[SURBL-Discuss] RE: Applying SURBL against blog comment spammers

Chris Santerre csanterre at merchantsoverseas.com
Thu Sep 2 14:55:25 CEST 2004



>-----Original Message-----
>From: jm at jmason.org [mailto:jm at jmason.org]
>Sent: Thursday, September 02, 2004 12:28 PM
>To: Matthew Hunter
>Cc: SATalk; SURBL Discuss
>Subject: Re: Applying SURBL against blog comment spammers 
>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>Matthew Hunter writes:
>> On Thu, Sep 02, 2004 at 09:36:29AM -0400, Chris Santerre 
><csanterre at MerchantsOverseas.com> wrote:
>> > >-----Original Message-----
>> > >From: Jeff Chan [mailto:jeffc at surbl.org]
>> > >Sent: Thursday, September 02, 2004 3:24 AM
>> > >To: SATalk
>> > >Cc: SURBL Discuss
>> > >Subject: Re: Applying SURBL against blog comment spammers
>> > >On Wednesday, September 1, 2004, 11:25:40 PM, Matthew 
>Hunter wrote:
>> > >> I just whipped up some code to reject trackback/comment spam
>> > >> using a SURBL as a data source.  Unfortunately, the people 
>> > >> spamming my weblogs aren't in multi.surbl.org, so I 
>will have to 
>> > >> maintain my own local blacklist server.  
>> > >> The single most useful thing that could be done wrt 
>fighting spam 
>> > >> in weblogs would be an SURBL source that had the offending 
>> > >> domains in it.  I would offer to make mine public, but I don't 
>> > >> have the IP to spare at the moment... 
>> > >> Does anyone know of an appropriate SURBL list?
>> > >Hi Matthew,
>> > >We could perhaps set up a separate SURBL for blog spammers.
>> > >It would be a slight shift in focus since the other SURBLs are
>> > >all for email spam.  Can you give an idea of how many records
>> > >you have?
>> > >Also have you tried Jay Allen's MT-Blacklist/Comment Spam
>> > >list:
>> > >  http://www.jayallen.org/comment_spam/
>> > >It would be interesting to look at your data to see if there's
>> > >much overlap with our existing lists.  In the case of Jay's data,
>> > >there's nearly none.
>> > Hell I'm feeling a little saucy this morning so lets mull 
>this over. This
>> > goes against Jeff's thoughts. But if they are spamming, 
>then just add them
>> > to SURBL. Does it matter if they spam email or blogs? To 
>me, not really.
>> > Adding them to the regular SURBL is sure to cause them some pain. 
>> > 
>> > Legit domains still get removed. 
>> > 
>> > SO I say, go ahead and add them. However I would like to 
>see an example of a
>> > spam'd blog. I've never seen one. 
>> 
>> Here some some examples of trackback spam, which is perhaps best 
>> thought of as an automated hat-tip protocol.  Let me know when 
>> you've seen them so I can delete them.  These are new since 
>> sometime yesterday, I think (the last time I deleted this 
>> stuff).  My SURBL update hasn't been posted to this site yet or 
>> it would have stopped these.
>> 
>> http://www.triggerfinger.org/weblog/servlet/trackback/164.jsp
>> http://www.triggerfinger.org/weblog/servlet/trackback/449.jsp
>> http://www.triggerfinger.org/weblog/servlet/trackback/2799.jsp
>> http://www.triggerfinger.org/weblog/servlet/trackback/3947.jsp
>> http://www.triggerfinger.org/weblog/servlet/trackback/5053.jsp
>> http://www.triggerfinger.org/weblog/servlet/trackback/5324.jsp
>> http://www.triggerfinger.org/weblog/servlet/trackback/5484.jsp
>> http://www.triggerfinger.org/weblog/servlet/trackback/5519.jsp
>> http://www.triggerfinger.org/weblog/servlet/trackback/5556.jsp
>
>! I hadn't seen trackback spam before...
>
>> There's no standard comment API so I haven't fallen victim to 
>> that yet.  Other bloggers have, but usually delete the 
>> comments ASAP... For comments, though, the simpler solution is 
>> probably to require an active user session (eg, session cookie 
>> accepted and returned from an earlier page).  That can be 
>> programmatically done but it's harder.  Parsing the comments
>> for spam sign like email is, I think, inevitable in the long 
>> term.  Well, that or requiring accounts to post comments.
>
>sample comment spams are easy enough to find.  Google for
>"comments movable cialis" ;)  Here's one:
>
>  <http://patch.stanford.edu/MT/mt-comments.cgi?entry_id=4>
>
>- --j.

GREAT example J! One links to :
http://patch.stanford.edu/MT/mt-comments.cgi?__mode=red&id=25
which links to :
buy-cialis.ws

Which is NOT in SURBL!! (It will be today!) Because like Dr. Evil this is a
pre-emptive Shhh! It is just a matter of time before this site is used in an
email spam. I also see no difference between this blog spam and email spam.
At all! 

--Chris


More information about the Discuss mailing list