Spam my blog and I report your site to Google for banning. You've been warned!
« New spam run. Different IP number | Main | Verio still needs a push »
January 19, 2005
Update on spamming related stuff since last night
My log file grew a lot more since yesterday than since any other day before. Either a spam run or more attention...
I got my first link from Slashdot, in this discussion.
So far 11 followed a link from Slashdot. By comparison, I got 213 clicks from Tim Bray's post.
----------
I changed the name of the comment script yesterday, and one of the spammers is already using the new script. I'd forgotten to remove the block on the spammer too, so he never saw the enhanced script.
One spammer never even tried the old script, but just went straight for the new one. That program seems to read the posts and pick the name of the comment script from there.
But none of the spammers seem able to understand the 403 error, so far. Some don't understand the 404 error, I can't say how many.
The only ones getting some joy yesterday were the search engine spiders. Particularly msnbot who must be really stupid. It just keeps coming back for more... The Yahoo bot was the only one that didn't terminate loading after a while, though.
---------
Google has implemented the rel=nofollow link tag, and Movable Type and other blog software vendors are implementing it. The plugin is already out
-----------
And I concur with Gary who's complaining about those two proxy servers from Bahrain. Very popular with the spammer. I'm hoping for someone to call them. Someone a little closer than me. I'm in Norway, and calls to Bahrain are fairly expensive from here. I've e-mailed a second address yesterday, but if I don't get a response soon, I'm looking for any address I can find on their site. This is the owner of the netblock, and that's as close as I can get for now:
http://www.batelco.com.bh/
We should all block these two IP numbers:
82.194.62.16
82.194.62.17
--------
Kahunaburger made a plugin for Movable Type that shuts down comments made through open proxies: mt-proxyplug
This gave me an idea. My rather simple block takes care of the comment spam from our most prolific spammer. I'm on a virtual host, so I don't have any way of changing the configuration of the Apache log files. But is there any way I could drop something into the comments script that logs these bastards? That give me the actual IP address the way that plugin does? Or is there any other trick I can pull that would give me that info?
Posted by Ann at January 19, 2005 06:55 PM
Trackback Pings
TrackBack URL for this entry:
http://www.annelisabeth.com/blog/mt-tb.cgi/119
Comments
Ann Elisabeth: As for preventing comment spam, the most effective measure I have found is Brad Choate's mt-dsbl plugin: Most spam stops dead before it reaches the moderation queue in Blacklist.
Another measure that is alledgedly effective, is what Roger Johansson of 456bereastreet.com is doing: He blocks all accesses to his comment script when the referer field is empty (or not coming from his own domain). That can be implemented as a simple .htaccess directive.
Posted by: Arve at January 19, 2005 08:32 PM