-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Matthew Hunter writes: > On Thu, Sep 02, 2004 at 09:36:29AM -0400, Chris Santerre <[EMAIL PROTECTED]> > wrote: > > >-----Original Message----- > > >From: Jeff Chan [mailto:[EMAIL PROTECTED] > > >Sent: Thursday, September 02, 2004 3:24 AM > > >To: SATalk > > >Cc: SURBL Discuss > > >Subject: Re: Applying SURBL against blog comment spammers > > >On Wednesday, September 1, 2004, 11:25:40 PM, Matthew Hunter wrote: > > >> I just whipped up some code to reject trackback/comment spam > > >> using a SURBL as a data source. Unfortunately, the people > > >> spamming my weblogs aren't in multi.surbl.org, so I will have to > > >> maintain my own local blacklist server. > > >> The single most useful thing that could be done wrt fighting spam > > >> in weblogs would be an SURBL source that had the offending > > >> domains in it. I would offer to make mine public, but I don't > > >> have the IP to spare at the moment... > > >> Does anyone know of an appropriate SURBL list? > > >Hi Matthew, > > >We could perhaps set up a separate SURBL for blog spammers. > > >It would be a slight shift in focus since the other SURBLs are > > >all for email spam. Can you give an idea of how many records > > >you have? > > >Also have you tried Jay Allen's MT-Blacklist/Comment Spam > > >list: > > > http://www.jayallen.org/comment_spam/ > > >It would be interesting to look at your data to see if there's > > >much overlap with our existing lists. In the case of Jay's data, > > >there's nearly none. > > Hell I'm feeling a little saucy this morning so lets mull this over. This > > goes against Jeff's thoughts. But if they are spamming, then just add them > > to SURBL. Does it matter if they spam email or blogs? To me, not really. > > Adding them to the regular SURBL is sure to cause them some pain. > > > > Legit domains still get removed. > > > > SO I say, go ahead and add them. However I would like to see an example of a > > spam'd blog. I've never seen one. > > Here some some examples of trackback spam, which is perhaps best > thought of as an automated hat-tip protocol. Let me know when > you've seen them so I can delete them. These are new since > sometime yesterday, I think (the last time I deleted this > stuff). My SURBL update hasn't been posted to this site yet or > it would have stopped these. > > http://www.triggerfinger.org/weblog/servlet/trackback/164.jsp > http://www.triggerfinger.org/weblog/servlet/trackback/449.jsp > http://www.triggerfinger.org/weblog/servlet/trackback/2799.jsp > http://www.triggerfinger.org/weblog/servlet/trackback/3947.jsp > http://www.triggerfinger.org/weblog/servlet/trackback/5053.jsp > http://www.triggerfinger.org/weblog/servlet/trackback/5324.jsp > http://www.triggerfinger.org/weblog/servlet/trackback/5484.jsp > http://www.triggerfinger.org/weblog/servlet/trackback/5519.jsp > http://www.triggerfinger.org/weblog/servlet/trackback/5556.jsp ! I hadn't seen trackback spam before... > There's no standard comment API so I haven't fallen victim to > that yet. Other bloggers have, but usually delete the > comments ASAP... For comments, though, the simpler solution is > probably to require an active user session (eg, session cookie > accepted and returned from an earlier page). That can be > programmatically done but it's harder. Parsing the comments > for spam sign like email is, I think, inevitable in the long > term. Well, that or requiring accounts to post comments. sample comment spams are easy enough to find. Google for "comments movable cialis" ;) Here's one: <http://patch.stanford.edu/MT/mt-comments.cgi?entry_id=4> - --j. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Exmh CVS iD8DBQFBN0n/QTcbUG5Y7woRAr4DAJsHXOv+RXOdk8G0RYfoz7yoWKi9aACgl5tg NDZDz5EJifzZgrr0tb6FLXU= =G4OV -----END PGP SIGNATURE-----
