The Thinker

Update from the Spam Wars

You would think that if I were getting five comments per hour that would be a sign that I was running a successful blog. Alas, of the 178 comments I averaged in the last 36 hours, only one of them was a legitimate comment. The rest were spam masquerading as comments.

Fortunately, my Movable Type blogging software does a good job of filtering out these obnoxious spam comments. They are moved into a Junk Comments area. I can periodically delete them manually, or I can simply forget about them. I have Movable Type configured to automatically delete junk comments after one week. Occasionally I do scan them to see if there is a legitimate comment in there among all the obvious spam. If you sent in a comment that I did not post, please accept my apologies. It probably was inadvertently interpreted to be a junk comment. I simply do not have the patience to review a hundred or more comments a day to find the one comment in a thousand that is not junk.

At least blog comment spam is easier to deal with than the blog Trackback spam. It was a nice idea until the spammers discovered they could create phony trackbacks, which, instead of taking users to actual blog entries, took them to spam sites instead. I was averaging about 200 or more bogus trackbacks a day. After a couple years, with this abuse getting worse every day, I said enough. I turned off the trackback feature. Those who want to see my trackbacks can use a feature on Technorati.

The spam comments I get are the usual crap, but they tend to be topical. Texas Holdem Poker spammers keep sending me spam comments. Others are selling weight loss drugs like Phentermine. There is a whole subset of spam from those pretending to sell anti-impotence drugs. Others figure I or my readers must be perverts. I am not sure why my blog has been targeted for those who might be interested in black gay sex, but somehow I doubt those who are interested in it would be coming here. “Britney” leaves many comments, along with “Bill”, “Alena” and “Dave”. “Britney” just keeps writing me, often many times a day, sometimes within seconds of her last comment. “Not much is happening in my life right now”, Britney tells me pretty much every day. She is apparently she is obsessed with anal sex, so much so that she simply must include links to anal sex sites in her comments. I think she needs therapy, or a least a high colonic.

There are solutions to my comment spam problem. I could require anyone who leaves a comment to be first be authenticated. Movable Type offers just such a service called TypeKey. The problem is, of course, most commenters do not want to go through the hassle of the authentication process. Even if they do it, it is still a hassle to use it when leaving comments. Therefore, like most bloggers I turn off authentication and do my best to find the legitimate comments that come in.

I also run a phpBB forum (actually two of them). Here too, the spammers have been busy, since phpBB is the most popular open source forum software out there. Having to repeat numbers or letters embedded in an image in the registration no longer fazes them. They have written software that is able to decipher the symbols in the image. The spammer’s automated scripts then enter the numbers or letters into the registration form. phpBB allows a user to specify their web site and a signature block. Spammers will of course link to their spam sites in these fields.

I have tried a number of tactics to deal with these spam users on my forums. First, I turned on the feature that required administrator approval to add a new user. This turned out to be overly burdensome on me. I was constantly getting emails asking me to approve or disapprove new users. So I went back to requiring that new users reply to an email in order to complete registration. This would be fine except that phpBB by default shows unapproved users in the directory. And that suffices for spammers because it gives them the opportunity to have their email addresses and web sites made available to anyone who might be trolling through a forum’s user directory.

One tactic I have employed is this phpBB modification that won’t allow new users to enter website or signature information in their profile until they complete registration. Still, spammers are clever. They invent user names that describe what they are up to, like “freeringtoness” in the hopes that you will send them email or a private message. The Russians apparently have too much time on their hands. It appears that the majority of spam registrations come from them. If a user has an email address is from a .ru domain, watch out.

I have since developed two more coping tactics. First, I made a small modification to the user list function. It now shows only those users who have posted messages. Second, I wrote a little program that removes forum users who registered more than a week ago but never bothered to post a message or complete registration. I figure that if it bothers them, they can reregister later. I then set up a cron job to run this program automatically once a week. Spam problem solved, sort of. Occasionally a spammer will actually complete registration and post a message, and then I must manually delete their posts and delete their account. Right now, this is not hassle. Spammers are, if nothing else, persistent, so I figure eventually I will get dozens of these a day.

On the junk mail side, my strategy has not changed. My ISP (cox.net) offers server side junk mail removal, which I have enabled. Unfortunately, it does not catch all the spam. Still, it keeps my email box from being overwhelmed with spam. Therefore, I also use ChoiceMail whitelist software. (There is a free and somewhat crippled version of ChoiceMail that works for one POP account. The full featured version costs $39.95.) Those who make it through my ISP’s junk mail filter will still have to go through a challenge/response system, unless they know the magic words to put on the subject line. (Hint: if you want to send me an email, look at the right column of this page.) This works fine although I still scan my ChoiceMail Junk Box and Unknown Senders list periodically. Occasionally, there is something I want to read or know about.

If the past is any guide, I will have to maintain vigilance and continually refine my strategies for coping with spam. Perhaps I should try the strategy AOL was promoting: demand payment to have spam arrive in my inbox. I just hope my ISP does not start trying this strategy too.

 

One Response to “Update from the Spam Wars”

  1. 1:17 pm on August 9 2006, Rob said:

    Mark, I’m a very happy user of FastMail. FM uses SpamAssassin to manage spam and does a great job! I highly recommend FM to you and your readers!

Leave a Reply

Switch to our mobile site