On Thu, Sep 02, 2004 at 09:36:29AM -0400, Chris Santerre <[EMAIL PROTECTED]> wrote: > >-----Original Message----- > >From: Jeff Chan [mailto:[EMAIL PROTECTED] > >Sent: Thursday, September 02, 2004 3:24 AM > >To: SATalk > >Cc: SURBL Discuss > >Subject: Re: Applying SURBL against blog comment spammers > >On Wednesday, September 1, 2004, 11:25:40 PM, Matthew Hunter wrote: > >> I just whipped up some code to reject trackback/comment spam > >> using a SURBL as a data source. Unfortunately, the people > >> spamming my weblogs aren't in multi.surbl.org, so I will have to > >> maintain my own local blacklist server. > >> The single most useful thing that could be done wrt fighting spam > >> in weblogs would be an SURBL source that had the offending > >> domains in it. I would offer to make mine public, but I don't > >> have the IP to spare at the moment... > >> Does anyone know of an appropriate SURBL list? > >Hi Matthew, > >We could perhaps set up a separate SURBL for blog spammers. > >It would be a slight shift in focus since the other SURBLs are > >all for email spam. Can you give an idea of how many records > >you have? > >Also have you tried Jay Allen's MT-Blacklist/Comment Spam > >list: > > http://www.jayallen.org/comment_spam/ > >It would be interesting to look at your data to see if there's > >much overlap with our existing lists. In the case of Jay's data, > >there's nearly none. > Hell I'm feeling a little saucy this morning so lets mull this over. This > goes against Jeff's thoughts. But if they are spamming, then just add them > to SURBL. Does it matter if they spam email or blogs? To me, not really. > Adding them to the regular SURBL is sure to cause them some pain. > > Legit domains still get removed. > > SO I say, go ahead and add them. However I would like to see an example of a > spam'd blog. I've never seen one.
Here some some examples of trackback spam, which is perhaps best thought of as an automated hat-tip protocol. Let me know when you've seen them so I can delete them. These are new since sometime yesterday, I think (the last time I deleted this stuff). My SURBL update hasn't been posted to this site yet or it would have stopped these. http://www.triggerfinger.org/weblog/servlet/trackback/164.jsp http://www.triggerfinger.org/weblog/servlet/trackback/449.jsp http://www.triggerfinger.org/weblog/servlet/trackback/2799.jsp http://www.triggerfinger.org/weblog/servlet/trackback/3947.jsp http://www.triggerfinger.org/weblog/servlet/trackback/5053.jsp http://www.triggerfinger.org/weblog/servlet/trackback/5324.jsp http://www.triggerfinger.org/weblog/servlet/trackback/5484.jsp http://www.triggerfinger.org/weblog/servlet/trackback/5519.jsp http://www.triggerfinger.org/weblog/servlet/trackback/5556.jsp There's no standard comment API so I haven't fallen victim to that yet. Other bloggers have, but usually delete the comments ASAP... For comments, though, the simpler solution is probably to require an active user session (eg, session cookie accepted and returned from an earlier page). That can be programmatically done but it's harder. Parsing the comments for spam sign like email is, I think, inevitable in the long term. Well, that or requiring accounts to post comments. -- Matthew Hunter ([EMAIL PROTECTED]) Public Key: http://matthew.infodancer.org/public_key.txt Homepage: http://matthew.infodancer.org/index.jsp Politics: http://www.triggerfinger.org/weblog/index.jsp
