[SURBL-Discuss] Re: Applying SURBL against blog comment spammers
Justin Mason
jm at jmason.org
Thu Sep 2 10:27:43 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Matthew Hunter writes:
> On Thu, Sep 02, 2004 at 09:36:29AM -0400, Chris Santerre <csanterre at MerchantsOverseas.com> wrote:
> > >-----Original Message-----
> > >From: Jeff Chan [mailto:jeffc at surbl.org]
> > >Sent: Thursday, September 02, 2004 3:24 AM
> > >To: SATalk
> > >Cc: SURBL Discuss
> > >Subject: Re: Applying SURBL against blog comment spammers
> > >On Wednesday, September 1, 2004, 11:25:40 PM, Matthew Hunter wrote:
> > >> I just whipped up some code to reject trackback/comment spam
> > >> using a SURBL as a data source. Unfortunately, the people
> > >> spamming my weblogs aren't in multi.surbl.org, so I will have to
> > >> maintain my own local blacklist server.
> > >> The single most useful thing that could be done wrt fighting spam
> > >> in weblogs would be an SURBL source that had the offending
> > >> domains in it. I would offer to make mine public, but I don't
> > >> have the IP to spare at the moment...
> > >> Does anyone know of an appropriate SURBL list?
> > >Hi Matthew,
> > >We could perhaps set up a separate SURBL for blog spammers.
> > >It would be a slight shift in focus since the other SURBLs are
> > >all for email spam. Can you give an idea of how many records
> > >you have?
> > >Also have you tried Jay Allen's MT-Blacklist/Comment Spam
> > >list:
> > > http://www.jayallen.org/comment_spam/
> > >It would be interesting to look at your data to see if there's
> > >much overlap with our existing lists. In the case of Jay's data,
> > >there's nearly none.
> > Hell I'm feeling a little saucy this morning so lets mull this over. This
> > goes against Jeff's thoughts. But if they are spamming, then just add them
> > to SURBL. Does it matter if they spam email or blogs? To me, not really.
> > Adding them to the regular SURBL is sure to cause them some pain.
> >
> > Legit domains still get removed.
> >
> > SO I say, go ahead and add them. However I would like to see an example of a
> > spam'd blog. I've never seen one.
>
> Here some some examples of trackback spam, which is perhaps best
> thought of as an automated hat-tip protocol. Let me know when
> you've seen them so I can delete them. These are new since
> sometime yesterday, I think (the last time I deleted this
> stuff). My SURBL update hasn't been posted to this site yet or
> it would have stopped these.
>
> http://www.triggerfinger.org/weblog/servlet/trackback/164.jsp
> http://www.triggerfinger.org/weblog/servlet/trackback/449.jsp
> http://www.triggerfinger.org/weblog/servlet/trackback/2799.jsp
> http://www.triggerfinger.org/weblog/servlet/trackback/3947.jsp
> http://www.triggerfinger.org/weblog/servlet/trackback/5053.jsp
> http://www.triggerfinger.org/weblog/servlet/trackback/5324.jsp
> http://www.triggerfinger.org/weblog/servlet/trackback/5484.jsp
> http://www.triggerfinger.org/weblog/servlet/trackback/5519.jsp
> http://www.triggerfinger.org/weblog/servlet/trackback/5556.jsp
! I hadn't seen trackback spam before...
> There's no standard comment API so I haven't fallen victim to
> that yet. Other bloggers have, but usually delete the
> comments ASAP... For comments, though, the simpler solution is
> probably to require an active user session (eg, session cookie
> accepted and returned from an earlier page). That can be
> programmatically done but it's harder. Parsing the comments
> for spam sign like email is, I think, inevitable in the long
> term. Well, that or requiring accounts to post comments.
sample comment spams are easy enough to find. Google for
"comments movable cialis" ;) Here's one:
<http://patch.stanford.edu/MT/mt-comments.cgi?entry_id=4>
- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFBN0n/QTcbUG5Y7woRAr4DAJsHXOv+RXOdk8G0RYfoz7yoWKi9aACgl5tg
NDZDz5EJifzZgrr0tb6FLXU=
=G4OV
-----END PGP SIGNATURE-----
More information about the Discuss
mailing list