Blog spammers must die

Posted by Scott Laird Sat, 24 Jan 2004 03:22:58 GMT

Overnight, I was hit with 108 comment spams for Xenical from 66.36.249.149. Very irritating, especially since MT doesn’t have a good way to delete bulk spam. This spammer was kind of interesting–it looks like he was actually following the HTML from my archive pages, rather then blindly attacking /mt/mt-comments.cgi. That means that simply renaming the comment CGI probably wouldn’t have stopped this attack.

Here’s a chunk of the access log for those who are interested:

66.36.249.149 - - [23/Jan/2004:03:42:54 -0800] "GET /scott/archives/000001.html HTTP/1.0" 200 5368 "-" "http://@nonymouse.com/ (Unix)" 0 scottstuff.net
66.36.249.149 - - [23/Jan/2004:03:43:02 -0800] "POST /mt/mt-comments.cgi HTTP/1.0" 200 59 "-" "http://@nonymouse.com/ (Unix)" 3 scottstuff.net
66.36.249.149 - - [23/Jan/2004:03:43:05 -0800] "GET /scott/archives/000002.html HTTP/1.0" 404 220 "-" "http://@nonymouse.com/ (Unix)" 0 scottstuff.net
66.36.249.149 - - [23/Jan/2004:03:43:13 -0800] "GET /scott/archives/000003.html HTTP/1.0" 200 8678 "-" "http://@nonymouse.com/ (Unix)" 0 scottstuff.net
66.36.249.149 - - [23/Jan/2004:03:43:17 -0800] "POST /mt/mt-comments.cgi HTTP/1.0" 200 59 "-" "http://@nonymouse.com/ (Unix)" 0 scottstuff.net

Google suggests that ‘@nonymouse.com’ is an anonymizer, so the spammer was actually abusing two services, not just mine. Which also means that the IP address given isn’t very useful.

I’m not sure how best to handle this sort of thing in the future–I’ll try renaming mt-comments.cgi to something less obvious, and probably javascript-ify the comment link on my pages. That’s rude to the poor users without javascript enabled in their browser, but I don’t want to spend hours deleting spam again.

Longer-term, it’d be nice if MT added moderated comments, and a way to automatically change the open/moderated/closed status of entries after a set period of time. That way, new posts could have open comments, and then be auto-moderated after a week or two. That seems like a decent compromise to me, and it’s orthogonal to most of the other anti-blog-spam suggestions that I’ve seen.

Bastards.

Comments closed: bizarrely enough, this post gets more comment spam then any other page on my blog (and nearly more then all other pages), so I’ve closed comments.

Posted in  | Tags ,  | 4 comments

Comments

  1. Justin Akehurst said 2 days later:

    Scott - I noticed that MT is now to Ver 2.661. Looks like they have backported a comment spam feature from their 3.0 line to the 2.x series.

  2. Black Tea said 6 days later:

    <h1>Black Tea</h1><br>I found the best tea for me <a href=http://black.com/tea.htm rel=”nofollow” rel=”nofollow”>Black Tea</a>

  3. Tobias Hoellrich said 20 days later:

    I use the mt-blacklist modules and they work just fine for me. It’s really easy to install the stuff and getting rid of comments is a matter of clicking a link in the comment notification email. Have a look at <a href=”http://www.kahunaburger.com/blog/archives/000104.html” rel=”nofollow” rel=”nofollow”>http://www.kahunaburger.com/blog/archives/000104.html</a> , where I just recently banned nonymouse.com from my web-site.

  4. Scott Laird said 20 days later:

    Yeah, I finally installed mt-blacklist. It really helps when you’re trying to delete 120 spams at a time.

RSS feed for this post

Comments are disabled