mamamusings

DDT for Comments from Burningbird on September 1, 2003 11:23 AM
Excerpt: From the trackback entries I've received from an old comment spamming entry, I gather the spammers have been out and about recently. I recieved one myself -- a shotgun message that seems to provide links to everything your kid wants to know about, but ...

More on comment spam from brokenclay.org :: journal on September 2, 2003 3:19 PM
Excerpt: Using google against us Blacklisting comment spam New style comments spam Comment spam...

comment spam from Misc... on September 3, 2003 5:59 AM
Excerpt: Got several spam comments from “vig-rx” today on various blogs I maintain. A quick look around the blogosphere indicates that the person or ‘bot responsible has been busy-busy-busy today. Mine all came from the same IP address, 61.181...

distributed blog modification from meta-roj blog on September 3, 2003 3:13 PM
Excerpt: some time ago, this blog was "tagged" by the now-becoming-infamous comment-spam-from-china. some people blocked the ip within movabletype, some found interesting old techniques for stopping the non-humans. i apparently took a different approach than mo...

Blog comment spam from Sync A World You Want To Explore on September 16, 2003 3:56 PM
Excerpt: ∫´∂∑∞¢blogßåï≥ï∑ï€ïªßªß∑ß∆∞¢ïπïóïáßåßÀß∂ß ßÇßåß®ÖíßÿßÀß∂ß¿ß ßÕßfiß∑߯∞£ß≥ß≥ßåblogß¿ß≥ߜ߮Öíßÿßåßú3≤€√ã∞£ßfiߢïπïóïáߪßßß√ß∆ßÇ∞¢ óß ≤À°∏ß®≈ΩßÕπ˛ßfißœß∆ßßߌߑ߱ߴßÇß ßßßåß´∞¢√ªß¥ßÿ∏¥∫»ß√ß∆ßß߯ßåß´ßπß®∞¢ πßÿߪßßßÃßßßÃß ÊœΩÕß¿ï≥ï∑ï€ïªß∑ß∆ßßߌßÀß∂ß´ßπ∞£ Going ...

My First Blog Censure from Confession of a Terminal Junkie on September 27, 2003 1:48 PM
Excerpt: I thought SPAM was only restricted to e-mail and pop-ups advertisement. Only today I found out today that my Blog was attack by SPAM with those nasty "penis enlargement" ads at one of my comment columns and I have no...

On Comment Spam from Planned Obsolescence on October 10, 2003 11:41 AM
Excerpt: I'd really begun to feel a bit left out: all the cool kids were busily discussing their comment spam problems and solutions thereto, while I remained, with one pathetic exception, completely unhit. I'm thus bizarrely happy to report that in the last 24...

Comment Spam - Help! from Conversations with Dina on October 12, 2003 1:36 AM
Excerpt: Oh no - i got comment spam too .

Black Monday from A View From Home on October 12, 2003 2:03 PM
Excerpt: Comment spam. It seems that everyone is either complaining about it, or coming up with ideas on how to deal with it. This one, by Jay Allen shows a great deal of promise. It's going to be released tomorrow on...

spam resurfaces from for freshness, squeeze daily. on November 5, 2003 1:07 AM
Excerpt: I had my first comment spam since I implemented the little hack that I found via Liz Lawley's site. The links in this spam seemed to not really go anywhere but to redirect me back to my site. I think...

DDT for Comments from Burningbird on December 19, 2003 8:56 AM
Excerpt: From the trackback entries I've received from an old comment spamming entry, I gather the spammers have been out and about recently. I received a recent comment spam myself -- a shotgun message that seems to provide links to everything your kid wants t...

Comment from Jonathon Delacour on August 31, 2003 5:59 PM (Permalink to Comment)

Although my blog wasn't spammed by "vig-rx", I've added the IP address you quoted to my banned list.

This makes me wonder whether establishing a list of banned IP addresses would be worthwhile. Obviously that's not a "solution" but anything to make it more difficult for the bastards seems worth doing.

Comment from Stan on August 31, 2003 9:09 PM (Permalink to Comment)

I got one of the same, my first comment spam, from the same IP address today Liz, which I have also banned in .htaccess. I traced the IP back through http://www.apnic.net/apnic-bin/whois.pl and sent a letter of protest to the provider, not that it will do any good.

Comment from Liz on August 31, 2003 9:17 PM (Permalink to Comment)

Stan, I just looked at the photos in your blog. Wow. What a beautiful place.

I'll probably be travelling to Utah next year, as I have to go out to BYU on grant-related work. How far are you from there?

Comment from Liz on August 31, 2003 9:21 PM (Permalink to Comment)

Jonathon, I think such a list would be a very useful thing to have. My only fear is that it would alert the spammers to our knowledge of their addresses, making it easier for them to shift IPs when one became "publicly shamed."

Hmmm. Need to think on this.

Comment from Liz on September 1, 2003 3:06 PM (Permalink to Comment)

Testing the comments hack provided by Shelley...

Comment from Ted on September 1, 2003 10:17 PM (Permalink to Comment)

I got spammed by the same bot, with the same IP. I added it to my ban list, but since your revision, I also added Shelley's hack. Hopefully this will stop any bot spamming attacks.

Comment from Luke Hutteman on September 2, 2003 9:30 AM (Permalink to Comment)

vigrx has visited my blog as well, first from the same ip as yours, and this last weekend from 61.181.5.118 - both have been banned and I'm considering banning the whole 61.181.5.* block - not sure if this might inadvertently shut out anyone though...

Comment from PromoGuy on September 2, 2003 12:35 PM (Permalink to Comment)

Thanks for the link.

Comment spam had hit me long ago, but it seems to be back.

But the one good thing, it enabled me to come across your site. Can't wait to read the rest!

Comment from Ken MacLeod on September 2, 2003 5:58 PM (Permalink to Comment)

I've gathered some info on spam on the Atom wiki under CommentAuthentication.

Comment from Shelley on September 3, 2003 6:16 AM (Permalink to Comment)

Sorry Liz, looks like the comment fix doesn't work. From comments left in my postings, either this is a person (or group of people) who is individually posting comments (unlikely); or they are scraping the individual entry page and pulling in the form fields to build the posting, in which case, this won't work.

In this recent set of comments, they are posting to entries found in Google searching on July 2003 and blog. Using a different IP.

Comment from Stuart Henshall on September 4, 2003 10:54 PM (Permalink to Comment)

Liz,
For what it's worth
61.181.5.147
61.181.5.70
61.181.5.147
That's three times began on 9/1. Last night I saw an article from first monday and blogged it here. http://www.henshall.com/blog/archives/000341.html I wonder if this type of solution - keys couldn't be used by bloggers?

Comment from AKMA on September 5, 2003 5:57 PM (Permalink to Comment)

Got me, too.

Comment from The Dynamic Driveler on September 5, 2003 11:35 PM (Permalink to Comment)

The IP banning feature in MT doesn't seem to work very well - I was being comment spammed last year by 193.220.178.173 and even after I added that nyumber to my ban list I still got hit twice more from the same IP. Additionally I suspect that this spammer who obviously, as Shell pointed out on her site, is a pretty smart dude and writes a mean script, is most likely forging his IP address.

fwiw - if he is not forging his IP address that IP address is coming out of China but it is most likely not chinese in origin - there are a lot of compromised servers in China and someone is likely using one to disguise their point of origin.

Comment from Jay Allen on September 28, 2003 3:34 AM (Permalink to Comment)

Blacklisting IP addresses is a useless whack-a-mole solution because it is trivially easy to use a web-proxy, redial a dialup connection or even spoof your IP address...

Putting hidden form fields is security by obscurity and is easily overcome by HTML scraping.

You may want look into the solution I just came up with. So far, it is working quite nicely.