The ever changing face of spam
Out of the blue this blog has been hit by various spammers..it goes like this:
#
Name: diet pill | Email: napoleon3001@usmail.com | URI: http://www.na——-.com/ | IP: 205.202.241.39
Please check some helpful info about tramadol online diet pill cheap tramadol – Tons of interesdting stuff!!!
Edit | Delete just this comment | Bulk action: Approve Delete Do nothing
At least that’s the sort of thing that shows up in the moderation box. The site is hand moderated and this crap does not get posted. A couple of days ago I got hit with 20-30 party poker spams. One on each post. It’s not that big of a deal, but it does delay approval.
So what we need is a comment posting clearing house. Anyone want to work on it? I may have to resort to “only members can post” kind of thing if it gets out of control. Is there a bot out there doing this? Or what? I’d love some insight.
I feel your pain. So I think the easiest solution here is members’ registration: you know, like at pcmag.com, only without all the questions about income and attempts to sell things. Sorry to say I don’t know how it’s done, but I doubt it would put most people off.
If you are running apache or something compatible with ACLs, give these a try in your .htaccess file:
Order allow,deny
allow from all
deny from 217.132
deny from 61.197.242.34
deny from 212.235
Yes, I banned two high level blocks, one is arin.net, which has done nothing but spam me, so I start out with specific IP addresses, and escalate one octet for ever offence in a block.
I disagree, the easiest solution is to install my extension to WordPress Mass Delete. I wrote it in response to a couple of attacks that consisted of 600+ comments. I assume you are running WordPress 1.2, so you can’t use it yet, but give me a day or two and I will port it over from 1.3 to 1.2. You will be able to get rid of comment spam, no matter the number in one click.
Keep up the good work, I don’t always agree with you, but I love to see what you have to say.
I believe there are bots that target the most popular blogging programs, like MT and WP. I got to the point on my blog where I was spending nearly as much time finding and deleting spam as I was producing content, so I switched systems, to one that requires registration. Traffic plummeted, and comments plummeted even more, but at least I’m sane. It was a painful trade but worth it.
I don’t know if it’s possible now to make WP require registration. Another possibility would be to force people to type in a random word that appears as a graphic, like Yahoo Groups does when you join its discussion groups. I don’t know if WP has that capability either. If I had it to do over again, I’d take that approach, I think. That’d foil the bots without making people uncomfortable.
WordPress already has this functionaliy built-in, so just enable it and then at least you know what spamming member(s) to kick out when the time comes 🙂
spam is awesome
Here’s some ideas that work around the web:
1. Flood control – a DB check to make sure post isn’t duplicate of existing post AND/OR control number check on post to see if it gels w/initial post form presented.
2. Timeout on posts from same IP address – an interval of a minute or 90 seconds between postings. That would snip the script generated deals though even more robust check would be a limit check on # of posts from a given address, then blocking them.
3. User registration, as mentioned, but alone, that may not be sufficient.
4. A comment scoring system like /. does, where crap can be easily ignored…
I got hit with all those spam comments recently, too. This blog is based on WordPress, right?
I found the easiest thing to do was install a plug-in called “Auto-Close Comments.” Check here: http://wiki.wordpress.org/Plugin
I used that to close off all comments older than 7 days. After a couple of days, the spamming ceased and I edited the code to reopen all the threads again. I guess the SpamBots got the idea that the site was closed and checked me off their list.
What can be developed, and seems easy to, is a plugin wich requires the person to repeat some letters before posting the comment.
Yes, right now the problem is just a nuisance, but I can see getting slammed too.
Get some PHP code that displays a graphic of a number you must type like what Yahoo does … problem would be resolved without registration.
Say that on Sat. Sept. 25, 2004 one million users send comments to the Dvorak Blog at exactly 1 PM EST.
You could:
1. Spend the next 30 years looking at a screen & approving comments.
2. Just approve all comments for posting uncensored.
3. Ask yourself, self how did this blog get so popular and delete all the junk.
4. Outsource blogging approval and make a business out of it.
5. Drop the blogging routine and spend more time at the beach.
Number 5 wins out on the fun factor. Number 3 could bring more comments and mean more time spent approving messages or looking for answers. Number 2 could be helped along with a massive volunteer effort. I’d love spending all week sitting in front of my PC, sorting 200,000 messages for nothing. Our ship will be docking in LA and I’ll be on a layover before heading for Jupiter next week, so I’ll have the time.
wefdo qyad xkwuprs ehnct rqfzjbys pylvdr oexivjs