Comments on: Die spammers die!

By: Dorothea Salo

Dorothea Salo — Wed, 30 Nov -0001 00:00:00 +0000

Try taking out some quotation marks, especially around ^$. I don't know why, but I have a rule relating to ^$ also, and it just wouldn't fly if I quote-marked it.

By: pjm

pjm — Wed, 30 Nov -0001 00:00:00 +0000

I think I'm with Dorothea on that. The ^ and $ are regular expression special characters to anchor the match at the start and end of the string (^ is start, $ is end) so ^$ is, specifically, a null string. I don't think the quotes are necessary, because there's nothing to quote.

By: Laurabelle

Laurabelle — Wed, 30 Nov -0001 00:00:00 +0000

I've taken out the quotation marks, because it shouldn't hurt. Still, I think that if that were failing, I wouldn't be able to access any file in my MT directory, and I can. The rule is deny-everyone-except-local where local is defined as niceperson.org or a blank referer, so if the blank referer weren't matching, then I wouldn't have been able to load mt.cgi like I did a few minutes ago. I did some Googling after I posted, and I think perhaps Apache just isn't configured to recognize or use .htaccess. I'll drop a line to my Friendly Neighborhood Sysadmin.

By: Laurabelle

Laurabelle — Wed, 30 Nov -0001 00:00:00 +0000

Okay, I know for sure that the rule works on my /images directory, because it blocks images from showing in the preview of my Atom feed on Bloglines. If anyone cares, the rules for images are the same as what I was trying in my MT directory, except that it applies only to image files: Order deny,allow Deny from all Allow from env=local_referal This has the same effect as the ModRewrite rules I wrote almost two years ago, but it's much easier on Apache. As I understand it, ModRewrite is powerful but heavy, so it's generally more efficient to use normal rules when possible.

By: pjm

pjm — Wed, 30 Nov -0001 00:00:00 +0000

Renaming mt-comment and mt-tb are both very good and useful steps. I've found that adding some caps to the new names is also helpful - if their bots find the new names, apparently they're not always bright enough to do so in a case-sensitive way. That plus MT-Blacklist has had me spam-free for a few months now. W.r.t. Ed's mod_rewrite rule, he left a comment on my entry suggesting that what he was seeing wasn't specifically referrer spam - it seemed to be attempts to exploit his site as an open proxy, with referrer spam just piggy-backed on. So it's no wonder his rules don't always help us. I just left 'em out and went with the regex plus user-agent block, which has helped hugely.

By: Laurabelle

Laurabelle — Wed, 30 Nov -0001 00:00:00 +0000

Ohhhh, that makes sense (about Ed's rule). It also correlates with other things I've been reading about referrer-spammers exploiting open HTTP proxies in order to mask their true origins. Good idea about case-sensitivity. I'll institute that when I'm done posting this comment. I don't black-list, but I use MT-Bayesian. It filters spam very effectively; unfortunately it's apparently going through a phase of marking everything as spam. 90% of my own comments get marked as spam!

By: ptt_

ptt_ — Wed, 30 Nov -0001 00:00:00 +0000

some comments pages use the "type the letters you see in this image" hurdle, to allow only humans to comment

By: Laurabelle

Laurabelle — Wed, 30 Nov -0001 00:00:00 +0000

True, but that's a different problem from the one I was trying to solve with blocking referers. :-) What you describe is called a "captcha," and I don't find that I need that right now. I've actually more or less solved the comment-spam problem. (Maybe I'm just not popular enough for anyone to try to circumvent the measures I currently have in place.) Trackback spam isn't susceptible to captchas, of course, but I haven't had too much of a problem with that either.

By: Jeff

Jeff — Wed, 30 Nov -0001 00:00:00 +0000

Captchas can also be defeated in a couple ways. Advanced OCR techniques can defeat most simple captchas and even some of the more distorted ones, but there is always the ability to get a human to overcome a captcha for the spammer.

One scenario (reported to be in use): Porn site operator and spammer needs yahoo.com accounts, so he writes a script to autofill in the form, captures the captcha, feeds it to his "new user" page, gets some schmuck to sign up, decode the captcha, and when the yahoo.com email account has been verified, the schmuck gets his porn, and he just thinks that the porno page has implemented a captcha itself.

Anyway, between "social engineering" techniques and advanced pattern recognition algorithms, captchas are just another arms race.

Jeff

By: Laurabelle's Blog

Laurabelle's Blog — Wed, 30 Nov -0001 00:00:00 +0000

Google and comment spam

This weekend I noticed that Googlebot had started indexing the URLs of my newly renamed comment script, even though it...