I have just been the target of a massive spam comment attack. In the night of
January 23rd, my weblog received about two hundred and fifty (250!) spam
comments. The sheer size of it is not the only thing that worries me:
it’s the way it was done.
Usually, MT-Blacklist makes it trivial to get rid of such spam and it also
allows you to despam your weblog retroactively (i.e. not just the comment that
was just posted and for which you just received an email notification). The
problem in this particular attack is that these 250 comments
- All came with a different email address.
- Were posted all across my weblog, not just on one entry (they commented
on about thirty posts).
- But worst of all, they advertised a wide range of web sites, not just
one.
This last point is the reason why MT-Blacklist was a little less effective at
getting rid of that spam than it usually is, since MT-Blacklist despams based on
the URL of the poster or its IP address (most of the time useless). Ideally, I
would have liked MT-Blacklist to have an option "Add the websites contained in
the last 250 comments to my blacklist and despam my entire weblog", but since
this is not supported, I had to do some manual work.
Basically, I went through my Inbox and blacklisted the domains one by one.
Once I thought I had found most of them (going through 30-40 emails), I asked
MT-Blacklist to despam my entire weblog. Then I repeated this procedure
until the last comment posted on my welcome page was a legitimate comment again.
Total time, about a half hour. Not too bad.
Now, all this made me think a little bit about the spam comment phenomenon.
Obviously, the blacklist method will not scale for much longer, so how could I
stop the problem at its source: preventing spammers from posting in the first
place?
This is obviously impossible, so maybe I could push the reasoning one step
further and make sure they don’t find my weblog in the first place… The
question now is: how did they find my weblog?
If I were a spammer and I were looking for weblogs to comment, I would start
by determining what seems to be the de facto weblogging software. Movable Type
is an easy choice. Then I would take a look at the source and find how comments
are posted. I would quickly find out that the main entry point is called "mt-comments.cgi"
and I would google it.
So I
did this, and… holy smurf on a snowboard! My weblog appears in sixth position!!! Now
things are slowly falling into place. I think the first measure I will take is
to rename mt-comments.cgi to something different (how about vxtyzb.cgi?) and
I will patch my installation of Movable Type to use this new page. Hopefully, this
shouldn’t be too hard.
I have a few other ideas to make these bastards’ lives harder but it will be
for a next entry.
Update: I made the change. It’s a simple matter of modifying
mt.cfg, renaming the script and rebuilding the whole site. I am very happy
to report that if you click on the link shown by the google request above, it
will now 404. Yeah.
#1 by Dan Martin on January 26, 2004 - 1:45 pm
Wouldn’t it be nice if comments were simply moderated? My blog already emails me when somone comments. If I get time, I’m going to change the code for my blog (open source blog software) to where it emails me, but doesn’t post the comment until I approve it.
The email could come with three links:
-Approve
-Reject
-Reject and add to blacklist
No benefit to a spammer if his comment never ends up on my website.
#2 by Mats Henricson on January 27, 2004 - 12:19 am
I think it is possible to stop this kind of comment spamming! What to do is to use the same method PayPal is using to stop bots from signing up. What they do is to present an image with a blurred and skewed number on it, and ask the user to type in that number. Only humans can do that, so it would stop bots.
#3 by Santiago Gala on January 27, 2004 - 2:58 am
“Only humans can do that”
This reminds me the old definition of AI:
AI is “What computers still can’t do”
We’re doomed 🙂
#4 by Ben Poole on January 27, 2004 - 4:22 am
Mats, MT can already do that… the only problem is, there are wider usability implications which put a lot of people off employing the mechanism.
#5 by Carlos Villela on January 27, 2004 - 4:57 am
Only humans can do that, so it would stop bots… and visually impaired people, people using text browsers (me, part of the time), people using mobile browsers on a tight bandwidth budget who disabled image downloads… I like Dan’s suggestion, but I think it just doesn’t scale… Cedric would have received 250 e-mails which he would have to either select “Reject and Blacklist” or ignore. But still, that’s 250 e-mails…
#6 by Craig McClanahan on January 27, 2004 - 11:27 pm
I wish I could feel sympathetic, but I’ve had many many days where my various email accounts get spammed with 250 messages per hour, even after spam filters are in place (to be fair, that includes some mailing lists I moderate that require manual attention to avoid false positives). I would feel very relieved to have 250 messages/day have happened only once (but, hasn’t happened, because at the moment I’m not a blogger :-).
Craig McClanahan
#7 by Brendan Loy on September 5, 2004 - 6:56 pm
Thanks so much for posting this — I had the same problem, not with visible spam per se, but with literally hundreds of attempts to execute mt-comments.cgi in the space of just a few minutes … and your idea of renaming the file was just what the doctor ordered. Your tips for how to do so were also extremely helpful!
#8 by Brendan on September 5, 2004 - 6:59 pm
I forgot to mention the part of my story that makes it a truly tragic tale, namely, that my webserver actually shut down my entire site for “abuse of server resources” because of the spam attacks! (Or whatever they were.) So it wasn’t just an inconvenience, it was absolutely necessary in my case that I find a way to stop the attacks… so yeah. Thanks again!
#9 by brickred.com . on June 23, 2005 - 11:50 pm
Yes! Nice blog for all.
#10 by giełda samochodowa on August 21, 2005 - 10:17 pm
Hi, I have the same problem and I have to install mt-blacklist! It
#11 by nieruchomości on March 9, 2006 - 4:46 am
aaaaaa
#12 by .carla on June 19, 2006 - 4:40 am
I use MT Blacklist. I use the “All” criteria at the top of the Despam results page to list the last 50-200 posts (all selected for deletion by default) and then untick the comments which are legit. This is a great approach for the bulk spamodes as you can then import all the urls from all the posts at the same time.
Meanwhile, I’m renaming my mt-comments.cgi file…
#13 by avandia lawsuit on August 31, 2006 - 9:19 pm
Interesting information.
#14 by Franck Goldman on September 12, 2007 - 9:51 am
Hello, here my special gift
cherokee all dat azz
houston texas jobs
wx mailto
charlie mars
hair removal strip wax
heavy bag workout
usbntmap.sys
shen gong wu
wava
saltwater shark for sale
95 arctic cat puma
bearing dodge
kristin herrera
[URL= http://france-vacation-rental.raisebottle.com/bearing_dodge.html ]bearing dodge[/URL]
[URL= http://alex-skolnick.unbeliresult.com/kristin_herrera.html ]kristin herrera[/URL]
[URL= http://body-calculator-free-index-mass.18highdate.com/95_arctic_cat_puma.html ]95 arctic cat puma[/URL]
[URL= http://bl-mailto.ultralongrx.com/heavy_bag_workout.html ]heavy bag workout[/URL]
[URL= http://bl-mailto.ultralongrx.com/wx_mailto.html ]wx mailto[/URL]
[URL= http://youth-basketball-camp.1stdia.com/wava_ftf.html ]wava[/URL]
[URL= http://youth-basketball-camp.1stdia.com/usbntmap_sys.html ]usbntmap.sys[/URL]
[URL= http://massage-teen.iii.la/charlie_mars.html ]charlie mars[/URL]
[URL= http://cornwall-cottage-newquay.1stdia.com/cherokee_all_dat_azz.html ]cherokee all dat azz[/URL]
[URL= http://cheek-implant.napoleonsecret.com/houston_texas_jobs.html ]houston texas jobs[/URL]
[URL= http://shen-gong-wu.napoleonsecret.com/index.html ]shen gong wu[/URL]
[URL= http://cornwall-cottage-newquay.1stdia.com/hair_removal_strip_wax.html ]hair removal strip wax[/URL]
[URL= http://saltwater-shark-for-sale.incoolshop.com/index.html ]saltwater shark for sale[/URL]
#15 by Erick on November 30, 2007 - 4:31 pm
Over worked and too little fun,need a vacation in the Caribbean,think I’ll go to Charlisangels escort resorts in Dominican Republic.
#16 by Anonymous on January 10, 2010 - 11:22 am
Considerably, the mesothelioma treatment options article is in reality the greatest on this noteworthy topic. I agree with your conclusions and will eagerly look forward to your next acai berry updates. Saying thanks will not just be sufficient, for healthy weight loss pills the wonderful clarity in your writing. I will immediately grab your rss feed to stay privy of any updates. Pleasant work and much success in your business dealings!