-----Original Message----- From: jm@jmason.org [mailto:jm@jmason.org] Sent: Thursday, September 02, 2004 12:28 PM To: Matthew Hunter Cc: SATalk; SURBL Discuss Subject: Re: Applying SURBL against blog comment spammers
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Matthew Hunter writes:
On Thu, Sep 02, 2004 at 09:36:29AM -0400, Chris Santerre
csanterre@MerchantsOverseas.com wrote:
-----Original Message----- From: Jeff Chan [mailto:jeffc@surbl.org] Sent: Thursday, September 02, 2004 3:24 AM To: SATalk Cc: SURBL Discuss Subject: Re: Applying SURBL against blog comment spammers On Wednesday, September 1, 2004, 11:25:40 PM, Matthew
Hunter wrote:
I just whipped up some code to reject trackback/comment spam using a SURBL as a data source. Unfortunately, the people spamming my weblogs aren't in multi.surbl.org, so I
will have to
maintain my own local blacklist server. The single most useful thing that could be done wrt
fighting spam
in weblogs would be an SURBL source that had the offending domains in it. I would offer to make mine public, but I don't have the IP to spare at the moment... Does anyone know of an appropriate SURBL list?
Hi Matthew, We could perhaps set up a separate SURBL for blog spammers. It would be a slight shift in focus since the other SURBLs are all for email spam. Can you give an idea of how many records you have? Also have you tried Jay Allen's MT-Blacklist/Comment Spam list: http://www.jayallen.org/comment_spam/ It would be interesting to look at your data to see if there's much overlap with our existing lists. In the case of Jay's data, there's nearly none.
Hell I'm feeling a little saucy this morning so lets mull
this over. This
goes against Jeff's thoughts. But if they are spamming,
then just add them
to SURBL. Does it matter if they spam email or blogs? To
me, not really.
Adding them to the regular SURBL is sure to cause them some pain.
Legit domains still get removed.
SO I say, go ahead and add them. However I would like to
see an example of a
spam'd blog. I've never seen one.
Here some some examples of trackback spam, which is perhaps best thought of as an automated hat-tip protocol. Let me know when you've seen them so I can delete them. These are new since sometime yesterday, I think (the last time I deleted this stuff). My SURBL update hasn't been posted to this site yet or it would have stopped these.
http://www.triggerfinger.org/weblog/servlet/trackback/164.jsp http://www.triggerfinger.org/weblog/servlet/trackback/449.jsp http://www.triggerfinger.org/weblog/servlet/trackback/2799.jsp http://www.triggerfinger.org/weblog/servlet/trackback/3947.jsp http://www.triggerfinger.org/weblog/servlet/trackback/5053.jsp http://www.triggerfinger.org/weblog/servlet/trackback/5324.jsp http://www.triggerfinger.org/weblog/servlet/trackback/5484.jsp http://www.triggerfinger.org/weblog/servlet/trackback/5519.jsp http://www.triggerfinger.org/weblog/servlet/trackback/5556.jsp
! I hadn't seen trackback spam before...
There's no standard comment API so I haven't fallen victim to that yet. Other bloggers have, but usually delete the comments ASAP... For comments, though, the simpler solution is probably to require an active user session (eg, session cookie accepted and returned from an earlier page). That can be programmatically done but it's harder. Parsing the comments for spam sign like email is, I think, inevitable in the long term. Well, that or requiring accounts to post comments.
sample comment spams are easy enough to find. Google for "comments movable cialis" ;) Here's one:
http://patch.stanford.edu/MT/mt-comments.cgi?entry_id=4
- --j.
GREAT example J! One links to : http://patch.stanford.edu/MT/mt-comments.cgi?__mode=red&id=25 which links to : buy-cialis.ws
Which is NOT in SURBL!! (It will be today!) Because like Dr. Evil this is a pre-emptive Shhh! It is just a matter of time before this site is used in an email spam. I also see no difference between this blog spam and email spam. At all!
--Chris