« Ahhhh... sweet impact. | Main | Update on the day »

Get your hands off me, you damn, dirty spammers!

So, woke up this morning, rolled over, and opened up the powerbook to suck down the morning mail. Hey, you have your traditions and I have mine.

Boom. 60 new messages to Websnark. Now... sixty new mail messages to my websnark accounts is no big deal, but this was sixty new comments. That meant either someone was royally pissed off over my post about Shortpacked, and we had a flamewar in progress (maybe someone doesn't like action figures?) or someone had found a way to spam me.

Yup. It was "B." I had 60 new trackback pings inviting all of you to check out Poker Online. I'd have had more, but the throttling had kicked in (which also meant people were having trouble making legitimate comments).

So, it was finally time to install MT-Blacklist. Which I have now done. We'll see.

Among other things, it means older entries will auto-moderate, which isn't a bad thing, but might mean some delay if you want to, oh, comment on the Megatokyo post or something.

Secondly... it might mean to some that hey -- we don't need Typekey any more. I mean, if I'm going to put in the magic Blacklister, why should we have the largely broken authentication service?

The answer to that is actually simple: Blacklist isn't anywhere near 100%. Right now... as annoying as it is to post through Typekey (especially if you're on Internet Explorer, which just doesn't work with it), there is no comment spam at all. The last time I used MT-Blacklist with a blog, lots of comment spam got through.

Now... it might be a good idea to set all entries to moderate, and then set it so Typekey entries are automatically approved, which can be done with this version of MT-Blacklist. That means that anyone who doesn't do a Typekey thing would need to have their comments approved by me before they appear. The problem there is... well, I have something of a life, and so comments might sit, unapproved, for a very, very long time.

Of course, I could designate some other approvers. But hand in hand with that comes... well, other writers here on Websnark. Which people have been mentioning to me for a long time now, and which I admit might not be a bad idea. Only it is an official Step.

I dunno. What do people think? How best do we repel the boarders, keep me sane, keep me from having to do websnark stuff for hours a day beyond the actual writing, and make everyone happy?


TrackBack URL for this entry:


Non-Burns Snarks? Hmmm... don't know if I like that or not.

But that spam is bad. Maybe another moderator could help keep the spam down, without writing?

I wound up ditching Movable Type and going with WordPress. Since doing so, I've seen only three attempts at comment or trackback spam -- all failed, since I have moderation turned on.

If you don't relish the thought of changing software (though WordPress made it easy to import my MT entries), I'd incline toward the moderation-with-Typekey-approval option; you'd be no worse off than you are now...

MT and Wordpress are very similar. I know Wordpress has a setting where it will block and hold a list of your choosing. And I pick the initials at the front of thier bogus e-mails, so they cant use it again.

Also, I may suggest a "nofollow" plugin installed--- this means that the people who DO squeek through, it was pointless anyway, because Google wont follow the links. Thats why these companies exist, to push up their Google rank numbers in google and other search engines...... They're not really going after readerships.

JOey Manley's blog has a COMMENT in the forum feature-- maybe you need a message board for commenting on posts. I know thats a pain though. Its something I've been thinking about doing at Yirmumah.net

IMO, there's no reason to change the comment setup at all: if it ain't broke, right? It sounds like moderation for trackbacks is the real need, and it's the kind of problem you can whitelist. A well-formed trackback includes the URL of the post and possibly the blog name. When a trackback comes in from a new blog, it could be held for moderation, and once approved, any further trackbacks from the same blog would be OK. If it was declined, the sending blog would be blacklisted. Assuming that there's a slowly-growing population of blogs that are going to trackback Websnark, the moderation requests won't be onerous.

Also, as djcoffman suggests, nofollow is a good add-on for the future; as link spammers get more advanced, they may detect blogs that use it and ignore them.

No sooner do I post my WordPress recommendation than my webserver gets *hammered* by a trackback spammer. Fortunately I have plans to upgrade my webserver from a P200...

Attention spammers: U SUK

Nofollow has been implemented (I just checked it on Mark's link, and it worked just fine). So even if they do spam us, it does them no good. Scorched Earth, baby!

It'll take them awhile to actually catch on.. which means a BIG hit to budgets for hiring these spammers.

It seems there is a Phillipines call center type place that tries to access my blog hundreds of times a day but it denied.

Mark -- some would say it is broke right now, since some people have trouble commenting on Websnark right now.

I see I assumed the goal was just to maintain the pre-Trackback-spam status quo. Instead of discarding Typekey entirely, what about fixing the IE6 problem? I can duplicate the problem, and I believe it's the same one discussed here. At first blush it doesn't seem insurmountable. For instance, IE claims to allow third-party cookies that include the appropriate compact privacy policy, so including that in the Set-Cookie might be a fix; you might also be able to relocate your CGIs to the websnark.com domain, which would solve the cookie problem. As an immediate fix, IE users can also hit the little do-not-enter dealie on the status bar and allow the cookie to make comments work for them.

Sorry to patronize if this stuff is obvious to you. If not, I'm happy to give any help or advice I can.

Oh, hell. You too? I got the exact same thing over on A Place For Gema this morning. (Hell, now I need to post to A Place For Gema.)

No idea. My response was to kill Trackback completely, which isn't such a great plan for others.

hmm.. just tried the sign-in thing from scratch, and really all you need to do in IE 6 is to set IE to accept all cookies from websnark.com, as Mark suggested.

Seriously, who buys stuff from spam? Ever? Some idiot I guess.

Trouble is, there are lots of idiots out there, and spam's dirt cheap to send.

Huh, synchronicity. I just was looking at someone's blog*, and they linked an article on blog-spamming. Specifically, an interview with a blog-spammer.

"The Register" article.

* The blog was "Making Light", by the way.

I've been having the same problem on the Web Glob. It's aggrivated by the fact that I don't know how to remove trackbacks...

Switch to WordPress and be done with it.

Sadly, it doesn't look like WordPress has any particular advantage when it comes to blogspamming and the like. There are other advantages it does have, and I'm strongly considering a migration, but this ain't the driver for it.

With MT-Blacklist in place, we seem to be okay for the moment. More news as events warrant.

As usual I have nothing useful to say - but I do offer up white chocolate macademia nut cookies to all spamm sufferers.. and am thinking hockey sticks and duct tape at evil spammers.

I've been having to deal with these link spammers a lot at work, myself. Someone's hijacked an Indian dating site, and was using their online email sending form to sign up for our site and as a proxy to send us spam links. Ended up banning 22 fake accounts for the same person. Couldn't do an IP ban without banning an entire major Indian ISP, gr..

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)