It’s just data

Spam Update

Based on the lively discussions of the past few days, it certainly appears that requiring a preview does not impede the flow of discussion.  Cool.

Spam also is way down, despite my having removed and relaxed a number of other defenses.  Notably, my spam throttle has not been activated for over two weeks.  Apparently some spammers do read weblogs and warnings deter these folks.

My initial implementation of requiring a preview was simply to omit the submit button from the page - the underlying code did not change.  Amusingly, about 40% of the spam I did receive did not do a preview first, indicating that they had bypassed the html pages.  This is easy enough to fix - a nonce is now provided on the preview form, and verified on the submit.

As currently implemented, nonces can only be used once, and expire after 30 minutes... so if more than 30 minutes elapses between preview and submit, then the submit will effectively be interpreted as a second preview, resetting the clock.


I'm trying your approach, but have not implemented a nonce. Will have to look at implementing this with MT. However, I'm finding that just turning off comments on older posts works nicely, too.

Hesitate to tweak MT's code, as it just gets overriden with new releases and have to tweak yet again.

Posted by Shelley at

The majority of my spam these days is due to the fact that my weblog shows up prominently on searches like this one, so most of my spams have been against recent items.  And at the moment the warnings I provide on attempts to comment on older posts seem to have deflected a majority of such spams.

A few notes:

First, I am doing this for fun.  When it ceases to amuse me, I will simply do something different.

Second, (and directed not specifically at Shelley, but at everybody), I am running different software than you are.  I show up on different search queries than you do.  Things that work for me, may not work for you, and vice versa.

That being said, there is no reason that we can't inspire and/or amuse each other.  One person that I have enjoyed following is Jacques Distler - I particularly enjoyed the part about rejecting spam because it was not well formed XHTML.

He also is apparently using a nonce, and doing it with MT.

Posted by Sam Ruby at

Hmmm. Maybe I'll have to release my MovableType plugin for computing SHA1 hashes:

<MTSHA1Hash> ... </MTSHA1Hash>

Combine that with a nonce, and you can ensure that each comment is actually run through the Validator before it can be posted.

I'm not a programmer, so my implementation probably sucks. But I am having fun...

Posted by Jacques Distler at

Shelley wrote:

Hesitate to tweak MT's code, as it just gets overriden with new releases and have to tweak yet again.

Two words: "diff" and "patch".

Posted by Jacques Distler at

Oh, stopped being fun for me a while back. Thanks for pointing out the MT nonce, will look at it.

Jacques, sure, can run diff. Most programmers can. But then, what if you're just a weblogger trying to write?

P.S. Just got your warning label. Sam, you're blacklisting IP addresses? I'm surprised at that one.

Posted by Shelley at

re: blacklisting.  I am throttling based on ip address, url, and content; and each because I have seen specific instances where attempts have been made to mass spam my weblog using such techniques.  Such throttling effectively amounts to a temporary blacklist.

Previously, I had approximately a half dozen entries in my .htaccess blocking specific ranges of ip addresses.  These were in response to repeated attempts to place spam on my weblog.  Not somebody else's weblog, but mine.

I removed these entries this morning because I did a scan of my apache logs and only once in the past week have any posts originated from any of these ip addresses.  We shall see if the nonce is sufficient to block such requests.

Posted by Sam Ruby at

Shelley wrote:

Jacques, sure, can run diff. Most programmers can. But then, what if you're just a weblogger trying to write?

Somebody needs to package up these hacks with a nice easy-to-use installer, with clear, easy-to-follow instructions, and then be ready to hold people's hands when they nonetheless manage to spooge it.

Such a person is called an "Application Developer." I'm definitely not one of those ...

Posted by Jacques Distler at

RE: nonce

I handle things in similar fashion... although in my case, the "post token" is regulated via Coldfusion's session management.

Posted by Roger Benningfield at

I am currently being deliberately attacked. I've had to shut down all comments.

Jacques, if you have an MT version of Sam's implementation that could work with this beastie, where is it?

It is the script kiddies -- they found the script at slashdot and have hooked it up to a proxy for disposable IPs.

Posted by Shelley at

My version of Jacques version of Sam's idea, minus the time factor, is in your in box. Not too hard to script around, but maybe enough to use up their remaining attention and send them on to someone else who hasn't bought a Club yet.

Posted by Phil Ringnalda at

Though, come to think of it, my version really isn't very good, other than as one in a long chain of weak tools. Rats, I'm going to have to figure out how to use MT::PluginData, before someone figures out my weakness.

re: For fun.

Absolutely. I can live without comments for longer than the average troll's attention span, so if I screw up, hey, comments just go off for a day or two. If I can make it for months without posting, I can sure survive a few days without comments.

Posted by Phil Ringnalda at

Phil, I'm sure what you sent would have held the person up tonight. I'll incorporate tomorrow.

I'll also do without comments, but would like not to.

You know, maybe I'm paranoid, but this attack tonight seemed personal. Logs don't show this, but it sure felt like it.

Posted by Shelley at

Not so fun anymore

I woke this morning ready to dive into my code and put in other comment fixes. Both Phil Ringnalda and Jacques Distler sent code that could help, and Sam Ruby offered help. As grateful as I am for their kindness, I don't know if I will make the changes. A year ago, maybe, but now, I just don't know. Earlier in a weblog posting about comment spam Sam Ruby wrote about the tweaks he does to prevent comment spamming: First, I am doing this for...... [more]

Trackback from Burningbird

at

The F Word

No, not that one, the three-lettered one... [more]

Trackback from Your Guess Is As Good As Mine

at

Beware of Strangers

If they don't come back, it is not possible to have a two way conversation, is it?  Robert Castelo:  Um, the fact that you are getting paid is supposed to make me feel better?  I don't think so.  And I have to agree here with what Doc said about conten... [more]

Trackback from Sam Ruby

at

Stepping Stones to a Safer Blog

In the last few weeks, I've been hit not only by comment spammers, but a new player who doesn't seem to like our party: the crapflooders, people who use automated applications (you may have heard of MTFlood or some variation) to literally flood comments or trackbacks. At one point I was hit with over 1000 comments in one of my posts, another time over 500 trackbacks. If you add in rebuilds and email, this can be a stress on the web server. Not to mention...... [more]

Trackback from Burningbird

at

Porn does drive technology

I don't really know what I might have broken, but it doesn't matter in the long run, it had...... [more]

Trackback from Ztuff

at

What I currently do to stop comment spam on WanderingThoughts

What I currently do to stop comment spam on WanderingThoughts WanderingThoughts has been pretty free of successful comment spam attempts for a while, so I think it’s about time to write up all of the various things I’m currently doing to stop...

Excerpt from Chris's Wiki :: blog at

Add your comment