Skip to the Main Content

Note:These pages make extensive use of the latest XHTML and CSS Standards. They ought to look great in any standards-compliant modern browser. Unfortunately, they will probably look horrible in older browsers, like Netscape 4.x and IE 4.x. Moreover, many posts use MathML, which is, currently only supported in Mozilla. My best suggestion (and you will thank me when surfing an ever-increasing number of sites on the web which have been crafted to use the new standards) is to upgrade to the latest version of your browser. If that's not possible, consider moving to the Standards-compliant and open-source Mozilla browser.

November 17, 2003

Comment Spam II

No, I haven’t (yet) received any more since I took action.

But, as predicted, the spammers have become more diversified in their techniques, so it’s time to bring other webloggers up to date.

The spammers appear to be using two techniques currently:

  1. Find the URL of a comment-entry script (e.g. mt-comments.cgi) on Google and post a comment directly to that script.
  2. Find a weblog entry by following a link from blogdex or daypop or technorati or wherever. Look for a comment-entry form on that page, and submit the form.

My previous article dealt with defeating the first technique. Since writing it, 40 spambots have gotten their URL’s added to my ban-list. At first, they were coming at a rate of 3 or 4 per day, but that has dropped off as my (former) comment-entry script URL’s have slowly disappeared from Google’s index.

The second technique has proven a problem for others. But it hasn’t affected me. I have no idea whether spambots using it have attempted to access my comment form. Why? Because I don’t have a comment-entry form on my individual archive page. You need to follow a link to get to the comment-entry form.

While easy for humans, figuring out which link to follow to reach the comment form adds an extra layer of complexity to the spambots. And it makes them susceptible to “honeypot” forms (“To get your IP Address permanently banned from this site, enter a comment below…”), among other devious things.

I haven’t bothered setting up a honeypot yet. And there are several other tricky techniques I could yet deploy. But those are for a future post. Remember my motto:

Keep your powder dry!

Posted by distler at November 17, 2003 10:29 AM

TrackBack URL for this Entry:

2 Comments & 2 Trackbacks

Re: Comment Spam II

last month I was visited by a human spammer.

Posted by: Sam Ruby on November 21, 2003 6:06 AM | Permalink | Reply to this

Turing Test

And you’re sure it was a human, and not a 'bot?

There’s at least one 'bot making the rounds which leaves random messages of the form

I completely agree!

This is getting out of hand. You people need to get a life!

I just discovered your blog. It’s really interesting. Keep up the great work.

and so forth. The text is randomly chosen, sometimes even appearing to have something to do with the topic at hand (this may be by design, or it may be coincidental). The payload is the “author’s” URL link.

And I think it’s a crawler — downloading your page, looking for a comment-form on it, and posting to that.

Did your “human” bother to download your images or your CSS files? Did it “preview” its comments?

Posted by: Jacques Distler on November 21, 2003 7:43 AM | Permalink | Reply to this
Read the post Stepping Stones to a Safer Blog
Weblog: Burningbird
Excerpt: In the last few weeks, I've been hit not only by comment spammers, but a new player who doesn't seem to like our party: the crapflooders, people who use automated applications (you may have heard of MTFlood or some variation) to literally flood comment...
Tracked: January 28, 2004 6:19 PM
Read the post Comment Sp*m
Weblog: Blogged
Excerpt: Weblog publishers who utilise the Movable Type system are particularly susceptible to comment sp*m. Until Six Apart release an updated version of Movable Type containing fixes for the current vulnerabilities, the only way to counteract comment...
Tracked: April 2, 2004 12:14 PM

Post a New Comment