Flow Through
December 21st, 2004I’ve been thinking a lot about spam lately. Email, snail mail, comment and other variants. I spend a lot of time managing spam of all kinds. The best management victories have been with email spam.
Email apps seem to have evolved to a point where I can train the app to simply get the mail and throw the spam away as fast as I get it. If some of my personal email gets lost, that is the cost for flushing the shit out as fast as the toilet is full.
I got thinking about the toilet metaphor in relation to comment spam. If a spammer’s setup allows it to shit out spam, then my toilet needs to be large enough to hold it and flush it down.
If I were the badass codeslinger, I’d code up a plugin that did just that and call it Colon Blow. Since I’m not adept at perl or php (did you see how long it took me to get the fucking individual archive pages to display recent entries?) I’d like to suggest to either Jay Allen or Anil Dash or maybe even the entire blogging world despite your platform of choice, to create a comment spam plug-in called Colon Blow that allows a person to simply log the spam, submit it to a powerful anti-spam coalition and flush it without much fuss. In other words, when I get a comment that is questionable, I click a link/button that says, “Yes, This Is Spam. Invoke Colon Blow”. When Colon Blow is invoked, a number of things happen (reporting, deleting from the database and a holistic exorcism on the server), but I don’t see them. And if I choose not to do anything, Colon Blow periodically goes through my database and deletes comments older than a few days that I haven’t declared as spam or approved.
Better yet would be a plug-in that traced the comment spam to the spamming machine’s MAC address and re-routed the spewage right back to that machine, effectively blowing the shit right back at the spammers. That would be killer sweet.
And finally, a note to the comment spammers: You are the spore on the rotting sewage that is oozing through the world’s toilets. I hope you’re happy ruining the holidays for children everywhere and in general, ruining the internet for everyone else.
In a past life I was a second grade teacher. o
December 21st, 2004 at 10:21 am
My husband is the computer person of the family. A few weeks back someone or someones hacked into our server and used it for spamming and whatnot. So he did something, and the some other thing and fixed it.
He said something about a program that would catch the automated hacker computers and keep them locked up for quite some time, deterring them from returning. Or something.
K, i’ll shut up now as i know not of what i speak.
December 21st, 2004 at 11:18 am
ahh…Colon Blow. Back when SNL was actually watchable
December 21st, 2004 at 12:13 pm
dooce, i just went to my DB and checked to see if the deleted/mt-blacklisted comments were hovering there, and they’re not. it looks like the comments are indeed deleted once they’ve been processed by mt-blacklist. i understand that you’ve got a ginormous number of comments in your DB–i don’t think i have 400 comments on my site total, let alone in a day–but they ought to all be legit.
December 21st, 2004 at 12:17 pm
oh man. dooce, after reading that, i’m THIS close to shutting down comments and trackbacks all together.
and has anyone else noticed referal spam? my referal page is filled with hits from random commercail sites.
i can’t escape them. ass cancer to them all!
December 21st, 2004 at 12:29 pm
jimbo, it doesn’t matter if you shut down comments & trackbacks–the bots are attacking the cgi scripts. i, like dooce, have experienced comments spam in -closed comments entries-, in the *password-protected area* of my site, and you bet i had a conniption fit over that before i figured out what was going on. due to the nature of the permissions on cgi-bin, the bots can still attack the scripts themselves.
there are a few threads in the movable type support forums on this topic, but since i don’t have the mt forums bookmarked here and i can’t seem to navigate to them from the mt site…i’ll have to get back with you on the URL of the best one i found.
December 21st, 2004 at 12:34 pm
oh, and jimbo–yes, i’ve noticed spam in the referral log too, for lack of something better to call it. i don’t understand how that happens.
and jon, sorry to pull the multicomment today. i have a lot to say on this issue, apparently. feel free to condense/compile into one annoyingly long comment if necessary.
December 21st, 2004 at 12:42 pm
Oh wow: comment spam on posts with closed comments? What a nightmare for those of us (ok: me) who dealt with the issue by using a script like mt-close2 (http://tinyurl.com/5gjoy) to close comments on 2000+ old posts. This is not good. Not good at all.
December 21st, 2004 at 12:43 pm
Oh wow: comment spam on posts with closed comments? What a nightmare for those of us (ok: me) who dealt with the issue by using a script like mt-close2 (http://tinyurl.com/5gjoy) to close comments on 2000+ old posts. This is not good. Not good at all.
December 21st, 2004 at 1:34 pm
400 spam comments per day??? Peanuts in a litter box! I was moaning about getting 20 per day … cannot imagine 400 …
December 21st, 2004 at 2:02 pm
I do get referral spam. That is one thing I have noticed.
Another thing I have noticed (and I have NO idea how this happen) is that a friend of mine who has a Hotmail account has the name Regina Statcher. I NOW get spam from a person with the name Regina Statcker. Same address, one letter off.
Coincidence? I think not. Disconcerting? Oh hell yes.
And I fall for it nearly EVERY time.
December 21st, 2004 at 3:10 pm
Hi,
You might want to take a look at this:
http://www.actionscripthero.com/blog/archives/000286.php
and this:
http://www.jessewarden.com/archives/2004/12/prevent_blogspa.html
on Jesse Warden’s site.
These Flash developers have come up with a good solution for comment spam. It uses Flash as the comment form (MTgotoAndComment by StÈfane Funaro) and Jesse also suggests making some changes to a MovableType pearl file to get it to block almost any comment spam.
Anyway, I hope that helps somewhat.
Good luck!
December 21st, 2004 at 7:17 pm
The problem with using a SWF is that, at least in theory, a script can be modified to read the bytecode making up the file. If you’ve ever decompiled a SWF, you can see that the data is readable to some degree. Obfuscation is a good idea, certainly, but I imagine that, were a SWF-based solution to become ubiquitous, a script would be modded pretty quickly.
While I think that there might need to be a paradigm shift in the way blogs work, I think that the simplest solution is to force the ‘captcha’ style solution. I know there are certain accessibility problems, and that many users are simply turned off by the extra step, and neither of these are insignificant. Until a new model for personal publishing pops up, the extra step might be the only solution.
Well, that, or MT et al could embrace a bit of security-through-obscurity and break from a standard sitemap… Something that might rewrite the form action for each request could be useful.
As it is, comments are basically an invitation to the world to use your site and server for the publication of any message they choose. This may not be true in intent, but it certainly is in execution. Authentication exists for a reason. While I think some elegance can be used in the enforcement, it may be the only true way to fit the idea of comments into blogs as MT has helped define them.
December 21st, 2004 at 7:43 pm
I just received my own first round of comment spam this past weekend. On one hand, it made me glad that my blog was finally linked from enough places and made public enough that a spambot was able to harvest it and comment-spam it. On the other hand, deleting 100 comments and blocking a dozen IP addresses kind of took up some quality time.
Comment spam sucks… especially for those of us who get excited when we see that someone’s finally commented — and, oh, look. It’s fucking SPAM. Thanks a lot, Texas Hold-Em Poker fuckface. Way to build me up and let me down.
But I’m not bitter at all.
December 21st, 2004 at 7:51 pm
and now i know how referal spam comes from, not surprisingly from a spam hit in my referals:
“Referral marketing in its simplest terms is a computer program travelling the internet at super-fast speeds, making sure to always enter all URLs in such a way so as to make the targeted site owners and statistical software think that YOUR site actually was the referrer of the seemingly real traffic.”
i swear, as soon as i rule the world, all forms of direct marketing will be banned.
December 21st, 2004 at 10:33 pm
I think this is all very interesting…I just can’t get the image of a “bowl of dicks” out of my head.
December 22nd, 2004 at 8:04 am
Yes! My work here is done.
December 22nd, 2004 at 9:29 am
On the subject of email spam - how is it that I regularly get spam at an email address I got under an alias and that said spam is addressed to my real name? Beyond annoying, it’s slightly perturbing - how do these people know my real name?