[SURBL-Discuss] Re: Applying SURBL against blog comment spammers

Justin Mason jm at jmason.org
Thu Sep 2 10:27:43 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Matthew Hunter writes:
> On Thu, Sep 02, 2004 at 09:36:29AM -0400, Chris Santerre <csanterre at MerchantsOverseas.com> wrote:
> > >-----Original Message-----
> > >From: Jeff Chan [mailto:jeffc at surbl.org]
> > >Sent: Thursday, September 02, 2004 3:24 AM
> > >To: SATalk
> > >Cc: SURBL Discuss
> > >Subject: Re: Applying SURBL against blog comment spammers
> > >On Wednesday, September 1, 2004, 11:25:40 PM, Matthew Hunter wrote:
> > >> I just whipped up some code to reject trackback/comment spam
> > >> using a SURBL as a data source.  Unfortunately, the people 
> > >> spamming my weblogs aren't in multi.surbl.org, so I will have to 
> > >> maintain my own local blacklist server.  
> > >> The single most useful thing that could be done wrt fighting spam 
> > >> in weblogs would be an SURBL source that had the offending 
> > >> domains in it.  I would offer to make mine public, but I don't 
> > >> have the IP to spare at the moment... 
> > >> Does anyone know of an appropriate SURBL list?
> > >Hi Matthew,
> > >We could perhaps set up a separate SURBL for blog spammers.
> > >It would be a slight shift in focus since the other SURBLs are
> > >all for email spam.  Can you give an idea of how many records
> > >you have?
> > >Also have you tried Jay Allen's MT-Blacklist/Comment Spam
> > >list:
> > >  http://www.jayallen.org/comment_spam/
> > >It would be interesting to look at your data to see if there's
> > >much overlap with our existing lists.  In the case of Jay's data,
> > >there's nearly none.
> > Hell I'm feeling a little saucy this morning so lets mull this over. This
> > goes against Jeff's thoughts. But if they are spamming, then just add them
> > to SURBL. Does it matter if they spam email or blogs? To me, not really.
> > Adding them to the regular SURBL is sure to cause them some pain. 
> > 
> > Legit domains still get removed. 
> > 
> > SO I say, go ahead and add them. However I would like to see an example of a
> > spam'd blog. I've never seen one. 
> 
> Here some some examples of trackback spam, which is perhaps best 
> thought of as an automated hat-tip protocol.  Let me know when 
> you've seen them so I can delete them.  These are new since 
> sometime yesterday, I think (the last time I deleted this 
> stuff).  My SURBL update hasn't been posted to this site yet or 
> it would have stopped these.
> 
> http://www.triggerfinger.org/weblog/servlet/trackback/164.jsp
> http://www.triggerfinger.org/weblog/servlet/trackback/449.jsp
> http://www.triggerfinger.org/weblog/servlet/trackback/2799.jsp
> http://www.triggerfinger.org/weblog/servlet/trackback/3947.jsp
> http://www.triggerfinger.org/weblog/servlet/trackback/5053.jsp
> http://www.triggerfinger.org/weblog/servlet/trackback/5324.jsp
> http://www.triggerfinger.org/weblog/servlet/trackback/5484.jsp
> http://www.triggerfinger.org/weblog/servlet/trackback/5519.jsp
> http://www.triggerfinger.org/weblog/servlet/trackback/5556.jsp

! I hadn't seen trackback spam before...

> There's no standard comment API so I haven't fallen victim to 
> that yet.  Other bloggers have, but usually delete the 
> comments ASAP... For comments, though, the simpler solution is 
> probably to require an active user session (eg, session cookie 
> accepted and returned from an earlier page).  That can be 
> programmatically done but it's harder.  Parsing the comments
> for spam sign like email is, I think, inevitable in the long 
> term.  Well, that or requiring accounts to post comments.

sample comment spams are easy enough to find.  Google for
"comments movable cialis" ;)  Here's one:

  <http://patch.stanford.edu/MT/mt-comments.cgi?entry_id=4>

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFBN0n/QTcbUG5Y7woRAr4DAJsHXOv+RXOdk8G0RYfoz7yoWKi9aACgl5tg
NDZDz5EJifzZgrr0tb6FLXU=
=G4OV
-----END PGP SIGNATURE-----



More information about the Discuss mailing list