>-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >Sent: Thursday, September 02, 2004 12:28 PM >To: Matthew Hunter >Cc: SATalk; SURBL Discuss >Subject: Re: Applying SURBL against blog comment spammers > > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > > >Matthew Hunter writes: >> On Thu, Sep 02, 2004 at 09:36:29AM -0400, Chris Santerre ><[EMAIL PROTECTED]> wrote: >> > >-----Original Message----- >> > >From: Jeff Chan [mailto:[EMAIL PROTECTED] >> > >Sent: Thursday, September 02, 2004 3:24 AM >> > >To: SATalk >> > >Cc: SURBL Discuss >> > >Subject: Re: Applying SURBL against blog comment spammers >> > >On Wednesday, September 1, 2004, 11:25:40 PM, Matthew >Hunter wrote: >> > >> I just whipped up some code to reject trackback/comment spam >> > >> using a SURBL as a data source. Unfortunately, the people >> > >> spamming my weblogs aren't in multi.surbl.org, so I >will have to >> > >> maintain my own local blacklist server. >> > >> The single most useful thing that could be done wrt >fighting spam >> > >> in weblogs would be an SURBL source that had the offending >> > >> domains in it. I would offer to make mine public, but I don't >> > >> have the IP to spare at the moment... >> > >> Does anyone know of an appropriate SURBL list? >> > >Hi Matthew, >> > >We could perhaps set up a separate SURBL for blog spammers. >> > >It would be a slight shift in focus since the other SURBLs are >> > >all for email spam. Can you give an idea of how many records >> > >you have? >> > >Also have you tried Jay Allen's MT-Blacklist/Comment Spam >> > >list: >> > > http://www.jayallen.org/comment_spam/ >> > >It would be interesting to look at your data to see if there's >> > >much overlap with our existing lists. In the case of Jay's data, >> > >there's nearly none. >> > Hell I'm feeling a little saucy this morning so lets mull >this over. This >> > goes against Jeff's thoughts. But if they are spamming, >then just add them >> > to SURBL. Does it matter if they spam email or blogs? To >me, not really. >> > Adding them to the regular SURBL is sure to cause them some pain. >> > >> > Legit domains still get removed. >> > >> > SO I say, go ahead and add them. However I would like to >see an example of a >> > spam'd blog. I've never seen one. >> >> Here some some examples of trackback spam, which is perhaps best >> thought of as an automated hat-tip protocol. Let me know when >> you've seen them so I can delete them. These are new since >> sometime yesterday, I think (the last time I deleted this >> stuff). My SURBL update hasn't been posted to this site yet or >> it would have stopped these. >> >> http://www.triggerfinger.org/weblog/servlet/trackback/164.jsp >> http://www.triggerfinger.org/weblog/servlet/trackback/449.jsp >> http://www.triggerfinger.org/weblog/servlet/trackback/2799.jsp >> http://www.triggerfinger.org/weblog/servlet/trackback/3947.jsp >> http://www.triggerfinger.org/weblog/servlet/trackback/5053.jsp >> http://www.triggerfinger.org/weblog/servlet/trackback/5324.jsp >> http://www.triggerfinger.org/weblog/servlet/trackback/5484.jsp >> http://www.triggerfinger.org/weblog/servlet/trackback/5519.jsp >> http://www.triggerfinger.org/weblog/servlet/trackback/5556.jsp > >! I hadn't seen trackback spam before... > >> There's no standard comment API so I haven't fallen victim to >> that yet. Other bloggers have, but usually delete the >> comments ASAP... For comments, though, the simpler solution is >> probably to require an active user session (eg, session cookie >> accepted and returned from an earlier page). That can be >> programmatically done but it's harder. Parsing the comments >> for spam sign like email is, I think, inevitable in the long >> term. Well, that or requiring accounts to post comments. > >sample comment spams are easy enough to find. Google for >"comments movable cialis" ;) Here's one: > > <http://patch.stanford.edu/MT/mt-comments.cgi?entry_id=4> > >- --j.
GREAT example J! One links to : http://patch.stanford.edu/MT/mt-comments.cgi?__mode=red&id=25 which links to : buy-cialis.ws Which is NOT in SURBL!! (It will be today!) Because like Dr. Evil this is a pre-emptive Shhh! It is just a matter of time before this site is used in an email spam. I also see no difference between this blog spam and email spam. At all! --Chris
