Ming the Mechanic:
Link Spamming

The NewsLog of Flemming Funch
 Link Spamming2005-02-02 17:02
by Flemming Funch

The Register: Interview with a link spammer. Well, yesterday I got over 600 phoney trackback entries in my blog. Might very well have been from that guy. Done through proxies from many different IPs, all promoting various gambling sites. Hard to compete with scumback programmers like that.

Hm, for regular comments it works alright to require the entry of some characters from a graphic. There is still spam coming in that way, but it is, I'm sure, done one at a time by manually entering it, so that's not too much of a nuissance. But I can't do that for trackbacks.

I suppose a partial answer would be to spider the site that does the trackback, to see if it really has a link to one's blog. A clever spammer could very well have the link, but he probably doesn't. I'll have to explore that. Another would be to block the sites that are being promoted, but they use so many different changing domains that that's hard to keep up with.

[< Back] [Ming the Mechanic]



3 Feb 2005 @ 13:32 by martha : Well the spammer is back
and seems to espeically like your log. I understand your problem. I have had to change my log back to members only since I also got hit again this morning.  

3 Feb 2005 @ 14:15 by ming : TrackBack Spamming
OK, I implemented some blocking features for trackback in my software for starters.

But, ah, didn't know about mod_security. Excellent! I will install that ASAP.  

3 Feb 2005 @ 16:14 by jazzolog : 'Nuff Said?
We had this problem at Upsaid.com recently. What that Webmaster did was to require both email and home URL for outside comments, rather than one or the other. If you don't have or prefer not to say an URL, you have to delete the "http://" which is there or the comment won't take. I think he has tightened some other screws as well, but the spamming of our Logs over there has stopped. It took him a month to deal with it.  

3 Feb 2005 @ 17:00 by dewf @ : captchas for trackbacks?
well, in theory, couldn't CAPTCHAs be used for trackbacks? it'd be sort of a hassle, but that's the point.

also, the idea of "bit gold" for spam seems like a good idea. until spammers get their hands on quantum computers anyway :) [ http://www.rpow.net/theory.html ]  

3 Feb 2005 @ 18:02 by ming : CAPTCHA
Well, {link:http://www.captcha.net/|CAPCHA} (stuff humans can read and type in, but which is hard for computers) is good for human entered comments, but I can't see it working so well for trackback. Most trackback is automatic. Of course the protocol could be changed, but part of what's nice about it is that it doesn't take any extra effort on blog owners to send a trackback.

Anyway, there seems to be very little actual comment spam after I started requiring the poster to enter some letters from a graphic. There are a few, but I suppose they're manually entered.

For trackback I suppose it is at least greatly lightened by using something like the mod_security meantioned above. And I also built some ways of blocking into the blog software itself here. Based on certain keywords, URLs, etc. Which isn't perfect, as those guys change those easily, but it ups the ante a bit, at least.  

5 Feb 2005 @ 15:25 by jstarrs : People being caught...

Other stories in
2014-11-01 17:33: The conversation of work
2007-02-24 14:20: Writing books in HTML/CSS
2007-02-05 15:21: Software is hard
2006-11-19 21:30: Thingamy
2005-12-14 15:15: Ruby on Rails
2005-03-19 16:04: Comment and Refererrer Spam
2005-02-23 21:34: Wikipedia
2005-02-22 17:32: Mail
2005-02-10 16:00: More Google wizardry
2005-02-04 15:14: The Six Laws of the New Software

[< Back] [Ming the Mechanic] [PermaLink]? 

Link to this article as: http://ming.tv/flemming2.php/__show_article/_a000010-001461.htm
Main Page: ming.tv