Results tagged “spam” from kwc blog

Movabletype 4.2 upgrade soon


movabletypeSixapart has released MovableType 4.2 with its promised performance improvements (100x faster search, 33-45% faster publishing). I'll probably be upgrading tonight, so if you see any outages, you'll know why. I should be re-enabling search/tags now that this update is available.

MovableTypo users: this may be the release that I finally do an upgrade with. Certain things got a bit more complicated (e.g. templates) with MT 4.x, but they claim to have improved those as well.

Also as promised, the reasons for the delayed release have become clear: Typepad Antispam was also announced and is included in the new release. Antispam is Sixapart's dropin replacement for the popular Akismet service. Both a centralized services that snarf in comments and can the spam.

Splogs suck, but they're smart


A couple weeks ago I posted about how blogging about mesothelioma could get you big bucks from Google Adsense. Lo and behold, that post has shown up on a spam blog for mesothelioma. spam blogs often use computer programs to grab entries from around the Web that contain the keyword they are trying to spam and then post excerpts in an imitation of an actual blog. At least mesothelioma is more profitable than the spam blog about squirrels that I found linking to this entry.

Technorati Spam


E-mail spam. Comment spam. I've even received spam in my Web server referrer logs -- i.e. spammers will visit your Web site and claim to have been referred to you by a spam site; if you happen to publish a list of sites that are linking to you, the spammer's site gets on the list.

The newest, strangest type of spam I'm now getting is Technorati spam. Technorati is a site that gives you a list blogs linking to your blog -- they call this your "cosmos." This can be a useful feature, because you can find out when some random stranger writes something about an entry of yours. The last thing I expected, though I should have, was that spammers would subvert this for their purposes.

Well, they have -- there are now spam blogs out there that will link to your blog, I presume for the purpose of getting noticed by Technorati. If I now search for a cosmos of my site, I have to wade through dozens of spam sites among the results. I presume that the hope of these sites is that I will embed a technorati widget on my blog that lists my cosmos, generating Google juice for their sites.

This seems like such a low yield spamming attack -- they have to link to thousands and thousands of blogs, polluting the cosmos of all of these sites, all in the hopes that some of those blogs happen to use Technorati cosmos (and won't take it down once they notice the spam results). Only in the short term does this seem to have any viability, with the long term result being that Technorati either counteracts it, or becomes more and more irrelevant. Mostly, I find this a depressing statement on the economics of spamming that spammers find this a profitable form of attack.

disclaimer: I could be wrong in my interpretation of this spam -- there may be some purpose other than gaming Technorati, but I'm finding it difficult to come up with other reasons as to why a spammer would link to my blog, unless they somehow expected to trick my site into linking back to them.

Blacklist + Windows restored


It's not perfect, but these patches have revived MT Blacklist on my Windows server enough to allow me to block comments effectively once more. I still get several error screens interacting with it, but I was able to add enough items to the blacklist that most of my spam has been cutoff.

The patches are bit cumbersome. There are bugs in MovableType 3.x itself that need to be fixed, which is perhaps one cause of the perpetual delay in getting out an official version of MT Blacklist for Windows. If you can put up with the spam, the fixes will appear in the next MovableType release.

It has begun


Brace for impact: movabletypo just got hit with its first wave of trackback spam. Some of you may have noticed by a deluge of e-mail this morning. Trackback spam is a bit more insidious: MT doesn't make it as easy to see and cleanup trackback spam as it does comment spam. If this attack continues, we may have to turn off trackback on older entries.

Update: I ran David Raynes' mt-close script on the movabletypo installation to turn off trackback on older entries. I'm sad to see a feature like trackback crippled like this, but as an e-mail conversation this morning pointed out, with sites like technorati as well as Bloglines' citation search, trackback is not as necessary these days.

Thank you Jay Allen!


MT-Blacklist v2.0e (emergency release) is out! It's installed on now and I will be putting it through the ropes to see how well it does. It comes just in the nick of time as it seems that the spammers have caught up to my latest attempts to foil them and have been leaving loads of spam in the past 48 hours.

I have long said I would upgrade movabletypo to MovableType 3.0 when MT-Blacklist comes out, but I will have to amend that statement slightly. The features I saw in the soon-to-be-release 3.1 are significant (no more individual archive rebuilds!), and this emergency release of MT-Blacklist will not be compatible with 3.1. So, my current thinking is that I will bite the upgrade bullet with MT 3.1.

Update: MT-Blacklist has made me aware that the same spammer has now made 200 failed attempts (and rising) to spam my blog. Surely there has to be a better use of bandwidth than 200 hits against my site in only 2 hours.

So yes, MT-Blacklist is working quite well (with some minor non-feature-related bugs).

Jay Allen, creator of MT Blacklist, has just released MT-Blacklist v2.0G5, which his entry into the MovableType 3.0 plugin contest. Considering how useful MT-Blacklist 1.x has been, he should automatically be awarded a prize, but I'm excited that he has updated his plugin as it means:

MovableType 3.0 will be installed on (soon, as in a couple of weeks)

I tried every which way to configure to use MT 3.0's various comment features, such as TypeKey authentication and comment moderation; both lead to a decrease in valid comments on my site and/or increased my administrative headache. If I weren't so lazy, I would have reverted to MT 2.6 just to get MT-Blacklist back.

BTW - MT-Blacklist 2.0 adds a feature that I think is really cool: you can specify an 'open' comment window in which entries less than X days are unmoderated, but after that time window, comments become moderated. Its so simple, so obvious in retrospect, and oh-so awesome. All of my comment spam is on older entries, as the spammers get the URLs from Google. It is conceivable (until the spammers get smarter) that this single feature would eliminate all spam on my site, and it doesn't even involve maintaining a Blacklist. Woohoo!

As evidence of my hypothesis, try the following experiment:

1) Search Google for mt-comments
2) Look familiar?

All three times this experiment has been performed, I, or the person I was demonstrating it to said, "Why, those are the entries I get my spam on!" New entries don't appear in Google quickly, nor do they initially have a very high page rank, so there so the open comment window should do well.

BTW: renaming mt-comments.cgi will reduce your comment spam, but not eliminate it.

Despite various anti-spam attempts, it appears that I will lose this battle unless I take advantage of Typekey in some way, so I had another idea. I've setup a Typekey account called 'noone' ('anonymous' was already taken, so my idea is probably far from unique). It's password is 'noone'. Clearly, some one could login and screw with the account info, but really, what's the point?

So I am updating my templates for a trial period in which I will require all comments to be registered or otherwise be moderated, but if you choose to remain anonymous, you are free to use the 'noone' account to do so. This will be the first entry that features this requirement, if you wish to test it out.

Blacklist good/bad news


According to the author of MT Blacklist, the time for MT Blacklist has come to an end. The reason for this is that MovableType 3.0 will be including TypeKey, which is a centralized user login system for MovableType blogs (the author is also ready to move onto other things). What does that mean? It means that when you want to comment on a MovableType blog, you login to TypeKey first. Presumably, spammers would be quickly identified, and booted off, but for everyone else registration would be a one-time process.

I'm somewhat ambivalent about this. User registration is one of the main reasons why I dislike Xanga so much. In Xanga's case, you can only comment after you've gone through the process of registering with Xanga. TypeKey would be marginally better, in that there's no baggage associated with registering, but part of me likes the fact that there are no deterrents to random strangers commenting on my blog. The other part of me hates the fact that this also makes it very easy for spammers, as well as people who take joy in being annoying.

In the latter case, MT Blacklist has been a reasonably good tool. At the time of this post, I count 952 comment spams that have been block by it, and it has also provided a comment deleting interface that Movable Type 2.x is sorely lacking. There was one particular case of visitor who thought it was amusing to try and annoy me by leaving 50+ comments on the site. With MT Blacklist, I was able to delete all of his comments with a single click. MT Blacklist is also a great idea, because, in general, I think in the long term it is a good deterrent to spammers to know that the URLs for the sites that they promote are being tracked and can be used against them (such as in the case of AOL, which has started blocking Web access to spammer's sites).

Depending on how spammers react to the introduction of TypeKey, I'll decide whether or not to start requiring user registration for MT 3.0, when it comes out. In the best of all worlds, it works so well that spammers move onto new territory without me evening having to enable to feature, but I know that is unwarranted optimism.

On a side note, I also wonder if TypeKey could make it easier to start building features such as making it easier to monitor responses to your comments on MovableType blogs.

Die Comment Spam!


After the most vicious attack to date, I finally caved in and installed MT-Blacklist v1.62. If the spammer were more intelligent, he should have stuck with leaving only one or two posts, as has occurred in the past. Instead, I was confronted with about 30 spams, which finally broke me. I should have broken much earlier, because MT Blacklist only took a minute to install, and would have saved me 10 minutes of deleting and rebuilding. It also seems really nicely designed.