This page contains a single entry from the blog posted on November 19, 2003 4:52 AM. The previous post in this blog was Last chance lost. The next post in this blog is On a roll. Many more can be found on the main index page or by looking through the archives.

E-mail, Feeds, 'n' Stuff

Wednesday, November 19, 2003

More on morons

Many bloggers continue to write about comment spammers -- creeps who post commercial messages as blog comments.

With Movable Type, I can see all the IP addresses from which this type of spam is coming, and I can ban those addresses from my blog. Lately, I've banned eight addresses from which spam comments had come. I'm sure there's plenty more of that chore ahead of me.

A couple of questions for you, the reader, about this practice:

1. Am I doing myself any harm by banning these IP addresses?

2. Would anyone out there be interested in seeing my list of banned addresses? If you have MT too, presumably you could ban these folks before they hit your site. If all bloggers shared this information and used it, couldn't it really put a crimp in the activities of the blogspammers?

Comments (9)

I doubt you're doing harm but you won't stop 'em that way. Spammers can hijack open proxy servers and post to your blog from someone else's IP. After all, that's how they send e-mail spam and they do have automated software to do it.

The current solution is DNS realtime blacklists. Every incoming e-mail connection is checked against one of these lists and rejected if it's on them. It should be possible to develop a Movable Type plugin that would check against the same lists before accepting a post. If someone hasn't done that already, I bet they will soon.

Welcome to the spam war.

There's already a blacklist plugin for MT that let's you ban comments based upon content, since most comment spam is clearly recognizable by the nature of the URL used either in the URL field or dropped into the comment text.


Plus, once installed, you can snag the latest version of the blacklist, as added to and compiled by Jay Allen via contributions from users who have caught new ones.


I've looked at the MT blacklist, but the installation instructions were too tough for quick action. Plus, as I read somewhere else, that blacklist of email addresses is going to grow to zillions. So I'm not seeing that as a clearly superior solution to IP banning.

There are a number of blacklists for email. RBL is (or was) one of the most popular. They don't check the email itself, they maintain a list of mailservers that have been reported...generally open relays and abusers. Another tool that email has against spam is blocking dial-up account MTAs (mail transfer agents), but that obviously isn't available to blogs because most of the readers are in dynamically assigned blocks. Another problem with a blogging blacklist is that it is difficult to confirm that an address is being good...as opposed to email lists that can just confirm that the relay is no longer open...so how does someone get off the list once they're on it (problem is for centralized list, JB you don't need to worry).

The solutions lie at the blog level, I believe. Content filtering, as mentioned above is a good one...but it can be limiting, what if you write about casinos or viagra? What about the now-popual mispellings that are hard to filter? The solution I'm going to develop for my blog (and blog s/w) involves a human reading the text of an image (something very difficult for bots to do) and enter it into a field as a sort of passcode.

Sorry about the overabundance of info, but if you check out my site, you might understand it's been on my mind lately. Eat at Joe's! Burma Shave!

Jack the only comment I wanted to make was that looking at that photo and having a touch of the flu is a really bad combo!

Ok...one more comment :) I haven't been spammed yet on my blog. So is that a good thing or a bad thing. It either means I have no readers but myself or somehow I've fallen out of the loop. Not sure how I feel about either of those choices. :)

As to the picture, yuck! Are you sure you're just not posing as a shill for Spam's competitors? (Does Spam have any competitors? Does anyone really want to compete with Spam?)

Problem with IP banning is it runs the risk (probably rare, however) that someone else will be dynamically assigned that IP address and be unable to comment.

If you start blocking IP addresses, you will in effect also block legitimate posters... most providers assign a dynamic IP address which 25 people use simultaneously. If they were to sign off and login again, their IP would also change.

Usually only broadband users have an individual or unique IP, while dial-ups tend to have dynamic ones (some -- although uncommon, can even change several times while online).

Hello Jack,

MT Blacklist is really a fire and forget script install. Have you actually tried to install it? You may be surprised. The black list works by banning Domains vs IP addresses. IP Addresses can be dynamically assigned by service providers domains however are another story each one needs to be purchased so when a comment spammer uses his domain address it becomes useless to him in trying to keep spamming comments.

THe Blacklist is maintained dynamically via RSS feeds. The Blacklist also prevents entries by keywords so spam that isn't on the blacklist can be stopped as well at least examined.

I have taken other steps to prevent spam by "bots" by renaming my mt-comments.cgi. They try running that on my blog and they get a rude surprise as well as being stuck at my IP address for a while. Since I have finished spam proofing my blog nada zip nothing like spam in the comments it is nice....

Clicky Web Analytics