Feed Icon  

Contact

  • Bryant Likes
  • Send mail to the author(s) E-mail
  • twitter
  • View Bryant Likes's profile on LinkedIn
  • del.icio.us
Get Microsoft Silverlight
by clicking "Install Microsoft Silverlight" you accept the
Silverlight license agreement

Hosting By

Hot Topics

Tags

Open Source Projects

Archives

Ads

Interview with a Comment Spammer

Posted in General at Monday, January 31, 2005 10:17 AM Pacific Standard Time

At The Register via Backcountry Conservative:

So Sam, like other link spammers, uses the thousands of 'open proxies' on the net. These are machines which, by accident (read: clueless sysadmins) or design (read: clueless managers) are set up so that anyone, anywhere, can access another website through them. Usually intended for internal use, so a company only needs one machine facing the net, they're actually hard to lock down completely.

Sam's code gets hundreds of open proxies to obediently spam blogs and other sites with the messages he wants posted. They usually target comments to old posts, so they won't show up to people reading the latest ones, though search engine spiders will spot them and index them.

This explains why you see so many different source IP addresses when you look at a comment spam run in the log files. They are using web proxies. That is why it is so hard to stop them based on IP filtering. However, the article reveals what really works against comment spammers:

So what does put a link spammer off? It's those trusty friends, captchas - test humans are meant to be able to do but computers can't, like reading distorted images of letters. "Even user authentication can be automated." (Unix's curl command is so wonderfully flexible.)

"The hardest form to spam is that which requires manual authentication such as captchas. Or those where you have to reply to an email, click on a link in it; though that can be automated too. Those where you have to register and click on links, they're hard as well. And if you change the folder names where things usually reside, that's a challenge, because you just gather lists of installations' folder names."

So adding a captcha control is effective. I would have to say I think this is true. Since I added the captcha control to blogs.sqlxml.org I haven't seen a single comment spam. If you're not using one, it is easy to implement.

Comments are closed.