The Daily Whim

All The News That Fits My Whim

Thu
Dec
16
2004

MT Comment Spam, The Attack

Last Saturday night, exhausted, I got my computer hooked back up, and discovered my site’s server was experiencing another comment spam attack. Sunday morning, I wrote an article about it that got kindly linked by a lot of people. By Tuesday, it was the #1 search return for “MT Comment Spam” at Google. By Wednesday, Six Apart was announcing big plans to attack this issue.

I’d say it’s been a good week, so far.

But don’t let me kid you. Let there be no doubt, Six Apart didn’t pull three all-nighters since my article was published to accomplish this (at best, I added a little urgency and a throbbing pain in the ass). They’ve been working hard on this problem much much longer. That is evidenced by their response so far.

From Anil on the Six Apart site: “There are a variety of ways to deal with spam, ranging from technical to legal to social methods, and we’ll discuss them all [...] We’ll have more details today, and a full overview within 48 hours.

From Jay Allen on the MT site: “In fact, we have found that there is a fairly major bug (in terms of effect, but not code size) which causes page rebuilding even in the case of a comment submission which would be moderated and hence should have no effect on the live page [...] In addition, we have found another less severe instance of unnecessary database connections which would normally be associated with dynamic pages, even if dynamic templates are not in use [...] These two bugs are, in high probability, the causes of the extreme server loads that our customers have been experiencing under the load of a severe spam attack. We are currently testing these fixes both in-house and with a number of web hosts who were among the first affected by the problem. We will have these fixes released to you as soon as the testing is complete.” Jay also gives good advice on “What To Do Now” and “What’s Next.”

From Jay Allen on the MT-Blacklist site: “A new release of Movable Type will be coming soon as there is a serious (but easily fixed) issue with the way that MT handles rebuilds [...] There is at least one major design decision that puts load on the server for the sake of getting a more completely picture of the confidence level of a spam. That decision was to continue to compare a spam against the blacklist even if a previous matched entry mandated that the comment be blocked. The current system makes sure that hit counts and last hit dates for each item is updated. In retrospect, that’s a bad idea, although at the time we were never seeing comment spam attacks of this size. I will be moving towards streamlining MT-Blacklist in this regard and in any other places where I find inefficiencies.

And with all of the above, I almost forgot, a valuable tutorial has also been added: “Enabling TypeKey on Your Weblog

So there will soon be a new version of MT and a new version of MT-Blacklist that will hopefully put the kibosh on these spamming bastards. There’s also other things going on elsewhere behind the scenes with the intention of addressing this issue at the server level.

My original article got used by some as a lever for MT/Six Apart bashing, which was not my intent at all. In the past few days, I think Six Apart has shown their responsiveness, and should be commended for it, particularly Anil Dash and Jay Allen (since they bear the public brunt on this).

So if you’re an MT user with comment spam troubles, help is on the way. If you get harassed by your web host in the meantime, you’ve got some ammo to say “it’s being worked on, hold on for the upgrade.”

Later: Movable Type 3.14 is released ... “we strongly recommend that all Movable Type users install this update

13 Comments below
Published 11:19AM, Thu, Dec 16 2004 
Category:  

Peanut Gallery

1  Anil wrote:

Thanks for the thoughtful reply, Reid. We have a whole host of people working like crazy on this, and I’m trying to make sure we take time to talk about what we’re doing at each step. I know Jay and the whole MT team (and I) appreciate you taking all the time to talk to the community about this as well.

Comment by Anil · 12/16/04 06:36 PM
2  Matt wrote:

The thing that worries me about moving everyone to Typekey is that it’s just another stopgap solution that’s going to push spammers to Trackback faster. I could see Typekey being useful as an identity system, but not as spam control.

Comment by Matt · 12/16/04 09:52 PM
3  Jacques Distler wrote:

TypeKey: global login for comment spammers.

Has someone released a TypeKey-signup ‘bot yet? If not, wanna whip one up?

Trackback Spam: my only good idea on trackback spam is to do a DNS lookup on the TBPingURL and demand that it match th TBPingIP.

Unfortunately, this breaks 3rd party Trackback services. But that might be acceptable if the problem of TB Spam gets bad enough.

Comment by Jacques Distler · 12/17/04 10:54 AM
4  emcee fleshy wrote:

Trackbacks are basically always spam, aren’t they? Why not just turn them off?

If somebody wants a link from one of your posts to another relevant post, let’em e-mail and ask for one.

Comment by emcee fleshy · 12/17/04 11:08 AM
5  Scott Johnson wrote:

Trackbacks are not spam. They are an automated courtesy. When somebody links to you from their blog, yours automatically reciprocates. Sure, some trackbacks are spam, but there is definitely a place for trackback in this world.

Comment by Scott Johnson · 12/17/04 12:31 PM
6  ChefQuix wrote:

I spend about half an hour each day removing spam from both my site and that of a politician’s site up here in Canada. While I only get about 100 or so, he gets upwards of a 500 / day. I’ve managed to avoid some by renaming the mt-comments.cgi script every couple weeks or so, but enterprising spammers catch on and update their software.

So I read your articles and yesterday and it got me thinking about this problem again, because it is truely one of the most annoying things as a blogger. I worry that one day google will catch on and start decreasing the pageranks of those pages that suffer from excessive blog spamming. Plus, I hate having to go into the database and do broad stroke deletes based on words in the URL or date ranges. I’m going to end up deleting a valid comment and that is simply not acceptable.

Then it hit me in the shower today, as things often seem to do – CAPTCHA. If you’re not familiar with CAPTCHA, it’s the messed up image that you have to retype in to stop automated scripts. It works well enough to stop automatic yahoo accounts from being signed up, why can’t we apply this technology to posting comments?

I’m a web developer who could probably design something like this, however I’m not the best and I wonder if there’s anyone else reading this who might be interested in it. To me, it seems like the obvious solution. Sure there’s a little extra database work, but in the end it will only decrease your bandwidth and server load as spammers begin giving up.

Anyways, just a thought.

Comment by ChefQuix · 12/17/04 05:56 PM
7  Matt wrote:

There are CAPTCHA plugins for most blogging systems, but that has its own tradeoffs .

Comment by Matt · 12/17/04 07:39 PM
8  ChefQuix wrote:

Is there a CAPTCHA plugin for MT? Because if there is, I think that will at least solve my blogs problems.

Comment by ChefQuix · 12/18/04 07:11 AM
9  Thomas Arie wrote:

ChefQuix, you mean something like MTSCode ?

About dealing with comment spammers, what I did—at least if works for me , less spams (and stupid referers) come to my site.

Comment by Thomas Arie · 12/19/04 12:56 PM
10  The Pariah of the Empyrean wrote:

I have read that Google was planning to remove blogs and sites using blog scripts like Movable Type from their search engine in an answer to complaints about the high rankings that blogs recieve.

From what I understand they were going to make it so that you could choose to have this “blog removal” in effect or not.

However, in my opinion there is nothing you can do to get rid of spam. Everytime an antivirus comes out with an updated virus definitions file there are dozens of new virii created and unleashed shortly after that are completely undetectable. Companies and organizations that specialize in preventing attacks from people like hackers and spammers are simply outnumbered, and any updates or patches to Movable Type ( or any software for that matter) will only be effective for a week or so, until an exploit or loophole is found.

Comment by The Pariah of the Empyrean · 12/23/04 03:49 PM
11  Arden wrote:

Am I the only one so far who’s thought about using image word verification (you know, enter the random letters displayed in an image) as a requirement to post comments? It seems that would solve everything in one fell swoop. I don’t use MT or TP myself, but I hate to see all your blogs go down because of these assholes.

Comment by Arden · 12/23/04 08:02 PM
12  Arden wrote:

Sorry… I should have read the previous comments before posting.

But at least someone’s on the same wavelength as me…

Comment by Arden · 12/23/04 08:04 PM
13  Reid wrote:

And since the above comments, and their problems with accessibility, Alex has posted an excellent article on why image/text/captcha verifications are doomed as a solution.

However, for now, from what I hear at TextDrive, the flood has been stemmed by the combination of the MT 3.14 patch and some Apache module voodoo (server level filtering via mod_security and others).

Comment by Reid · 12/23/04 08:16 PM
Comments are closed for this article

reidstott: Say what you want about Obama's politics, but no one has spoken about America with such sincere inspiration since, well, Ronald Reagan.

Thu, 24 Jul 2008 17:50:45 +0000

SEARCH The Daily Whim

OR BROWSE BY CATEGORY

SEARCH ENTIRE SITE

Possibly Related