Flow Through
December 21st, 2004I’ve been thinking a lot about spam lately. Email, snail mail, comment and other variants. I spend a lot of time managing spam of all kinds. The best management victories have been with email spam.
Email apps seem to have evolved to a point where I can train the app to simply get the mail and throw the spam away as fast as I get it. If some of my personal email gets lost, that is the cost for flushing the shit out as fast as the toilet is full.
I got thinking about the toilet metaphor in relation to comment spam. If a spammer’s setup allows it to shit out spam, then my toilet needs to be large enough to hold it and flush it down.
If I were the badass codeslinger, I’d code up a plugin that did just that and call it Colon Blow. Since I’m not adept at perl or php (did you see how long it took me to get the fucking individual archive pages to display recent entries?) I’d like to suggest to either Jay Allen or Anil Dash or maybe even the entire blogging world despite your platform of choice, to create a comment spam plug-in called Colon Blow that allows a person to simply log the spam, submit it to a powerful anti-spam coalition and flush it without much fuss. In other words, when I get a comment that is questionable, I click a link/button that says, “Yes, This Is Spam. Invoke Colon Blow”. When Colon Blow is invoked, a number of things happen (reporting, deleting from the database and a holistic exorcism on the server), but I don’t see them. And if I choose not to do anything, Colon Blow periodically goes through my database and deletes comments older than a few days that I haven’t declared as spam or approved.
Better yet would be a plug-in that traced the comment spam to the spamming machine’s MAC address and re-routed the spewage right back to that machine, effectively blowing the shit right back at the spammers. That would be killer sweet.
And finally, a note to the comment spammers: You are the spore on the rotting sewage that is oozing through the world’s toilets. I hope you’re happy ruining the holidays for children everywhere and in general, ruining the internet for everyone else.
In a past life I was a second grade teacher. o
December 21st, 2004 at 7:03 am
Hear, hear!
December 21st, 2004 at 7:20 am
Are you feeling okay this morning you seem a little angry… but I understand. Love the Colon Blow idea.
December 21st, 2004 at 7:25 am
Have you heard the story this morning about the $1 BILLION judgment against a cadre of spammers that forced an Iowa ISP out of business?(I heard it on NPR myself.)
SWEET.
December 21st, 2004 at 7:27 am
Tsk Tsk I guess you didn’t like that comment.
December 21st, 2004 at 7:28 am
Disregard comment I’m not capable of doing two things at once.
December 21st, 2004 at 7:28 am
Oh, and I forgot to mention that I agree wholeheartedly with your assessment that comment spammers should all eat a bowl of dicks (OK, my words, not yours).
Those bastards managed to put approximately 2,600 spam comments on my site in the space of a weekend. And I was out of town, too, so the damage was largely already done when I found out. Just galling.
December 21st, 2004 at 7:40 am
I am fine this morning. I was just trying to guilt the spammers. Also, I’m practicing for when Leta is in college and wants to go to Cozumel with her friends for the holidays instead of come home and hang with us.
December 21st, 2004 at 7:42 am
If you’ll allow me to get geeky for a moment (and I know you will), I think what’s needed is a new version of mt-blacklist that includes some of the old functionality … ie, you identify a comment as spam, add the string to your blacklist and then (this is key!) mt-blacklist searches through your recent comments and flushes any others that match the new string. Apparently this feature was left out of the newest release of mt-blacklist because Jay Allen was in a hurry to get a build out that worked with mt-3.1x.
Hopefully, this updated version of mt-bl (code name: COLON BLOW) will be coming soon?
December 21st, 2004 at 7:51 am
So, wait. You’re not talking about congealed meat in a can? Because Colon Blow works as a GREAT de-spammer in that regard, too.
If you get my drift.
December 21st, 2004 at 7:55 am
My site is one of a kind. (When I say “one of a kind” I mean its software. The content is questionably nothing more than brain vomit.) That said, I never receive comment spam.
::knock on wood::
I was, however, once forced to kill an email address (actually, anything going to that domain name was destroyed) due to spam. It seems the domain “IHateDesign” which I had running one year ago, was glutton for punishment. I was receiving 200 to 300 spam messages a day.
I remember being so unbelievably angry, I couldn’t even formulate an opinion. I just wanted to literally beat the living shit out of each and every individual behind this annoyance.
But I’d like to pose a question. How much money would it take, should someone come and make you an offer, for you to toss out your beliefs, forget about how much it annoyed you in the past, and help (in some way) with spam?
Seriously. Isn’t that what’s happening? I suspect that more folks could and have actually been “bought” assuming they remain nameless.
December 21st, 2004 at 8:16 am
This is ALL my fault isn’t it?
Did you get my email?
I am sorry that I am a fucking moron.
December 21st, 2004 at 8:24 am
you might like to read paul graham on spam (if you have not already):
http://www.paulgraham.com/antispam.html
thoughtful, intelligent & angry.
i’ve used a 3rd party product called Mailwasher to clean up my free-mail accounts (like hotmail). it lets you build filters with regular expressions & autodeletes & bounces mail so you don’t have to read the disgusting subject lines. but yes! it’d be much more satisfying if named as colorfully as you suggest - also if it had a big FLUSH button.
December 21st, 2004 at 8:36 am
i haven’t upgraded to the latest MT release, so i don’t know if mtblacklist is included or you still have to add it as a plug-in, but (and maybe you have discussed this already and i missed it) it does essentially what you want colon blow to do, minus the MAC address exploding machine bit and the connection to a central superinformationsystem. and i am -still- fighting the good fight on my site in re: recent entries displaying on archive pages. i’m sure i could get it -=just right=- if i hacked at it for a couple more hours, but whatever. like mtblacklist, it’s not perfect but it works, and i suspect the only person it bugs is i, perfectionist.
December 21st, 2004 at 8:44 am
and i assume, per the SNL skit, that their would be a Super Colon Blow as well (perhaps this would be the non-freeware version?), which would perform all the actions of Colon Blow w/r/t spam, but also unleash two and a half million retaliatory emails directed solely at the offending spammer.
tagline: “The internet’s broom!”
December 21st, 2004 at 9:00 am
jon, never have i read a post that touched me more. and not in a jacko-now-i-need-a-shower-and-therapy kinda way. in a follow-you-through-the-streets-as-our-triumphant-leader kinda way. totally brought a tear to my eye.
December 21st, 2004 at 9:05 am
We are macpeople over here. No one else we know is. Our problem, aside from some spam is the effin forwards. I don’t want to read the jokes, do the quizzes, see the giraffe magically appear. Call me intolerant. Go ahead. SO, when we receive a forwarded email, we bounce it back without ever opening it. We told everyone we know that we have a Mac program that won’t allow forwards into our mac email accounts. AND THEY BELIEVE US.
December 21st, 2004 at 9:31 am
Forwards don’t bother me as much (and I don’t think that’s what Jon was referring to), but those emails for a larger penis/new mortgage/teenage girls/student loan etc etc need to be flushed by colon blow.
I have everyone who isn’t in my ’safe list’ or address book blocked from my email, but somehow that crap from orbitz still gets through the bastards….
December 21st, 2004 at 9:32 am
Spam also tastes bad - i mean tinned meat? - c’mon!
Colon Blow sounds like it could well appear on PHPBuilder.com or such like very soon!
December 21st, 2004 at 9:33 am
wix1et,
I’m aware of MT-Blacklist, thanks! Yes, you still have to install it with 3.1. Also, there is a new version of Movable Type that everyone needs to get.
http://www.movabletype.org (I don’t work for them, so technically, this isn’t spam)
December 21st, 2004 at 9:35 am
My own PHP/Perl cowboy has written a program for our low-traffic blogs that basically deletes any comment left for an entry more than 10 days after the entry was published, with the assumption that by that time any new posts are spam. While not as sophisticated a concept as Colon Blow, it has helped.
December 21st, 2004 at 9:36 am
I forgot to say mihow - I get around 400 spam emails a day… If I could get my hands on the mutha f*ckers i’d… well i’d be very angry!
p.s. sorry for the double post!
December 21st, 2004 at 9:43 am
Re: MT-Blacklist ó
Awesome plugin for MT; it definitely save my butt when I was in the midst of my own spam battle. I’m still mad that it has to come to that, though. It’s enough to make you shake your fist at the sky.
I also wish there were a way to delete commentsen masse in MT, so I could go through and take some big ol’ whacks at all that spam still coagulating in my archive.
December 21st, 2004 at 10:08 am
Sounds like someone needs to take SpamAssassin and port it over to an MT plugin.
December 21st, 2004 at 10:10 am
candice: we’re right there with you on MT Blacklist. the problem is that I get upawards of 400 comment spam a day that MT Blacklist blocks, but they sit there it my database taking up space. you can’t go in and delete en masse. and who in the hell has time to go in and delete 400 per day individually?
plus, these comment spams, they exist on posts where the COMMENTS ARE CLOSED. the spammers have hacked the cgi and are still getting through.
IT”S MADDENING.
December 21st, 2004 at 10:21 am
wow that IS a lot - forgive me for any ignorance here… is the spam marked in the DB as spam? if so a simple shell script could be made to run (via crontab) to flush the nasty little buggars out!
It’s a real shame that (as usual) the greedy few spoil or make life so much more difficult for the many - or in your case, the two!
December 21st, 2004 at 10:21 am
My husband is the computer person of the family. A few weeks back someone or someones hacked into our server and used it for spamming and whatnot. So he did something, and the some other thing and fixed it.
He said something about a program that would catch the automated hacker computers and keep them locked up for quite some time, deterring them from returning. Or something.
K, i’ll shut up now as i know not of what i speak.
December 21st, 2004 at 11:18 am
ahh…Colon Blow. Back when SNL was actually watchable
December 21st, 2004 at 12:13 pm
dooce, i just went to my DB and checked to see if the deleted/mt-blacklisted comments were hovering there, and they’re not. it looks like the comments are indeed deleted once they’ve been processed by mt-blacklist. i understand that you’ve got a ginormous number of comments in your DB–i don’t think i have 400 comments on my site total, let alone in a day–but they ought to all be legit.
December 21st, 2004 at 12:17 pm
oh man. dooce, after reading that, i’m THIS close to shutting down comments and trackbacks all together.
and has anyone else noticed referal spam? my referal page is filled with hits from random commercail sites.
i can’t escape them. ass cancer to them all!
December 21st, 2004 at 12:29 pm
jimbo, it doesn’t matter if you shut down comments & trackbacks–the bots are attacking the cgi scripts. i, like dooce, have experienced comments spam in -closed comments entries-, in the *password-protected area* of my site, and you bet i had a conniption fit over that before i figured out what was going on. due to the nature of the permissions on cgi-bin, the bots can still attack the scripts themselves.
there are a few threads in the movable type support forums on this topic, but since i don’t have the mt forums bookmarked here and i can’t seem to navigate to them from the mt site…i’ll have to get back with you on the URL of the best one i found.
December 21st, 2004 at 12:34 pm
oh, and jimbo–yes, i’ve noticed spam in the referral log too, for lack of something better to call it. i don’t understand how that happens.
and jon, sorry to pull the multicomment today. i have a lot to say on this issue, apparently. feel free to condense/compile into one annoyingly long comment if necessary.
December 21st, 2004 at 12:42 pm
Oh wow: comment spam on posts with closed comments? What a nightmare for those of us (ok: me) who dealt with the issue by using a script like mt-close2 (http://tinyurl.com/5gjoy) to close comments on 2000+ old posts. This is not good. Not good at all.
December 21st, 2004 at 12:43 pm
Oh wow: comment spam on posts with closed comments? What a nightmare for those of us (ok: me) who dealt with the issue by using a script like mt-close2 (http://tinyurl.com/5gjoy) to close comments on 2000+ old posts. This is not good. Not good at all.
December 21st, 2004 at 1:34 pm
400 spam comments per day??? Peanuts in a litter box! I was moaning about getting 20 per day … cannot imagine 400 …
December 21st, 2004 at 2:02 pm
I do get referral spam. That is one thing I have noticed.
Another thing I have noticed (and I have NO idea how this happen) is that a friend of mine who has a Hotmail account has the name Regina Statcher. I NOW get spam from a person with the name Regina Statcker. Same address, one letter off.
Coincidence? I think not. Disconcerting? Oh hell yes.
And I fall for it nearly EVERY time.
December 21st, 2004 at 3:10 pm
Hi,
You might want to take a look at this:
http://www.actionscripthero.com/blog/archives/000286.php
and this:
http://www.jessewarden.com/archives/2004/12/prevent_blogspa.html
on Jesse Warden’s site.
These Flash developers have come up with a good solution for comment spam. It uses Flash as the comment form (MTgotoAndComment by StÈfane Funaro) and Jesse also suggests making some changes to a MovableType pearl file to get it to block almost any comment spam.
Anyway, I hope that helps somewhat.
Good luck!
December 21st, 2004 at 7:17 pm
The problem with using a SWF is that, at least in theory, a script can be modified to read the bytecode making up the file. If you’ve ever decompiled a SWF, you can see that the data is readable to some degree. Obfuscation is a good idea, certainly, but I imagine that, were a SWF-based solution to become ubiquitous, a script would be modded pretty quickly.
While I think that there might need to be a paradigm shift in the way blogs work, I think that the simplest solution is to force the ‘captcha’ style solution. I know there are certain accessibility problems, and that many users are simply turned off by the extra step, and neither of these are insignificant. Until a new model for personal publishing pops up, the extra step might be the only solution.
Well, that, or MT et al could embrace a bit of security-through-obscurity and break from a standard sitemap… Something that might rewrite the form action for each request could be useful.
As it is, comments are basically an invitation to the world to use your site and server for the publication of any message they choose. This may not be true in intent, but it certainly is in execution. Authentication exists for a reason. While I think some elegance can be used in the enforcement, it may be the only true way to fit the idea of comments into blogs as MT has helped define them.
December 21st, 2004 at 7:43 pm
I just received my own first round of comment spam this past weekend. On one hand, it made me glad that my blog was finally linked from enough places and made public enough that a spambot was able to harvest it and comment-spam it. On the other hand, deleting 100 comments and blocking a dozen IP addresses kind of took up some quality time.
Comment spam sucks… especially for those of us who get excited when we see that someone’s finally commented — and, oh, look. It’s fucking SPAM. Thanks a lot, Texas Hold-Em Poker fuckface. Way to build me up and let me down.
But I’m not bitter at all.
December 21st, 2004 at 7:51 pm
and now i know how referal spam comes from, not surprisingly from a spam hit in my referals:
“Referral marketing in its simplest terms is a computer program travelling the internet at super-fast speeds, making sure to always enter all URLs in such a way so as to make the targeted site owners and statistical software think that YOUR site actually was the referrer of the seemingly real traffic.”
i swear, as soon as i rule the world, all forms of direct marketing will be banned.
December 21st, 2004 at 10:33 pm
I think this is all very interesting…I just can’t get the image of a “bowl of dicks” out of my head.
December 22nd, 2004 at 8:04 am
Yes! My work here is done.
December 22nd, 2004 at 9:29 am
On the subject of email spam - how is it that I regularly get spam at an email address I got under an alias and that said spam is addressed to my real name? Beyond annoying, it’s slightly perturbing - how do these people know my real name?