« Teaser for Episode 48: Politics as Usual | Main | Tuesday »

October 4, 2005

Web Site News - A Whole New World of Comment Spam

by Ferdinand T Cat

There is a new type of comment spam out there.

Because so many top-tier blogs use Movable Type, it remains a primary target for spammers. (This is why some presence providers won't allow Movable Type.) As of version 3.2, spam protection is built-in. One of the characteristics of the spam protection is that if a particular user has already had a comment published, a new comment by the same person is more likely to be accepted.

So, for example, if you use the word "poker" in a comment and you have never left a comment here before, your comment will be flagged as spam; however, if you have left a comment here before, the comment will be passed through and published immediately.

The new comment spam is designed to create published comment identities that the spammers can use for future advertising.

Here's a typical example of this kind of comment. (I've Xed out some stuff to protect people's privacy.)

IP Address: 221.232.246.203
Name: Jason XXXXXX
Email Address: XXXXX@gmail.com
URL: http://belikethesquirrel.myblogsite.com/blog/_archives/2005/9/7/1205786.html

You have some really cool stuff at your site. I'm sure gonna come back here. out little pieces of bread and cups of juice: http://www.nvswaminathan.com/wp/?p=2 , <a href="http://www.cosmicbuddha.com/blog/archives/001169.html">Fantastic blog</a>

The comment is obviously bogus, because it's attached to a very old article (a common spammer trick) and it contains a sample of the idiot-language that is the trademark of all spam. If Bruce allows this comment to see the light of day, the theory is that any subsequent comment with the same name and email address will pass through our spam filter.

It's worth noting that all three of the links in the above comment point to legitimate blog articles. If you go to the actual blogs you will often find a fairly recent article denying any responsibility for the spam.

Movable Type's rule system allows you to assign different weights to the various criteria. If the spammers are successful in creating these fake identities, bloggers will simply adjust the weights to compensate. In addition, the default settings for Movable Type 3.2 flags for moderation any post with three links in it. The above comment does, in fact, contain exactly three links (the URL in the header counts), so it is going to be flagged for moderation and immediately junked in almost every case.

The penalty for allowing comment spam is severe: the constant activity can bring down your web server. (That's why we got thrown off Lunarpages.) Nonetheless, I consider the pointlessness and stupidity of this strategy to be hopeful sign. It means the smart people have gone elsewhere, and maybe we can look forward to a future where these people are only a nuisance instead of a constant threat. Let's hope that day comes soon.

Respectfully submitted,

Ferdinand T. Cat

Trackposted to The Mudville Gazette, Stop the ACLU, The Political Teen, Cafe Oregano, Bright and Early, Basil's Blog, and a Partridge in a Pear Tree.

# At Tue 4:39 PM | Permalink | Trackback URI | Comments (5) | More Web Site News

Trackback Pings

Comments

*and a Partridge in a Pear Tree*

That was the laugh I needed tonight.


Posted by: oregano at October 4, 2005 10:47 PM

There has to be a place where you can download the script for word verification. Only problem is, it's quite hard for some to read the word in the first place. Open can and stir...
just kiddin'.


Posted by: M. Sheldon at October 5, 2005 1:11 PM

I get tons of trackback pings even though I disabled trackbacks and comments for all articles over a week old. I don't get how they do it. I haven't been able to successfully block the spam without blocking everyone else too. They are driving me crazy.


Posted by: PlutosDad Author Profile Page at October 5, 2005 3:38 PM

Have you upgraded to Movable Type 3.2? It stashes the trackbacks in a special junk list instead of killing them outright, and you can rescue the good ones.


Posted by: Ferdy Author Profile Page at October 5, 2005 4:03 PM

Interestingly enough, I've been getting more spam since I upgraded to MT 3.2. Coincidence? Yet it all goes to the junk bin. I'm happy.


Posted by: oregano at October 5, 2005 9:50 PM

Leave a comment

HTML is not allowed in comments; however, if you put in a raw URL (http://www.somewhere.com/page.html) it will automatically be converted to a link.. Also, it is likely your comment will not appear unless you refresh the page manually after posting it.

Leave a comment