Goodbye comments!

I have disabled comments on the blog. The attempts to post spam are endless, and less than 10% of the comments that make it through the spam filter contain real content. It is a poisoned well.

If you are searching for 2H7XX8

or A4O0YC, I have blacklisted all *.se domains from submitting comments.
This appears to be a new spam tactic, or combination of tactics. The first is to submit a meaningless string in a comment, which is used with a search engine to find sites where previous spam messages have been crawled. The second tactic is to link to seemingly harmless urls which are actually spam farms full of PPC crap (Porn, Pills, & Casinos).

New spam technique

Spammers are now creating junk domainnames (short nonsense words made of numbers and letters) in an attempt to avoid blacklist filters. Of course unless a large number of junk domains are used, it is easy enough to add one or two domains to the blacklist and defeat an ongoing attack.
I’m going to have to dump Movable Type soon.

Comments Disabled

I am disabling comments due to a particularly nasty spam attack.

Trackback Attack

Starting from December 8, this site has received over 400 phony trackbacks from 60 assorted referrers. It appears that someone is testing yet another spam client. The ip address varies, with one or two hits from the same ip with the same referrer, and 5-7 hits per referrer. Probably a network of zombied clients controlled over IRC.
Many of the referrers are for older, archived blog postings. Why would a blog article posted in July submit a trackback ping in December? It wouldn’t, of course, because this is just another attempt at spam.
I am also getting attempts to POST trackbacks for Drupal and whatever package uses the file “xmlrpc.php”.

comments de-activated

I am disabling comments on my blog for a few days, as I won’t have time to maintain things (i.e. delete the occasional spam storm) for a few days. If you’d like to send me a message, there’s an email address on the left side of the index page.
31 July Update: comments are back on.

dummy forms

Near the end of March, I disabled comments to the site (I renamed the script, thus breaking the link). I have been getting a new kind of comment spam that doesn’t get caught by MT Blacklist; those clever boys are randomly encoding the characters in their urls, so instead of “online-casinos” the url is “online-casinos”. The blacklist plugin doesn’t convert those entities back into characters, so they get past the filter.
This is, perhaps, fixed in the newer versions of MovableType, I don’t know, and I’m not upgrading just to find out. The spammers who use this method are a more sophisticated variety, they are using multiple IP numbers (either open proxies or zombied machines) so there’s no point in IP banning.
I’ve implemented dummy forms, as suggested by SimonG. These are duplicate comment entry forms that don’t display in the brower and that point to an incorrect comment URL. The idea is that automated scripts which look at the page source for the form tags will grab field names and urls from the dummy form, thus preventing the spam from getting posted.
I have also disabled new comments on older articles.

the end of trackbacks

delete from mt_tbping where tbping_blog_name = “online poker”;
Fortunately this site is just the one blog, so when the comment spammers decide to start trackback spam there is no one to complain if I disable trackbacks. It is also nice to be able to write SQL commands to wipe out swathes of spam.
I know that when someone chooses to spam my site, it is nothing personal. But at the same time, when someone spams my site, it is nothing personal, and that is why it sucks. It is a kind of pollution, kind of like if the Coca Cola company decided for their next ad campaign to dump millions of empty Coke cans on the side of the highway. “Hey, look at all the Coke cans, that must be one fucking tasty carbonated beverage.”
Interview with a link spammer. Not much of an “interview”, but an interesting snapshot nonetheless.
UPDATE: I’m now getting 30-100 blacklisted comment hits per day. Pray the defences hold!

Hello 66.144.4.6

Between 5:46 AM and 6:18 AM, the computer at 66.144.4.6 posted 216 comments advertising various medical prescriptions to this site.
spam.gif

the latest in spam technology

For some reason comment spam has dropped to near zero on my site. I don’t know whether to be happy or insulted. Meanwhile, on the email spam side of things, it appears that the popularity of Bayesian filtering has sent some spammers over the edge, to the point where they send out messages like this:
Online Phar?macpy
Save Over 50% On Y;omur P}rescsnriptio?n Druhvgs
With o/u|r online pharmacy you cOan saFve thousands oUf dolla|r8is
eiach Nye14ar on coXstl’y medicationjs.
WDe WsenCl>l almo!st aWXny mie3dica*tio{n yTtou w?o%ug1ld nee(d fDNrom
:Xanax )to Vi%codibqn.
No p*rescriN9ption Gis needed. B1So shop our pharmacy and staq6rt
saviQUng todaEy

This elevates spam filtering into a kind of CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) [link], you must somehow read the obfuscated message to determine that it is spam.

Next Page »