Spam Rapidly Increasing In Weblog Comments

dsurber writes "BBC News has a nice article discussing 'flyblogging', the phenomenon of spammers leaving advertising-related posts on personal weblogs. The writer comments: 'None of the other blogs I contribute to or run has been affected yet, but I can only assume it is a matter of time before the spammers move in, as they did first with UseNet and then with e-mail. It depresses me to think that any open medium can be so easily undermined by people with no scruples, no sense of responsibility and no idea of the damage they are doing.'" It seems a little surreal that people are having to develop anti-spam weblog tools.

Re:This is why...

[Mysticalfruit]

I guess I just saw a blog as a different thing from what other people are using.

I login to my blog page and add to the running log. No place for people to spam.

Though as a side note, I love getting spam about anti-spam software!

Re:Google?

[realdpk]

Yes. That's partly why Google's search results are nearly useless any more - especially while looking for information about specific brand-named products. This whole blog-spam thing has been known about for a very long time, and I have yet to see it addressed - I'm surprised that it's finally picked up by the media though. Maybe that'll force Google to update their ranking code before their IPO.

This was happening to my guestbook too

[Phoenix-kun]

I had the same problem with the guestbook on my website. I was used to the occasional, manually entered, advertisement that I would then promptly remove. However, suddenly my guestbook was being hit with dozens of spam advertisements at a time, all at the same time. This was taking place every couple of days. It was always the same ads with bogus compliments, but the source IP addresses would vary widely from attack to attack. A review of my access log showed spybots looking for the presence of certain common guestbook scripts, one of which I was using. Then later, the spambot would hit my site executing the scripts directly. I got around it by changing the file name of the script. Normal users to my site would follow the link and get to the guestbook with no problem. But since the spambots depended on the script being a certain name, they would fail with a 404 error.

I have had problems

[Squeebee]

Couple of things for MoveableType users:

1) If you get flooded with spam just go directly into MySQL and issue a DELETE...WHERE query, it's really too much trouble to use the MT frontend to delete multiple comments.

2) Check out MT-Blacklist at http://www.jayallen.org/misc/projects/mt-blacklist /

Tell me something new...

[Manuzhai]

Jeremy Zawodny on this:

SMTP Sender Authentication, Blog Spam, and PageRank
Cheap Viagra, Vicodin, Xanax, Prescription Drugs, and Penis Enlargement Pills!!!
Gureilla Tactics Against Blog Comment Spammers

Russell Beattie on this:
Googler Comments

Simon Willison on this:
Battling Comment Spam
Banning Google Comments

Michael Fagan on this:
Seven Ideas for a Spam Free Blog

Scott Johnson on this:
A Possible Blog Comment Spam Solution

Re:I have a quick and dirty solution.

[Alan]

There has been some discussion on this that I've seen on various blogs I read, and basically the concensus seems to be that people don't want to make the barrier to entry of submitting a comment harder (ie: accounts), as part of the beauty of blog comments is the spontinaity. Most people I've seen have either done some of the 7 tips for a spam free blog or are using the MT Blacklist plugin.

Once I installed the latter and did some of the former, I've had almost no spam, vs several hundred over a couple of days. Now whether that is testimony to how well the tips work or that the spammers are going in short bursts then taking breaks is still unknown.

Re:I've Noticed

[Stephen+Williams]

At least with LiveJournal, you can disable anonymous comments. It means that people without LJ accounts can't comment, but I find that preferable to having my journal spammed or trolled.

-Stephen

Re:How about...

CODE exists so you can flag content as "code". Most browsers will also display anything that's "code" using a monospace font (such as courrier).

Just like h1 exists to flag content as a level 1 heading (a bigger bold font isn't a heading). HTML means structure, not visual display (that's why we have CSS).

Same thing for the code tag.

Not as insurmountable a problem as with usenet

[Junior+J.+Junior+III]

Just disable anonymous comments in your blog, and you're pretty much OK.

Re:I've Noticed

[CaptBubba]

Those numbers strike me as BS. That's over the hit rate for some direct mailings.

The numbers I allways hear for spam are around 1 hit (purchase, mortgage lead, etc) per 100,000 emails sent. I've even heard 1 per 1,000,000.

Most Blog Spammers Use Crawlers

[robathome]

I was only hit twice by comment-spammers before I took action.

Using image-text to verify humanity on the other end of the connection wasn't an option, as it excluded sight-impared users. User registration was a no-go: I don't want to have to spend time validating user accounts. I did enough of that in my BBS Sysop days. Even MT-Blacklist is a bit of a pain, as you've got to deal with each spam comment individually once posted.

However, one thing I found in common between my spammers and the attacks I've seen on other sites was that prior to the spamming run, the site was crawled. So, I excluded the locations of the comment scripts in my robots.txt and set a trap to auto-ban any crawler that doesn't obey the excludes.

Well-behaved spiders/'bots can index the site. Ill-behaved or malicious crawlers that download the whole file tree regardless of excludes trigger a tripwire that locks them out. You can eyeball the details in this entry on my site: Setting a Spider Trap