Spam Attacks!
Posted by Trejkaz Mon, 13 Mar 2006 00:53:00 GMT
Is it just me, or has this weekend been particularly heavy with spam attacks?
First, I have my email spam. Somehow, a whole bunch of spams throughout the weekend completely evaded by server-side spam filtering. Thunderbird picked them all up as spam by the time I logged in from work though, so perhaps I can just go and re-teach the filter being used on the server. Or perhaps I can implement something like greylisting and stop a few spammers before they even get the mail into the server.
Next, I had the misfortune of being notified by Jabber of several dozen comment spams being made to my blog (Jabber notification is quite good for this sort of instant notification – I managed to kill said spams in no time at all.)
The first surprising thing about this spam is that I have disabled non-AJAX commenting on this weblog. Therefore, spammers either (a) know how to execute JavaScript in order to submit forms (which is an extremely scary possibility) or (b) have figured out how to detect Typo-based weblogs and submit the spam via a direct POST in the same way that the JavaScript would do it. Either is possible, given the persistence of spammers.
The spams also cut straight through Typo’s spam filter, so either they weren’t from known IP addresses, or they weren’t linking to known spam URLs. And many of them, even though the content was the same, were from many different IP addresses (side-note: if anybody ever tries to tell you that Windows is no good for distributed applications, these world-wide networks of zombied Windows boxes should be proof enough that it works fine for such applications.)
The next annoying thing was a significant amount of trackback spam. Trackback spam is particularly irritating because the entire point of trackbacks is to be automatic. You can’t have something automatic and prevent spambots at the same time. Thankfully though, the trackback spam was performed as a large number of trackbacks on a small number of articles.
In any case, the band-aid measure I’ve taken is to now block comments and trackbacks after 30 days. That way at least I only have to monitor the past 30 days for new trackbacks and comments, which is all on the front page of Typo’s admin interface.
The measure I’m probably going to have to take, however, is requiring a CAPTCHA for posting comments. Perhaps I can go with the trivial math problem approach, if spammers haven’t figured that one out already. At least that one is accessible, unlike image-based CAPTCHAs. Another way would be to require OpenID authentication for all comments, but that would only stall spammers until they set up their own OpenID servers.
For trackbacks, though, I don’t know what I can do except for turning them off… perhaps we just need a better database of known spam URLs.