Spam Fighting
By Oli
At 1:02 PM · Sunday, 7 December · 2003
To The ‘Net · Weblogging
Adam Kalsey has posted a Comment Spam Manifesto, which I wholly support. It’s a call to arms for weblog writers in the fight against spammers; an attempt to make spamming weblogs more trouble than it’s worth. Here’s my contribution (the “(more information)” links are to articles I’ve written):
Weblog Protection
- If you are using a version of MT up to 2.64, make sure you’ve updated or disabled
mt-send-entry.cgi(more information)
- Try to keep your copy of MT updated, as new anti-spam features are gradually being included. MT 2.66 includes comment throttling and automatic flood-IP banning, and MT 3 will include comment registration.
- Install the MT-Blacklist plugin from Jay Allen to stop weblog comment spam. The plugin uses regular expressions to block spam, and adds a “de-spam” URL to comment notification emails allowing one-click removal (more information). His Comment Spam ClearingHouse also provides blacklist updates via RSS (v1.0 & v2.0), allows comment spam submission (for possible blacklisting), and covers weblog comment spam-related developments.
- Implement some of Yoz Grahame’s Seven tips for a Spam-free MT, especially the first one (renaming mt-comments.cgi). You could then make a script that bans access and call it mt-comments.cgi to ban future spambot attempts that rely on this script.
- Another technique is to close comments on older posts, using the MT-CloseComments plugin from Alan Carroll. It can close on age, inactivity or both. I think this should only be used as a last resort (after the above methods), as it prevents useful comments as well as spam.
- Users of other weblogging software should check out BLAM, a project for making MT-Blacklist equivalent plugins for other weblogging platforms.
- Although not necessarily MT-related, spammers are also spamming referrer lists (making it look like people have visited you from a spammer’s website), presumably because some MT users display referrers. If you do, make sure you are protected. Also, be careful of following suspicious URLs in your log files.
Taking the fight to the spammers
- Adam Kalsey with Cutting comment spammers off at the knees (how to shut down the websites that comment spammers are promoting)
- Stentorian.com’s Guide to tracing a Spammer’s Website so you can report them to their ISP and shut them down
- Shutting down spammers who use incorrect information when registering their domain (it’s about referrer spam, but this method applies to any website-based spammer).
- You can publish what you find and ‘own the spammer’ (become the #1 link for their company name on Google.com). Roji-san has a great write-up of his experiences with comment spammers 1-pill.com, which is presently #2 on Google behind 1pill’s own site.
- Sam Spade; a collection of tools to get the dirt on spammers (mentioned in the Stentorian.com guide above)
Whoislookups;- Whois.sc Reverse IP lookup. It also does domain names, and Whois.sc also has a great domain explorer (more information).
- Arin Whois is another similar service
- Geobytes’ IP Locator gives a geographic position of IP addresses, which can be useful for addresses that don’t have a record in the other Whois services.
- IP Owner lookup allows you to see who an IP number is managed by
- For the truly dedicated, consider reforming weblog commentspammers one at a time, and maybe even making some money from it. Roji-san has written a comment license that involves a $150USD “reading fee” for any commercial material posted on his site, and looks pretty legally sound. So far he’s had 5 ‘encounters’, two of which have resulted in the offending companies claiming to have changed their ways. He’s also pursuing litigation against another comment spammer (!). Go Roji-san!
General Information
- I wrote a guide on Spam, viruses and chain mail that contains basic self-protection info.
- I’d love a link to a guide on reporting spam email, preferably semi-automatically. Please post a comment if you know of one!
- And for humour value, the Make Money Fast Hall of Humiliation
Before you go into battle, be aware of the risks. Spammers are not stupid, and they’re doing this as a business. Make sure you’re prepared if they fight back. Having said that, hitting a spammer where it hurts (their business) is a great way to slow them down. If you’re an optimist like Roji-san you could even believe that some of them might give up spamming for something less troubling (and more legal). That’s a lot of optimism though ;-)
Now go, and Fight the good fight! Huzzah!
Discussion...
- 1. Comment by Rudolf · 7 Dec, 2003 · 8:32 PM
Hmmm — I’m blocked from the Dive-into-Mark page:
403 - Forbidden. Please respect my limited bandwidth and refrain from using spambots, screen scrapers, or bulk downloaders on this site. If you feel you have been unfairly denied access, please contact me via the “f8dy” address at this domain.
When I hit Reload, the page comes up fine, though. I wonder what happened there; maybe Mark doesn’t like your ISP?
Scary stuff, that article is, by the way.
- 2. Comment by oli · 2 Jan, 2004 · 5:57 PM
Hey Rudolf. I missed this comment first time round. I tried the link, and it seems fine at the moment. I know Mark has some pretty hard-core anti-spambot measures in place (3 pages of
.htaccess, spider traps etc). I would have guessed that he’d mistakenly identified your browser as a spambot/bulk downloader, but if that was true a reload wouldn’t have fixed anything. Strange!And scary indeed!
PS I just realised I made an embarassing yet amusing spelling mistake in my URL slug for this page. It should have been “spam_fighting” but I wrote “smap_fighting”. Given that SMAP is a massively popular boy band in Japan, this is kinda funny ;-)
- 3. Comment by oli · 2 Jan, 2004 · 6:12 PM
Google-watch has an IP Owner lookup which allows you to see who an IP number is managed by. Might be useful.
- 4. Comment by oli · 20 Jan, 2004 · 12:12 AM
This is hilarious — Roji-san basically owns 1pill.com (presently 2nd after the company itself in Google). He has written some other good anti-spam reading too.
