This entry | Main blog

***Dave Does the Blog

Thursday, 13 January 2005, 3:36 PM
Spam by any other name ...

So, a somewhat disturbing evolution in the War on Comment Spam -- the stealth URL. And it shows why blacklists will only ever be of limited use as time goes on (as Jay Allen himself is the first to admit).

I've seen an increasing amount of comment spam coming in pointing at domains that combinations of names and/or words. "Candicesmith.org" or "FredCorp.com." Those are URLs that cannot be detected by any blacklist. And if the post text has either innocuous words ("girls!") or else something munged with HTML entities that reads legibly to the eye but not to the computer, there's no way to blacklist against it.

There was originally a sense that you could use URL strings to detect spam, because comment spammers' customers would want you go see that their URL was for [illicit product] and click through on it. But if readers get the metadata they need from the comment text, and if the spammers can say, "Hey, look, I've generated 52,000 links and a high Google pagerank for FredCorp.com (which probably redirects to MyWhatNaughtyVixins.com)," then the spammers and their customers get what they want. That makes the trivial cost of a domain acceptable (and lets the spammers start using more legitimate domain salesfolk).

Feh.

Moderating everything would be an option, but that restricts a lot of the fun we have here. Right now, through MT-Blacklist, I force to moderation for comments on posts over a certain age that haven't had comments on them in the last defined interval. During the most recent attack last night and into this morning, about 100 comments got put into the system, but only one got accepted because it was posted to a recently commented-upon post (and how soon before that info starts becoming cracked by the spammers scripts?). It just takes a while to clean out the garbage, which is moderately satisfying ("And stay out!") but irksome at the same time.

I could require authentication (e.g., TypeKey). I'm not there yet, though. I really don't want to require people to sign in first. But I'm getting closer.

It is a puzzlement.

UPDATE: And, in validation of the "broken windows" theory (broken windows in a neighborhood provokes more broken windows; uncleaned graffiti prompts more graffiti), some proof that uncleaned comment spam breeds more comment spam.

(via Jay)


Filed under :: Spam

Thursday, 13 January 2005, 5:44 PM
Quoth *** Dave ...

I've installed, per the 6A Comment Spam Guide, Brad Choate's MT-DSBL, which will force any comments from open proxies into moderation. We'll see if that zorches some additional stuff along the way.

Original material on this weblog is available under a Creative Commons License (http://creativecommons.org/licenses/by-nc/1.0/) from
The views expressed by me on this website/weblog are mine alone and do not necessarily reflect the views of
my employer, my church, my party, my candidate, my community, my spouse, or, on occasion, myself.
Views expressed by others are, well, theirs.
This document's URL is: http://www.hill-kleerup.org/blog/2005/01/13/spam_by_any_oth.html