many porn spams on Slashdot. I wonder if people who don't like the site's viewpoints use this kind of comment as a way of attacking both the site and the people who run it.

Anyway, this kind of thing has been happening for some time on Slashdot. Slashdot has remained accessible at every place I've worked.

Slashdot's moderation mechanism tends to quickly lower this kind of crap to near invisibility. You do have to either catch the garbage early or deliberately look at comments rated -1 to find the stuff.

Perhaps they might be willing to offer advice.

I got hit with the same lolita / preteen crap a couple of days ago. IP was 209.210.176.33. I also deleted the comment and then banned the IP.

my guess is that you can't keep up and win on ip-blocking. Take a look at how yahoo/hotmail/paypal stop people from getting oodles of accounts, etc. they use a "Reverse turing test" or a "CAPTCHA"--it's a graphic that involves reading a word that's presented in such a way that no current OCR technology can solve the problem. this way no script can activate the comments, only a human can. yes, you'd still have to block human spammers, but that's really not where the majority of the problems are coming from. for every submission, you present a graphic image as a test, and you ask the submitter to tell you what the word is that they see in the graphic. a variety of fonts and backgrounds are used that prevent ocr from handling this.
Do tell your MT people about this suggestion. I know how they are created/implemented, and so do some other folks. Good luck.

Banning entire IP ranges may be too draconian. Perhaps require registration to post.

Any new ideas?

you know, i was serious about that post. you needn't have it deleted. a simple answer and i will understand.
----

{NM: Advertisements for Rolex watches were considered spam; as a result the entire post was deleted. Read the Winds of Change comments policy, please. Future posts containing those links will probably also be deleted without comment.

-- Marshal Nortius "Big Tuna" Maximus}

thanks for the answer. i won't spam here again. sorry for the trouble i've caused.

Leave a comment

Here are some quick tips for adding simple Textile formatting to your comments, though you can also use proper HTML tags:

*This* puts text in bold.

_This_ puts text in italics.

bq. This "bq." at the beginning of a paragraph, flush with the left hand side and with a space after it, is the code to indent one paragraph of text as a block quote.

To add a live URL, "Text to display":http://windsofchange.net/ (no spaces between) will show up as Text to display. Always use this for links - otherwise you will screw up the columns on our main blog page.




Recent Comments
  • TM Lutas: Jobs' formula was simple enough. Passionately care about your users, read more
  • sabinesgreenp.myopenid.com: Just seeing the green community in action makes me confident read more
  • Glen Wishard: Jobs was on the losing end of competition many times, read more
  • Chris M: Thanks for the great post, Joe ... linked it on read more
  • Joe Katzman: Collect them all! Though the French would be upset about read more
  • Glen Wishard: Now all the Saudis need is a division's worth of read more
  • mark buehner: Its one thing to accept the Iranians as an ally read more
  • J Aguilar: Saudis were around here (Spain) a year ago trying the read more
  • Fred: Good point, brutality didn't work terribly well for the Russians read more
  • mark buehner: Certainly plausible but there are plenty of examples of that read more
  • Fred: They have no need to project power but have the read more
  • mark buehner: Good stuff here. The only caveat is that a nuclear read more
  • Ian C.: OK... Here's the problem. Perceived relevance. When it was 'Weapons read more
  • Marcus Vitruvius: Chris, If there were some way to do all these read more
  • Chris M: Marcus Vitruvius, I'm surprised by your comments. You're quite right, read more
The Winds Crew
Town Founder: Left-Hand Man: Other Winds Marshals
  • 'AMac', aka. Marshal Festus (AMac@...)
  • Robin "Straight Shooter" Burk
  • 'Cicero', aka. The Quiet Man (cicero@...)
  • David Blue (david.blue@...)
  • 'Lewy14', aka. Marshal Leroy (lewy14@...)
  • 'Nortius Maximus', aka. Big Tuna (nortius.maximus@...)
Other Regulars Semi-Active: Posting Affiliates Emeritus:
Winds Blogroll
Author Archives
Categories
Powered by Movable Type 4.23-en