I know I mentioned in a previous blog that I thought it odd the timing of my site's spam baragge. I also mentioned that Geek had warned me of a rather serious flaw in my version of Movable Type. Seems like some freak likes to try and force us to play "Texas Hold em' Poker" by comment spamming my blog. Heck we have a poker night at my Fraternity house almost every month and i still don't attend it and I live there. (Okay, maybe i do live on the Internet but the whole point is poker is not for me.) It was getting a bit old though. I was spending almost an hour a day deleting comment spam.
So I upgraded to MT 3.15 which allowed me to moderate comment postings. This was one possible solution but there is an inherant flaw in it. I spend just as much time deleting them. (Well actually a little bit less cause MT lets you do it enmass now.) Unfortunately, things actually got worse. I started receiving trackback spam as well. I was recieving spams at a rate of about 60-90 comments and/or trackbacks per hour. I noticed the attack early one morning while I was at work. The script ate about 3% of my monthly bandwidth in, what appeared to be, about 6 hours.
What did I do? Well, I started off doing what I do best, I found the comment script and broke it. I know this may seem like a ridiculous place to start but I had to use the skills I had. I had a bit of an idea as to what else I could try but i wanted something rather expedient. I am, after all, the expert at making programs and scripts not work.
Having achieved the quick fix in but nano seconds, I began to systematically search the web for more permenant solutions. My expedient fix did stop the comment spam but within forty minutes the trackback spam began. So I turned my expertise loose on the trackback script. Problem solved so be it in a most unsatisfactory way, solved nonetheless.
My "solution" is equally as drastic as it is expedient. It assures that I shall not recieve spam this also assures, unfortunately, it also assures that nobody can post a message or trackback. I feel this rather defeats the whole purpose of blogging. I obvioulsy needed a somewhat more perfect solution, actually, a better word would be satisfactory.
The immediate course of action was simple. It is quick and easy with Movable Type I informed mt.config what the new names were and renamed the comment and trackback script. It killed all spam for 11 days and has stopped about 95% of it.
Rest assured though, it is but a temporary fix. A well written bot will find this rather easily. Before I get all involved regarding "what" to do, let me pause a moment and elaborate on "why" anyone would comment spam blogs. There are a number of reasons I am aware of:
- First of all, spammers are bottom feeders that rely on feeding in hordes to get on tiny morsel of food. Spammers only hope that one out of evry hundred thousand or so actually bite. This may seem like burning down the rain forest to kill one ant but, oh wait, that is what it is.
- Spammers are blanketing the web to have more sites "refer" to their site. This helps with their rankings on certain search engines. This is a bot fooling a bot.
- They simply lack any shred of decency or common sense.
So, all things considered, SPAM is just stupid. Movable Type has a guide to avoiding comment SPAM. It is a good read and, especially if you are a MT user, should surf here and give it a read. (Even if you are not a MT user, it is still worth a read.)
The article suggest a lot of different tactics, some of which make sense to Lump and others which seem about at useful as spam itself. In this blog, I am going to cover all of the suggestions they offer that do not involve plugins. Lumpy's Corner managed to go 21 full days without a comment spam by doing what I described I shall discuss.
Before I dive into that, I must clearly state that I do not endorse not using plugins. I recomend using every means available to combat this problem. Any solution is a mixed bag. The MT tutorial likens it to having a retail store and combating shoplifting. One is confronted with stiffling the customer's freedom in an effort to secure the store. It becomes a tedious balancing act. The real quesion is how to tip the scale.
I shall start with how to deal with it at the bare bones level, without plugins. What can one do to start? For starters, do what I did. Rename your scripts. It will stop a good number of dumb scripters and, if you deal with the config file, it will do nothing to your MT performance.
This tactic falls under the area of dealing with spam by "obscurity". Spammers will write scripts so that take advantage of the given structure of a content management system. If you leave everything set to the default, it would be the same as leaving the layout of every store you own identical. This would be heaven for shop lifters. It would mean that they could develop a tactic which would work in any store, any time.
Most of what one can do without installing additional plugins falls into the catagory of obscurity. Most of these tactics I agree with. There is one that I do not agree with. If you look in the lower right colum of my main page, you will notice many, many links to blog sites. They are like various phone books for bloggers. The "guide" suggest not listing in them because many spammers use them to find your site. My only issue with that is simple; why would you open a store and not list it in the phone book?
I don't know about all of you out there but I want to be found. I think that the suggestion defeats the purpose of being known. I have submited the corner to all of those links I list.
The other suggestions listed in the guide are:
- Do not use the default words for descriptions such as "comments" and "trackback". Change them. Although this will not confuse a well written bot, it will kill a few. It is also a good idea to rearrange the order they apear in your template
- Edit your comment templates
- Change the default names
- Rearrange the order
- Add a "dummie field", a feild which does basically nothing
They also suggest forcing comment previews. I implemented all of the measures except that one. I remained comment spam free for 23 days. I think they are all worth the effort, which is minimal. The reader should also consider the fact that if evry blogger implemented them it would deffinitely make the spammers have to work a bit more. Spammers are aversive to work so it would have to help.
In a future post I will go into plugins that will help
Happy bloggin' all,
Lumpomtic
Comments (2)
Lumpy- The name change thing is a good start. I wouldn't mind more details on what you did to rearrange the order in the templates.
I assume with the plugins you will look into MT-Blacklist (http://www.jayallen.org/projects/mt-blacklist/) and the new SpamLookup (http://bradchoate.com/projects/spamlookup/). I've been using MTB for a while, and it seems to catch the majority of the garbage that is thrown my way by the robots. It's statistics on my site say that 9700 things have been blocked, and 300 have been moderated since earlier this year. Of those 300, most have been spam as well. So it isn't perfect.
SpamLookup is newer, and people have been saying good things about it.
Posted by Jack Vinson | May 19, 2005 9:19 AM
Posted on May 19, 2005 09:19
Check your in-box Jack and check back here in the future. I am already writing something about the many plugins out there.
Posted by Lumpy | May 20, 2005 3:45 AM
Posted on May 20, 2005 03:45