Skip to the Main Content

Note:These pages make extensive use of the latest XHTML and CSS Standards. They ought to look great in any standards-compliant modern browser. Unfortunately, they will probably look horrible in older browsers, like Netscape 4.x and IE 4.x. Moreover, many posts use MathML, which is, currently only supported in Mozilla. My best suggestion (and you will thank me when surfing an ever-increasing number of sites on the web which have been crafted to use the new standards) is to upgrade to the latest version of your browser. If that's not possible, consider moving to the Standards-compliant and open-source Mozilla browser.

January 9, 2004

Blogspam Update

It’s about time to follow up on my previous articles on Comment Spam. No real surprises, but spambots have gotten better at what they do.

Up till now, I’ve talked about 3 basic moves for combatting robot-posted comment spam:

  1. Rename mt-comments.cgi.
  2. Make sure the new comment script doesn’t get indexed by Google.
  3. Ditch the comment-entry form on your individual archive page. Make people follow a link to get to the comment-entry form.

The combination of these steps makes it hard for a spambot to find your comment script. And if it can’t find it, it can’t spam you. They also make it possible for you to lead the spambot astray (more on that presently).

You’ve made it hard, but not impossible. Consider the following recent “visitor” to my blog: 

proxy1.anon-online.org - - [07/Jan/2004:18:29:31 -0600] "GET /~distler/blog/archives/000080.html HTTP/1.0" 200 13442 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) Java/1.4.1_03"
proxy1.anon-online.org - - [07/Jan/2004:18:29:38 -0600] "GET /cgi-bin/MT-2.5/sxp-comments.pl?entry_id=80;parent_id=38 HTTP/1.0" 200 10035 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) Java/1.4.1_03"
proxy1.anon-online.org - - [07/Jan/2004:18:29:43 -0600] "POST //cgi-bin/mt-2.5/sxp-comments.pl HTTP/1.0" 200 3922 "http://golem.ph.utexas.edu/cgi-bin/MT-2.5/sxp-comments.pl?entry_id=80;parent_id=38" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"

Ignore the bogus USER_AGENT string. This was a spambot. It came in to an individual archive page on my blog, searched for a hyperlink with the string “?entry_id=” in it, followed that link to my comment-entry form, and posted a comment. No pretending to be human by downloading an image or CSS file, just straight to the point. Brutal, efficient, … and (in this case) futile.

I require comment validation on my blog. Posting without validating your comment first lands you in my IP-ban list. Humans have no trouble with the procedure, but robots aren’t expecting the extra hurdle and are tripped-up.

Of course, there are other things I could have done. I could have put a “honeypot” script on my individual archive page: 

<div style="display:none">
Clicking on the link below will get you permanently banned from posting comments to this weblog. Don't try it!<br />
<a href="/cgi-bin/MT-2.5/nomore-comments.pl?entry_id=80"> Don't click here to post a comment</a>
</div>

and tried to fool the robot into following that instead. And there are enough other tricks we could play that I’m still pretty sanguine that we hold the upper hand against spambots.

Unfortunately, we’re not (just) faced with robots. Consider this visitor: 

210.18.114.210.sify.net - - [06/Jan/2004:05:07:26 -0600] "GET /~distler/blog/archives/000236.html HTTP/1.1" 200 44050 "http://www.google.com/search?q=blog/archives+post&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=70&sa=N" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:07:27 -0600] "GET /~distler/blog/aural.css HTTP/1.1" 200 523 "http://golem.ph.utexas.edu/~distler/blog/archives/000236.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:07:33 -0600] "GET /~distler/blog/styles-site.css HTTP/1.1" 200 13326 "http://golem.ph.utexas.edu/~distler/blog/archives/000236.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:07:53 -0600] "GET /~distler/blog/print.css HTTP/1.1" 200 844 "http://golem.ph.utexas.edu/~distler/blog/archives/000236.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:07:58 -0600] "GET /~distler/blog/ie.js HTTP/1.1" 200 2248 "http://golem.ph.utexas.edu/~distler/blog/archives/000236.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:08:03 -0600] "GET /~distler/blog/images/bigthinker.jpg HTTP/1.1" 200 1443 "http://golem.ph.utexas.edu/~distler/blog/archives/000236.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:08:51 -0600] "GET /~distler/blog/archives/000237.html HTTP/1.1" 200 12389 "http://golem.ph.utexas.edu/~distler/blog/archives/000236.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:08:52 -0600] "GET /~distler/blog/aural.css HTTP/1.1" 304 - "http://golem.ph.utexas.edu/~distler/blog/archives/000237.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:08:53 -0600] "GET /~distler/blog/print.css HTTP/1.1" 304 - "http://golem.ph.utexas.edu/~distler/blog/archives/000237.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:08:53 -0600] "GET /~distler/blog/styles-site.css HTTP/1.1" 304 - "http://golem.ph.utexas.edu/~distler/blog/archives/000237.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:08:58 -0600] "GET /~distler/blog/ie.js HTTP/1.1" 304 - "http://golem.ph.utexas.edu/~distler/blog/archives/000237.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:08:58 -0600] "GET /~distler/blog/archives/000235.html HTTP/1.1" 200 8227 "http://golem.ph.utexas.edu/~distler/blog/archives/000236.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:08:59 -0600] "GET /~distler/blog/images/bigthinker.jpg HTTP/1.1" 304 - "http://golem.ph.utexas.edu/~distler/blog/archives/000237.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:08:59 -0600] "GET /~distler/blog/images/MathML.png HTTP/1.1" 200 3238 "http://golem.ph.utexas.edu/~distler/blog/archives/000237.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:09:06 -0600] "GET /~distler/blog/print.css HTTP/1.1" 304 - "http://golem.ph.utexas.edu/~distler/blog/archives/000235.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:09:13 -0600] "GET /~distler/blog/styles-site.css HTTP/1.1" 304 - "http://golem.ph.utexas.edu/~distler/blog/archives/000235.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:09:13 -0600] "GET /~distler/blog/aural.css HTTP/1.1" 304 - "http://golem.ph.utexas.edu/~distler/blog/archives/000235.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:09:36 -0600] "GET /cgi-bin/MT-2.5/sxp-comments.pl?entry_id=237 HTTP/1.1" 200 13992 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:09:41 -0600] "GET /~distler/blog/aural.css HTTP/1.1" 304 - "http://golem.ph.utexas.edu/cgi-bin/MT-2.5/sxp-comments.pl?entry_id=237" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:09:41 -0600] "GET /~distler/blog/print.css HTTP/1.1" 304 - "http://golem.ph.utexas.edu/cgi-bin/MT-2.5/sxp-comments.pl?entry_id=237" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:09:41 -0600] "GET /~distler/blog/styles-site.css HTTP/1.1" 304 - "http://golem.ph.utexas.edu/cgi-bin/MT-2.5/sxp-comments.pl?entry_id=237" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:09:43 -0600] "GET /~distler/blog/images/smallthinker.jpg HTTP/1.1" 200 554 "http://golem.ph.utexas.edu/cgi-bin/MT-2.5/sxp-comments.pl?entry_id=237" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:09:46 -0600] "GET /~distler/blog/images/MathML.png HTTP/1.1" 304 - "http://golem.ph.utexas.edu/cgi-bin/MT-2.5/sxp-comments.pl?entry_id=237" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:09:46 -0600] "GET /cgi-bin/MT-2.5/sxp-comments.pl?entry_id=235 HTTP/1.1" 200 9108 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:10:33 -0600] "POST /cgi-bin/MT-2.5/sxp-comments.pl HTTP/1.1" 200 4559 "http://golem.ph.utexas.edu/cgi-bin/MT-2.5/sxp-comments.pl?entry_id=235" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:10:58 -0600] "POST /cgi-bin/MT-2.5/sxp-comments.pl HTTP/1.1" 302 - "http://golem.ph.utexas.edu/cgi-bin/MT-2.5/sxp-comments.pl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:11:27 -0600] "GET /~distler/blog/archives/000235.html HTTP/1.1" 200 8880 "http://golem.ph.utexas.edu/cgi-bin/MT-2.5/sxp-comments.pl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:11:29 -0600] "GET /~distler/blog/ie.js HTTP/1.1" 304 - "http://golem.ph.utexas.edu/~distler/blog/archives/000235.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:11:34 -0600] "GET /~distler/blog/images/bigthinker.jpg HTTP/1.1" 304 - "http://golem.ph.utexas.edu/~distler/blog/archives/000235.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:12:02 -0600] "GET /cgi-bin/MT-2.5/sxp-comments.pl?entry_id=237 HTTP/1.1" 200 13992 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:12:09 -0600] "GET /~distler/blog/aural.css HTTP/1.1" 304 - "http://golem.ph.utexas.edu/cgi-bin/MT-2.5/sxp-comments.pl?entry_id=237" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:12:09 -0600] "GET /~distler/blog/print.css HTTP/1.1" 304 - "http://golem.ph.utexas.edu/cgi-bin/MT-2.5/sxp-comments.pl?entry_id=237" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:12:10 -0600] "GET /~distler/blog/styles-site.css HTTP/1.1" 304 - "http://golem.ph.utexas.edu/cgi-bin/MT-2.5/sxp-comments.pl?entry_id=237" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:12:10 -0600] "GET /~distler/blog/images/smallthinker.jpg HTTP/1.1" 304 - "http://golem.ph.utexas.edu/cgi-bin/MT-2.5/sxp-comments.pl?entry_id=237" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:12:11 -0600] "GET /~distler/blog/images/MathML.png HTTP/1.1" 304 - "http://golem.ph.utexas.edu/cgi-bin/MT-2.5/sxp-comments.pl?entry_id=237" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:12:50 -0600] "POST /cgi-bin/MT-2.5/sxp-comments.pl HTTP/1.1" 200 6539 "http://golem.ph.utexas.edu/cgi-bin/MT-2.5/sxp-comments.pl?entry_id=237" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:13:26 -0600] "GET /cgi-bin/MT-2.5/sxp-comments.pl?entry_id=235 HTTP/1.1" 200 8127 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:13:32 -0600] "GET /cgi-bin/MT-2.5/sxp-comments.pl?entry_id=235 HTTP/1.1" 200 9858 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:13:13 -0600] "POST /cgi-bin/MT-2.5/sxp-comments.pl HTTP/1.1" 302 - "http://golem.ph.utexas.edu/cgi-bin/MT-2.5/sxp-comments.pl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:14:08 -0600] "POST /cgi-bin/MT-2.5/sxp-comments.pl HTTP/1.1" 200 5321 "http://golem.ph.utexas.edu/cgi-bin/MT-2.5/sxp-comments.pl?entry_id=235" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:14:58 -0600] "POST /cgi-bin/MT-2.5/sxp-comments.pl HTTP/1.1" 302 - "http://golem.ph.utexas.edu/cgi-bin/MT-2.5/sxp-comments.pl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:15:28 -0600] "GET /~distler/blog/archives/000235.html HTTP/1.1" 200 9527 "http://golem.ph.utexas.edu/cgi-bin/MT-2.5/sxp-comments.pl" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
210.18.114.210.sify.net - - [06/Jan/2004:05:15:32 -0600] "GET /~distler/blog/ie.js HTTP/1.1" 304 - "http://golem.ph.utexas.edu/~distler/blog/archives/000235.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

I’m pretty convinced this was a human. He came in on a Google search, wandered about, and then posted 3 comments to my blog before heading elsewhere. His ISP is in Chennai, India. Searching my logs, the same fellow had unsuccessfully visited twice before. He used different Google searches which, unfortunately for him, landed him on my —nonexistent — mt-comments.cgi page.

This time he got lucky. And he posted the only comment spam I’ve received since I implemented the above scheme three months ago. (Well, almost; I did receive one more spam in early December. Similar MO, but from an IP address belonging to interbusiness.it in Italy.)

4 Spams in 3 months ain’t bad, but it was enough to make me take a another look at MT-Blacklist. MT-Blacklist takes a different approach. It doesn’t try to distinguish between robot and human posters. It just filters on banned content, usually, the URLs of web sites being hawked by spammers.

This never seemed to me to be an approach that would scale well. The initial release of MT-Blacklist had some 400 RegExps that were banned. Three months later, the list has grown to over 600. And it keeps on growing. Perl is very fast crunching through Regular Expressions, but it seem to me that the blog owner is still the one holding the short end of the computational stick. I’ll keep looking at it, though…

The reason why I’m interested in MT-Blacklist is not just to stymie the odd person toiling away in Chennai or Bangkok, churning out Comment Spam manually from his PC. I’m interested because I’m worried about Trackback Spam.

It hasn’t happened in a big way yet, but sooner or later, spammers are going to turn to sending trackbacks, rather than posting comments. And, unlike comments, trackbacks are designed to be sent and received in a purely automated fashion. So the sort of tricks one would use to fool Comment Spam robots would not be applicable.

The only technical measure I can think of to fight Trackback Spam is to parse out the hostname of the TBPingURL, do a DNS lookup of it, and demand that it match the TBPingIP (the IP address of the host that sent the ping).

On the positive side, spammers would no longer be able to send the trackback ping from anywhere on the internet. They would have to send the ping from the web site they were advertising, which would be much more easily blocked (DNSBL-style, if necessary). On the other hand, it would break 3rd-party Trackback servers, like reedmaniac.

Is that too high a price? Are there other drawbacks? Thoughts?

Update (1/12/2004): MovableType 2.66 has been released. It introduces some basic anti-spam measures: comment throttling and turning the comment-author URL link into a redirect (presumably depriving the spammer of the Google PageRank boost). Unfortunately, their redirection code fails miserably if you are serving your pages as application/xhtml+xml. Here’s a patch to fix the matter.

Update (1/16/2004): MovableType 2.661 fixes one XHTML issue, but introduces another one. I’ve updated my patch to fix what they broke.

Posted by distler at January 9, 2004 8:55 AM

TrackBack URL for this Entry:   https://golem.ph.utexas.edu/cgi-bin/MT-3.0/dxy-tb.fcgi/284



7 Comments & 3 Trackbacks

Read the post TrackBack-spam nästa bloggvirus?
Weblog: andreasson.org
Excerpt: Läste just på Musings om kommentarspam där artikelförfattaren också nämner exempel på förebyggande åtgärder för vad han tror blir nästa internetodåga - TrackBack-spam. Ganska tekniskt men/och intressant....
Tracked: January 9, 2004 9:54 AM

Re: Blogspam Update

It seems that for the (potential as of yet) issue of trackback spam, the AWStatsReferrers plugin for MT could be the type of solution, unless I am missing something. It purports – I have not used it – to check the referrer URL for an actual reference to the site. Checking that the site exists (as you mention) as advertised by the trackback ping, and that it does have a reference to the trackbacked page should help screen the majority of cases. There are unfortunately of course situations when a trackback might be sent to a site legitimately without a direct link reference though, so maybe this would not work as well as I thought… oh well. Perhaps a first line defense, to flag a potential trackback spam for review?

Posted by: eric on January 13, 2004 4:40 PM | Permalink | Reply to this

Trackback Blocking

I’ll look into it.

It’s bound to work better — at least for you — than my idea above. The trackbacks you sent this afternoon were sent from 66.33.213.14, whereas heupel.com resolves to 66.33.217.156. I suspect you are not the only one whose (perfectly-legitimate) trackbacks would break under my scheme.

Rats!

Posted by: Jacques Distler on January 13, 2004 8:47 PM | Permalink | Reply to this

Re: Blogspam Update

Hmm… I’ve never used trackback, so I don’t really know how it works and the following may therefore be useless. Presumably one only wishes to allow trackbacks from somone who has actually read the article or read the site. Therefore it might be possible to implement a whitelisting system whereby people wishing to send trackbacks would first have to register with the site - this could be as simple as filling in a form with the URL they planned to send trackbacks from. Then only URLs from that list would be allowed to send or recieve trackbacks. The problem is that I’m not sure how well this system would work if many people were using it; in that case the spammers would just develop tools to automatically register their site before sending trackbacks.

Posted by: jgraham on January 14, 2004 5:27 AM | Permalink | Reply to this

Re: Blogspam Update

Working for pMachine, we have taken comment spam pretty seriously and have looked into many different approaches for reducing any problems for users. For quite a while, pMachine has had two features in place for keeping comments in track: member registration required for comments (optional feature) and IP Banning. We track IPs for unregistered comments, so it is a simple matter to find out who/what is posting spam and block the IP.

We recently added referrer checking to comments (but not trackbacks) as well, since it prevents forms from being submitted offsite and gives us more information to stop spammers. We have found that this works in many cases, however there have been some notable problems. There are many system configurations (usually dealing with firewalls) that a user might have that will not allow the passing of referrer data. This automatically made the referrer test fail, and thus they were not able to post comments. We found a temporary solution to this by allowing registered members the ability to skip this referrer test. Still, not a perfect solution.

I agree that having some sort of Regular Expression looking for banned content is a loose horse that will ultimately not be good enough. It is a stop gap measure at best. However, it might work well with a combination of other techniques.

A white list just seems inelegant, since it kills the open-ness of the web and it seems too easy for spammers to circumvent.

Really, I think it is a combination of nearly all the techniques mentioned that might be required to keep open commenting and trackbacking. Knowing and blocking known offenders. Making sure the form submission problem is not able to be automated. Check and eliminate comments with known bad content. Keeping an eye on suspicious behavior. Oh, and a check to fool automated spam into exposing itself.

Posted by: reedmaniac on January 16, 2004 2:06 PM | Permalink | Reply to this

Referer String

We recently added referrer checking to comments (but not trackbacks) as well, since it prevents forms from being submitted offsite and gives us more information to stop spammers.

I’m not sure I understand that. It is utterly trivial for a spambot to fake the Referer string it sends. I’ve written some very simple-minded web bots in Perl; you set the Referer string manually:

my $req = HTTP::Request->new(POST => 'http//your.blog.com/mt-comments.cgi');
$req->header(Referer => 'whatever');

Some spambots do hit the comment-submission script directly. Those can be relatively easily thwarted. “[I]f it can’t find [your comment-submission script], it can’t spam you.”

The more sophisticated spambots hit your page first, and can easily set the referrer when they POST the comment (look at the spambot above).

Really, I think it is a combination of nearly all the techniques mentioned that might be required to keep open commenting and trackbacking.

Anything you can do to raise the bar is of value. Multiple layers of defence are what’s necessary, because there is no “silver bullet” that will defeat comment spam.

Posted by: Jacques Distler on January 16, 2004 4:23 PM | Permalink | Reply to this

Re: Blogspam Update

I’m quite grateful for the patch, Jacques!

Posted by: jacob on January 16, 2004 7:13 PM | Permalink | Reply to this

Serving Comments as application/xhtml+xml

I got you into this mess, Jacob.
I’ll get you out of it. :-)

Posted by: Jacques Distler on January 16, 2004 7:54 PM | Permalink | Reply to this
Read the post MT-Blacklist Joy and MT 2.661
Weblog: Opinion
Excerpt: Just looking through the logs, always interesting reading to see what weird search terms people use on the site, when I ran across an MT-Blacklist comment denial from IP 68.173.7.113 — which is one of the New York based Road Runner servers. On 10...
Tracked: January 18, 2004 8:38 PM
Read the post Stepping Stones to a Safer Blog
Weblog: Burningbird
Excerpt: In the last few weeks, I've been hit not only by comment spammers, but a new player who doesn't seem to like our party: the crapflooders, people who use automated applications (you may have heard of MTFlood or some variation) to literally flood comment...
Tracked: January 28, 2004 6:19 PM

Post a New Comment