On Wednesday, September 1, 2004, 11:25:40 PM, Matthew Hunter wrote:
I just whipped up some code to reject trackback/comment spam using a SURBL as a data source. Unfortunately, the people spamming my weblogs aren't in multi.surbl.org, so I will have to maintain my own local blacklist server.
The single most useful thing that could be done wrt fighting spam in weblogs would be an SURBL source that had the offending domains in it. I would offer to make mine public, but I don't have the IP to spare at the moment...
Does anyone know of an appropriate SURBL list?
Hi Matthew, We could perhaps set up a separate SURBL for blog spammers. It would be a slight shift in focus since the other SURBLs are all for email spam. Can you give an idea of how many records you have?
Also have you tried Jay Allen's MT-Blacklist/Comment Spam list:
http://www.jayallen.org/comment_spam/
It would be interesting to look at your data to see if there's much overlap with our existing lists. In the case of Jay's data, there's nearly none.
Jeff C.
On Thu, Sep 02, 2004 at 12:23:48AM -0700, Jeff Chan jeffc@surbl.org wrote:
We could perhaps set up a separate SURBL for blog spammers. It would be a slight shift in focus since the other SURBLs are all for email spam. Can you give an idea of how many records you have?
Since my weblog software is custom, I've just got those few who have made the effort to target me specifically. That boils down to what looks like 3-4 entities and about 20 domains. I just started compiling it today, though. There are probably more buried in the logs that haven't been spammed at me recently.
Also have you tried Jay Allen's MT-Blacklist/Comment Spam list:
http://www.jayallen.org/comment_spam/
It would be interesting to look at your data to see if there's much overlap with our existing lists. In the case of Jay's data, there's nearly none.
I've looked at it before. It's oriented around MT, and since my weblog software is a custom thing, I can't use it directly. The actual database of domains looks like something easy to import into rbldnsd, though, and the updates could probably be automated via the RSS feed. No overlap with my current (very small) blacklist.
IMO, for the purpose of an SURBL, spam is spam is spam. I don't see a need for a separate list so much as for SOME list; the SURBL technology is the right technical fit for the problem, since there's no point in everyone madly maintaining their own local blacklists... the rest is just the details.
On Thursday, September 2, 2004, 12:50:29 AM, Matthew Hunter wrote:
On Thu, Sep 02, 2004 at 12:23:48AM -0700, Jeff Chan jeffc@surbl.org wrote:
to what looks like 3-4 entities and about 20 domains. I just started compiling it today, though. There are probably more buried in the logs that haven't been spammed at me recently.
Also have you tried Jay Allen's MT-Blacklist/Comment Spam list:
http://www.jayallen.org/comment_spam/
It would be interesting to look at your data to see if there's much overlap with our existing lists. In the case of Jay's data, there's nearly none.
I've looked at it before. It's oriented around MT, and since my weblog software is a custom thing, I can't use it directly. The actual database of domains looks like something easy to import into rbldnsd, though, and the updates could probably be automated via the RSS feed. No overlap with my current (very small) blacklist.
Yes a list of domains is what we would need as input to a SURBL, and yours and Jay's could be used.
IMO, for the purpose of an SURBL, spam is spam is spam. I don't see a need for a separate list so much as for SOME list; the SURBL technology is the right technical fit for the problem, since there's no point in everyone madly maintaining their own local blacklists... the rest is just the details.
As a data transport, I agree the technology is generally a good fit. But most of the use of SURBLs so far is in comparing to message bodies, so some of the applications are different. It also means the source data is different. To me that argues for a separate list, even if it's just added to multi and not a standalone list.
We'd need to document it so that people knew the source and application of the data was different from the mail spam URI lists.
One could make similar arguments for Usenet spammers.
Jeff C.
Which blogger are you using?
I moved my own blog over to Wordpress a couple of months ago and I haven't had any issues with comment spammers since.
Mr Michele Neylon Blacknight Internet Solutions Ltd Hosting, co-location & domains http://www.blacknight.ie/ Tel. +353 59 9137101
Michele Neylon :: Blacknight Solutions wrote:
Which blogger are you using?
I moved my own blog over to Wordpress a couple of months ago and I haven't had any issues with comment spammers since.
Oh, they hit us WordPress users too, just not as often as MT. Having it automatically moderate comments with certain keywords or more than X number of links helps cut it down, and the ability to (a) see all the latest comments and (b) mass-delete comments reduces the pain of cleanup. But they do target WP blogs from time to time.
I tend to get a pair of comments sent to the moderation queue every few weeks (presumably they figure if the first two didn't show up, they won't waste their time with more), but just this morning I had to delete a spam comment that came in last night and didn't trip the moderation rules. (One of those with the generic "I like your site" messages and the author's URL being the spamvertized site.)
-
Jeff Chan -
Kelson -
Matthew Hunter -
Michele Neylon :: Blacknight Solutions