What's the definitive solution to comment spam on weblogs?
March 15, 2004 12:37 PM Subscribe
IP EXPERTS! What's the definitive solution to comment spam on weblogs? I manage one that has been spammed with links to supposedly pornographic third-level domains, e.g. http://red-hot-anal-sluts.boringaddress.com, sometimes with a folder afterward. [Mo' inside]
When the first couple came in I just banned the IP (in Moveable Type), but they keep on coming, with new IPs. I can find interesting info about the IPs and the domain name here, but then what do I do? After all, the owners of the domain may not even be aware of, much less responsible for, the spam. Legally speaking, that is. So, is there a way to convey "cease-and-desist" so it gets through to the spammer? And if they're just jumping on IPs temporarily, is someone else going to be blocked later because of this? Any answers, including pointers to previous AskMefi threads (I did look, but couldn't find), will be greatly appreciated.
When the first couple came in I just banned the IP (in Moveable Type), but they keep on coming, with new IPs. I can find interesting info about the IPs and the domain name here, but then what do I do? After all, the owners of the domain may not even be aware of, much less responsible for, the spam. Legally speaking, that is. So, is there a way to convey "cease-and-desist" so it gets through to the spammer? And if they're just jumping on IPs temporarily, is someone else going to be blocked later because of this? Any answers, including pointers to previous AskMefi threads (I did look, but couldn't find), will be greatly appreciated.
Mark Pilgrim is of the opinion that there is no definitive solution, at least as long as you accept comments/trackbacks from strangers.
posted by timeistight at 1:13 PM on March 15, 2004
posted by timeistight at 1:13 PM on March 15, 2004
I noticed something interesting in my referers the other day. Someone was carefully googling for pages with blosxom's standard text for comment pages. And then proceeding to POST the usual filth.
So my first recommendation is to alter your comment templates to make them less discoverable through Google.
Sadly, I think Mark Pilgrim is right though.
posted by i_am_joe's_spleen at 1:36 PM on March 15, 2004
So my first recommendation is to alter your comment templates to make them less discoverable through Google.
Sadly, I think Mark Pilgrim is right though.
posted by i_am_joe's_spleen at 1:36 PM on March 15, 2004
Start with MT-Blacklist. That largely fixed it for me as well. If that doesn't work, you can change the name of the CGI script that gets called when posting comments. It won't prevent all comment spam, but it will at least make it more difficult to launch an automated attack without at least looking at your site. You can also force user creation to post comments. Some people have suggested doing that in conjunction with those graphics that it's easy for a person to figure out, but hard for a machine to figure out. It's a usability nightmare if you have sightless visitors, and forced user sign ups will also raise the threshold of what it takes to encourage somebody to comment. If none of that works, then your only hope is to turn off comments all together.
posted by willnot at 1:47 PM on March 15, 2004
posted by willnot at 1:47 PM on March 15, 2004
Jacques Distler has posted a number of patches to MT that discourage comment/trackback spam and crapflooding (as well as search-crapflooding). I think his patches conflict with MT-blacklist, but I've installed them and I get one bit of comment spam every couple of weeks now.
posted by adamrice at 2:12 PM on March 15, 2004
posted by adamrice at 2:12 PM on March 15, 2004
Response by poster: Thanks all - I was unaware of MT-blacklist and from looking at the page it seems to be right along the lines I'm looking for.
posted by soyjoy at 2:18 PM on March 15, 2004
posted by soyjoy at 2:18 PM on March 15, 2004
soyjoy, I have installed Jay Allen's MT-Blacklist, and while it does work as advertised, it's key to populate it with keywords of the spammers. Not just the URLs.
Aside from that, while I havent done it yet myself, changing the mt-comments.cgi to a different name is also an important step I have been told, so that you are less easily found via google.
posted by gen at 5:17 PM on March 15, 2004
Aside from that, while I havent done it yet myself, changing the mt-comments.cgi to a different name is also an important step I have been told, so that you are less easily found via google.
posted by gen at 5:17 PM on March 15, 2004
I have to also say MT-Blacklist, I just ban the URLs as they come in and it's done a very good job.
posted by frenetic at 9:34 PM on March 15, 2004
posted by frenetic at 9:34 PM on March 15, 2004
This thread is closed to new comments.
posted by bcwinters at 1:03 PM on March 15, 2004