[SURBL-Discuss] Re: Applying SURBL against blog comment spammers

Matthew Hunter matthew at infodancer.org
Thu Sep 2 11:36:16 CEST 2004


On Thu, Sep 02, 2004 at 09:36:29AM -0400, Chris Santerre <csanterre at MerchantsOverseas.com> wrote:
> >-----Original Message-----
> >From: Jeff Chan [mailto:jeffc at surbl.org]
> >Sent: Thursday, September 02, 2004 3:24 AM
> >To: SATalk
> >Cc: SURBL Discuss
> >Subject: Re: Applying SURBL against blog comment spammers
> >On Wednesday, September 1, 2004, 11:25:40 PM, Matthew Hunter wrote:
> >> I just whipped up some code to reject trackback/comment spam
> >> using a SURBL as a data source.  Unfortunately, the people 
> >> spamming my weblogs aren't in multi.surbl.org, so I will have to 
> >> maintain my own local blacklist server.  
> >> The single most useful thing that could be done wrt fighting spam 
> >> in weblogs would be an SURBL source that had the offending 
> >> domains in it.  I would offer to make mine public, but I don't 
> >> have the IP to spare at the moment... 
> >> Does anyone know of an appropriate SURBL list?
> >Hi Matthew,
> >We could perhaps set up a separate SURBL for blog spammers.
> >It would be a slight shift in focus since the other SURBLs are
> >all for email spam.  Can you give an idea of how many records
> >you have?
> >Also have you tried Jay Allen's MT-Blacklist/Comment Spam
> >list:
> >  http://www.jayallen.org/comment_spam/
> >It would be interesting to look at your data to see if there's
> >much overlap with our existing lists.  In the case of Jay's data,
> >there's nearly none.
> Hell I'm feeling a little saucy this morning so lets mull this over. This
> goes against Jeff's thoughts. But if they are spamming, then just add them
> to SURBL. Does it matter if they spam email or blogs? To me, not really.
> Adding them to the regular SURBL is sure to cause them some pain. 
> 
> Legit domains still get removed. 
> 
> SO I say, go ahead and add them. However I would like to see an example of a
> spam'd blog. I've never seen one. 

Here some some examples of trackback spam, which is perhaps best 
thought of as an automated hat-tip protocol.  Let me know when 
you've seen them so I can delete them.  These are new since 
sometime yesterday, I think (the last time I deleted this 
stuff).  My SURBL update hasn't been posted to this site yet or 
it would have stopped these.

http://www.triggerfinger.org/weblog/servlet/trackback/164.jsp
http://www.triggerfinger.org/weblog/servlet/trackback/449.jsp
http://www.triggerfinger.org/weblog/servlet/trackback/2799.jsp
http://www.triggerfinger.org/weblog/servlet/trackback/3947.jsp
http://www.triggerfinger.org/weblog/servlet/trackback/5053.jsp
http://www.triggerfinger.org/weblog/servlet/trackback/5324.jsp
http://www.triggerfinger.org/weblog/servlet/trackback/5484.jsp
http://www.triggerfinger.org/weblog/servlet/trackback/5519.jsp
http://www.triggerfinger.org/weblog/servlet/trackback/5556.jsp

There's no standard comment API so I haven't fallen victim to 
that yet.  Other bloggers have, but usually delete the 
comments ASAP... For comments, though, the simpler solution is 
probably to require an active user session (eg, session cookie 
accepted and returned from an earlier page).  That can be 
programmatically done but it's harder.  Parsing the comments
for spam sign like email is, I think, inevitable in the long 
term.  Well, that or requiring accounts to post comments.

-- 
Matthew Hunter (matthew at infodancer.org)
Public Key: http://matthew.infodancer.org/public_key.txt
Homepage: http://matthew.infodancer.org/index.jsp
Politics: http://www.triggerfinger.org/weblog/index.jsp


More information about the Discuss mailing list