Weblogs under Spam attack

by Carla Schroder

Helloooo out there- in case anyone was wondering why years-old entries are suddenly the Top 25, it's because they're all getting spammed all to heck.

What's with Movable Type- isn't there some way to set it to filter spam, especially when the same spam is posted a few hundred times?

I still think spammers should be rounded up and "volunteered" for one-way missions to Pluto.


Chui Tey
2007-10-21 14:52:25
I've observed about 4 spams a day which beat reCAPTCHA over the past few days. Someone has released an uber spamming tool. I've turned off commenting until this blows over.
Roy Schestowitz
2007-10-22 01:46:30
I've had the same experience, so I've closed off comments (temporary? permanent?). Damn them zombie PC (IP diversity)...
Steven Rosenberg
2007-10-22 12:35:10
Carla, my blog, http://insidesocal.com/click -- is having this very problem. Why? You hit it -- Movable Type. We're on version 3.2 now, and the spam attacks have been huge and relentless of late.

If the sysadmins can ever figure out how to get the styles and tags to migrate over to MT 4.0, that's supposed to be the cure for MT's horrible spam problem.

I went from wide-open comments to "authenticated" comments through TypeKey.

The spam is gone, but I bet you can guess how many comments I've gotten since we made the switch.

If you guessed "none," you'd be right.

Chris Josephes
2007-10-22 14:08:25
You make some really good points.

(Did I fool you with that one?)

Carla Schroder
2007-10-22 20:56:02
Hi Chris! Nice site, thanks!


2007-10-22 22:45:21
That difficulty (the sort of all or nothing choice between leaving the gate wide open or making it onerous for even legitimate comments to squeeze through the door) in managing comments is one of the reasons I migrated away from MT. I run a pretty simple combination of moderation for every comment and the Akismet plugin and manage to spend very little time cleaning up crap.

I'm not a fan of TypeKey. I realize that Six Apart owns LiveJournal now but that walled garden sort of approach doesn't work as well on personal weblogs. I've migrated onward but I'm hoping that they'll scheme up something that makes the process more granular than either leaving the door wide open or becoming a clubhouse where non-members are unwelcome.

Oh, I use Wordpress now. I resisted the urge to recommend platform changes but thought it was a little weird to leave out what I moved to.

Steven Rosenberg
2007-10-23 12:22:32
Wordpress AND Blogger.com are both superior to Movable Type. But in my case, the corporate decision is made far above -- and far away -- from where I sit, dealing with the fallout.

The worst part about MT -- and that includes 4.0 is that the blog pages are still configured the "old" way -- with prebuilt pages that have to be rebuilt on the server whenever you make a change.

Try saving and republishing in quick succession in MT -- it's a waiting game that WordPress and Blogger users don't have to play. The latter systems build blog pages on the fly for users and make life easier and quicker for blog authors. C'mon, Movable Type, enter 2006 already!

Melody Jennings
2007-10-24 03:20:20
WordPress actually unwittingly contributes to these "ancient sites" being elevated and leveraged into the Top 25 through their seeming direct-connect to the major search engines and them including a default entry saying "Hello, World!"

This means every blog automatically starts out with this "first entry" already pinging at the portals of the security systems built into the ranking systems...errr...search engines...then they put all that other crap underneath and ugh...

I use WordPress but I haven't bothered opening up the comments section since I started it. Although it becomes a one-sided conversation trail, it helps prevent these kinds of attacks on our sanity... LOL! ;>) And the first thing I did was delete that auto-generated page once the account was active.

2007-10-24 03:22:23
A quick P.S.

These services need to give the end user some level of editing so that I can clean up things like my post showing up twice...

Sorry about that! Is there any way to delete it?

Carla Schroder
2007-10-24 08:06:46
Hi Melody,

Yes, dupes can be deleted by anyone with edit privileges, like the blog owner. (Tis done.) I imagine that giving edit privileges to people who leave comments would require them to register and set up accounts, so they could be authenticated. Can't have random edit powers.

2007-10-24 20:57:05
And before they are sent to their "mission" they should be unpluged from internet :)
2007-10-24 21:21:32
I keep wondering why nobody's got a short-term blacklist for blogspamming IP's like they have for email spammers.

My obscure little science-nerd blog gets several spam attempts per day sometimes. Oddly, it always seems to be the same one or two (old) posts that they try to spam. Do they sell lists of blog post URLs the way they sell lists of email addresses?

2007-10-30 23:39:17
I keep wondering why nobody's got a short-term blacklist for blogspamming IP's like they have for email spammers.

There is one. Look at Project Honeypot (currently offline for maintenance, but hopefully back soon). They have something called the http:BL and people made modules to check from all kinds of blog or cms engines.