Comment spam alert
If it’s possible to access your comments by just incrementing a number, and possible to leave a comment by just sending an HTTP POST request (yes, Movable Type users, that’s you, among others), you should know that you are vulnerable to being flooded with comments. All it takes is a moron spammer like “Mike Johnson” of “www.las-vegas-real-estate-1.com” with enough scripting ability (very little) and gall (quite a bit) to write a script that starts with your first entry number and runs through to the last, sending POST after POST with his moron spammer website link and witless comment text.
I happened to be sitting at the computer when he started, so I managed to put “Deny from 208.57.58.205” (the moron spammer IP he was using at the time) in my root .htaccess file in time to stop him at only 120 comments. Then, thanks to Movable Type’s support for mySQL, I just needed to “DELETE FROM mt-comments WHERE comment-ip = ‘208.57.58.205’ AND comment_entry_id != 2000” (I left the one on entry 2000 just in case I want to see it again, but I edited it to not even give the moron spammer the victory of a single link). However, had I not been around, and not using mySQL, I’d say that deleting a comment from every single entry, one by one, through the MT interface, would have left me even more pissed off.
The odds of him using the same moron spammer IP address aren’t great, but even so you might want to consider adding your own “Deny from…”, possibly blocking all of 208.57 (unless you happen to know that you have a reader getting access from mpowercom.net).
Quick and dirty fix
I did some searching and found a quick fix for comment spam. This post is mostly just future reference for me to remember that I added this fix (for future MT upgrades), but I definetly recommend others adding this fix, as well. http://weblog.burningbi…
Spam comment attacks
So here I am, sitting down to eat some dinner, and I decide to quickly check my site. Boy am I glad. I quickly stopped a comment attack. I caught them before they could hit me with more than 22 comments, but if I had not, all 800+ entries on…
Blog Comment Spam
You know, I think I’ve just been blog-comment spammed. I hadn’t heard of this before, but a quick Google shows it’s not new or unique here. I get comments to any of my posts automatically emailed back to me, and upon hearing the ”ding!” from my email p…
More on Blog Comment Spam
Blog Comment Spam seems to be coming into vogue now; the blogs I participate in or run are getting it more and more often. Xpat.org, which I run with Sako, just got hit by an infamous ”penis-enlargement” spammer from China, who posts a very long list o…
Friday Feast #61: Unwanted Comments
I was absolutely horrified when I read Phil Ringnalda’s comment spam alert story last year in which a Las Vegas real estate agent used a script to try to autogenerate comments to every single one of Phil’s entries, including links to the spammer’s real…
Black Monday
Comment spam. It seems that everyone is either complaining about it, or coming up with ideas on how to deal with it. This one, by Jay Allen shows a great deal of promise. It’s going to be released tomorrow on…
Splat
And as if out of nowhere, ker-splat. Spam. Everywhere. Specifically, in the comments of the four blogs running on this
Commentary
I like blog comments. I understand why some folks don’t turn on the comments functionality in their blogs, either because…
MT: Effacer des commentaires
Pour faire du ménage (Weblogger.ch vient de le faire, car il était pollué par le spam ou par des commentaires de test … je ne fais pas de la censure) dans les commentaires dans votre blog, il y a trois solutions pour Movable Type [en]: Dans ls conso…
El spam como un cancer
El spam en el email se vuelve cada día más desesperante, aún con Spamassassin con un valor de filtrado de 5.0, el filtro deja pasar unos 30 spams al día a mi inbox y para otros 300, que aunque a mi no me molesta, es recursos y ancho de banda completame…
Comments?
Blog spammers are becoming a real problem these days.
And History Repeats
It’s really rather interesting that all the recent flutter about comment spam has already happened (two years ago, when comment spam first appeared on the scene). At the time, more than one (1, 2, 3) person talked about the very same issues that we’re …