spam?

[Simone Bettini]

Il giorno 11/feb/05, alle 17:40, Lawrence Lee ha scritto:

> Simone,
>
> There is a Manila comment callbacks available to directly deal with the
> comment box that you could tie into (and prevent updates from 
> overwriting):

I know, the drawback of that approach is that it returns a 403 
forbidden, so the spammer can realize the spam has been blocked and 
change the attack kind. I saw that happen almost once and in a very 
short time the bot came back with a slightly different message, 
different IP, circumventing my filters.

IMO the best approach is to simply block the comment and return a 200, 
so that it's less likely that the spambot detects the failure.

Simone

> http://frontier.userland.com/manila/callbacks/manilaComments
>
> An IP block isn't that effective because they have so many. Limiting 
> the
> number of links in a post is also helpful.
>
> There are also some other projects to block referer and comment spam: 
> the
> referer plugin from Thomas Creedon and the blocker.root.
>
> Lawrence Lee
> UserLand Software
> www.userland.com
>
>
>> -----Original Message-----
>> From: manila-newbies-bounces at userland.com
>> [mailto:manila-newbies-bounces at userland.com] On Behalf Of
>> Simone Bettini
>> Sent: February 11, 2005 5:31 AM
>> To: Manila-Newbies at userland.com
>> Subject: Re: spam?
>>
>> We had the very same problem on some of the manila blogs we
>> are hosting on our servers.
>>
>> I tried at first to prevent the spamming changing the form in
>> the manila function that generates and processes it, hoping
>> that the spambot did simply a post without previously loading
>> the form, but unfortunately it was able to prevent any of the
>> strategies I tried.
>>
>> I suppose such spam is generated from a script that drives a
>> real browser filling in the form and submitting it, so looks
>> like any client side strategy is defeated.
>>
>> The solution I found was to install a filter on the code that
>> receives the comment and checks if the body contains some
>> keywords and strings from a list I keep up to date, and in
>> such a case it simply doesn't save the comment.
>>
>> Since then I was able to prevent further spamming just
>> keeping the banned strings up to date. This approach may fail
>> as soon as the spammers will realize and start s.c.r.ambling
>> words, but as liks to sites can't be changed they can anyway
>> be used to stop the comments.
>>
>> Hopefully the introduction of the nofollow property with the
>> recent manila update will make many of them desist as part of
>> the benefit derived from spamming ceases.
>>
>> Unfortunately I had to change one of manila functions to
>> achieve the result and it is possible that further updates
>> will overwrite it, so I am keeping a copy of it apart to be
>> able to restore the spam filtering code, unless userland guys
>> will come out with a similar or better solution.
>>
>> Would you want to try installing my modified code just let me
>> know and I will clean up it a bit and let you have it. Keep
>> in mind that it will come with no guarantee and you will have
>> to go and edit manually the stopwords table as it lacks any
>> user interface.
>>
>> Simone
>>
>>   Il giorno 11/feb/05, alle 12:55, Paul Hampel ha scritto:
>>
>>> My blog has been getting spammed from an online poker/gambling site
>>> and an online drug company. Can you give me any ideas on
>> how to stop
>>> this? I've been deleting their memberships and messages,
>> but they come
>>> back in a few hours with even more stuff.
>>>
>>> Thanks!
>>>
>>> Paul Hampel , Technology Coordinator
>>> George Washington High School
>>> 215-961-2001
>>> http://blog.gwhs.phila.k12.pa.us/
>>>
>>
>
>