(Updated post; originally posted March 2, 2006.)
Hi all. Unfortunately, our efforts to convince al-Qaeda that they should be murdering spammers around the world and beheading them on video (charge 25 cents per view on Internet video, it would even be a profit center) haven't borne fruit yet. Couple of quick bulletins, therefore:
- We've had to block all blogspot.com trackbacks - and unfortunately, that means all blogspot.com links in comments as well. Spammers are obviously generating blogspot blogs in an automated way, and we were getting about 1,000 of those spams per week. Note that Blogspot links will still work normally in author posts. (N.B. the flood of auto-gen blogs has largely stopped, so we're lifting that ban and we'll see what happens.)
Speaking of authors:
- A member of the team who shall remain nameless to protect the guilty accepted all of the extracted URLs when processing a spam message in MT-Blacklist. The result was that any comment with ".." was being blocked. Advisory to team members: if an extracted URL has ANY "..." in it, UNCHECK it. It's never a complete URL, and will only cause problems later.
At least our installed Honey Pot continues to work well. Finally, some quick advice for fellow MT-Blacklist users:
If you use Blacklist as part of your system (we found SpamLookup had insuperable problems), the following strings should be entered. I've been looking at our spam logs, and the number of posts blocked is VERY high:
- "fuck"
- "hentai"
- "casino" (you may also block "poker" - we had to).
- ".info" (yes, ALL of this top-level domain; enter it as a "String")
mea culpa, mea culpa, mea maxima culpa, or as we say in California "my bad..."
RE: Blogspot clockage:
Just to give y'all a feel for how bad it had become... I entered the blockage 5 hours ago. It has blocked 80 tracklback attempts in that time. And a check of the Blacklist log shows the blocked items were pings and were from spammers.
Google needs to get its act together on this stuff quickly, and close whatever loophole(s) are enabling this strategy. But until it does, the folks here don't have all day to delete trackback spams from druggies, insurance salesmen, porno vendors, et. al.
Joe,
For the longest time, I couldn't include the word "socialism" in comments over at BuzzMachine because of Jeff's spam filter.
But, alas, Jeff didn't filter it after experiencing an epiphany about socialism. Rather, contains the word "cialis" within it.
Now, I think the world would be a better place with more cialis and less socialism. But experience shows that this rule doesn't extend to blog comments.
MEGA-SNARF!
Glad to hear the WOC ballistic missile shield is still fully operational.
Aha, that explains the blocking of my comments yesterday (blogspot URL). After rewriting the text 3 times and still getting blocked, I thought you had some sort of super-filter that detected excess doses of sarcasm!
The splogging has been a big problem for blog*spot since last November, and when I emailed them about it, I got zero response, so I've unfortunately had blog*spot pings and comments blocked for a couple months now. Serious bloggers have to get real URLs, and not just subdomains, because anytime you share a domain with someone else, you may end up living in a bad neighborhood.
By, the way, you're aware that Blacklist uses regular expressions, right? Because the "." is a wildcard. ".i n f o" will block any character followed by "i n f o." You should probably escape it with a backslash in front if you really only want to block that superdomain.
Hey, guys, i was readign WoCHAAAAANGE last night and realized i could make my desk into a BONGXPO)R!!1 lol! I had some caulk and used a drain pipe for the bowl and BAM FIRED that sucker up and read through all the comments on callimachus' abortion thread. it was flippin sweet. good luck with the spammers man. bummer
Rand Simberg-if you use Blacklist's "string" type, it will parse it as written, not as a regular expression.
Good note on blocking .info, Joe-we did that a few months ago and it's probably one of the single most effective anti-spam measures we have, all by itself. If a URL contains a dash (-), it can almost certainly be considered a spammer's URL as well.
I beg to differ on the dash.
However, if it contains two or more dashes, I'll agree.
I made the mistake of upgrading to MT 3.2 and already had tons of posts made before realizing it sucks at blocking spam, and is incompatible with MTBlackList. It also remormats the database making it impossible to downgrade back to an easriler more reliable version.
Or you could upgrade to MT 3.2, which has very efficient tweakable spam control.
Ha. I didn't even read the comment before mine. I have found 3.2 to work very well at controlling spam. It is incompatible with Blacklist because it absorbed its best features and added more bells and whistles.
I'm not sure why Danny thinks it sucks. It puts questionable trackbacks and comments in a junk folder and you get to specify phrases to flag and dial in any level of restriction you want. You can set how many days to hold stuff in the junk folder before it deletes itself. What's not to like?
Our complaints re: MT 3.2 are long and somewhat technical. Suffice to say we conveyed them to SixApart, and very firmly decided not to upgrade until some of those concerns are addressed.
"If a URL contains a dash (-), it can almost certainly be considered a spammer's URL as well."
This is the sort of stupidity that blacklisting leads to. You want to block every URL with "cgi-bin" in it? As for the two dash rule... now you just blocked www.two--four.net, lambda-the-ultimate.org, www.d-n-i.net, etc.
Is this Blacklist something you have to install at a server level?
I am annoyed by websites with pop-ups and dialers, but adding IPs manually to my firewall ban list isn't a most practical method.
Fabio, MT-blacklist is installed at the server level. It's a Movable Type plug-in, however, so it only works with that software.
for websites with popups and dialers, the best solution is pop-up blocking software.
Believe it or not I've been happy with blogspot.
Low maintenance and no spam problems once they deployed their magic word test.