Die Spammers Die

by Kieran Healy on February 1, 2005

We’re dealing with a flood of trackback spam this morning. Sorry for even more inconvenience than usual. We will get around to upgrading eventually, even though my past self wisely tells me not to.

{ 21 comments }

1

Harry Hutton 02.01.05 at 4:13 pm

I never get bothered by spammers. To an almost hurtful degree I don’t seem to be their type.

2

Ed Felten 02.01.05 at 4:34 pm

I had the same problem. Literally hundreds of trackback spams received during the night. I turned off trackback on my site. Grrrrrr.

3

Ed Felten 02.01.05 at 4:39 pm

I had the same problem. Literally hundreds of trackback spams received during the night. I turned off trackback on my site. Grrrrrr.

4

robert kent 02.01.05 at 4:43 pm

February 1, 2005

Dear Manager, Crooked Timber:

Thank you so much for adding our Lawrence Velvel link to the LAW blog listings on your 2/1/05 edition of Crooked Timber.

Dean Velvel is posting regular columns to his velvelonnationaffairs site concerning up-to-the-day events in Iraq, Washington, and other current hot spots, and these will certainly be of interest to the Crooked Timber readership.

In addition, we have upcoming news concerning both Books Of Our Time, our Comcast cable author/book discussion show, and recent published works from Dean Lawrence Velvel, and will be glad to share them with you and your readers.

Until then, much thanks and keep up the good work at Crooked Timber.

All best,

Robert Kent
rkent@mslaw.edu

5

Sven 02.01.05 at 4:44 pm

Here’s an interesting and disturbing look behind the scenes: an interview with a link spammer.

6

Steve 02.01.05 at 4:50 pm

Might I suggest getting a copy of MT-Close and start closing all the old comments and trackbacks. I’d recommend closing all comments at least 2 weeks old and older. I myself go for 5 days old, and it has cut down on spam tremendously.

7

Backword Dave 02.01.05 at 5:21 pm

Steve, I think they do that already — after a post leaves the home page.

8

Kieran Healy 02.01.05 at 5:23 pm

Might I suggest getting a copy of MT-Close and start closing all the old comments and trackbacks.

We already have a little script that does that for comments more than a week old, and as of 5 minutes ago we now do it for trackbacks, too.

9

john b 02.01.05 at 5:42 pm

“It’s German for ‘The Spammers The'”…

10

Darren 02.01.05 at 5:57 pm

Would a Turing number help prevent some of the attacks?

“What is a Turing number?

A Turing number is a randomly generated image that displays a series of digits. A user attempting to login to his or her account must be able to read back the digits and correctly echo them back to the e-gold website. The purpose of the Turing number is to prevent automated access to accounts.

For the visually impaired, an audible turing number is available which provides the same benefits of the turing number, except that it is presented audibly rather than visually.”

11

Jacques Distler 02.01.05 at 7:40 pm

Ah, yes, many hundreds of attempted trackbacks on my site last night and this morning. None successful, since they all came via open proxies on the blitzed.org open proxy list.

I ‘spose I should write up a post on dealing with the critters, but until I get around to it, you might want to modify the mt-dsbl plugin to work with opm.blitzed.org instead of list.dsbl.org (which is mostly useless for current purposes).

12

Matt Weiner 02.01.05 at 8:30 pm

Darren, Would the Turing number help with Trackback spamming? Most of the Trackbacking I do from my blog is done automatically in some way–I don’t have to interact with the site I’m pinging. (Most of the Trackbacking I do seems not to work anyway, but that’s another story, I think.)

13

Yusuf Smith 02.01.05 at 9:29 pm

My normal method of dealing with TB spam is to log into my web host account and rename the tb.cgi file to something else, usually tb.pl. I have a banner at the top of my blog which says whether comments and TB are on or off. Generally TB spam floods happen in one go, and are over after a few hours.

By the way, how does anyone know your TB addresses anyway? I’ve never been able to find them on any of your blog entries.

14

John Quiggin 02.01.05 at 10:40 pm

What’s the legal status of someone who hijacks open proxies like the spammer in the link above. Isn’t this a criminal offence? Not that this immediately resolves the problem, but it raises the stakes for all concerned. I note that the spammer claims that this is legal.

15

Jacques Distler 02.01.05 at 10:46 pm

By the way, how does anyone know your TB addresses anyway? I’ve never been able to find them on any of your blog entries.

It’s right there when you “view source” on this entry:

http://www.crookedtimber.org/mt-tb.cgi/3128

in a little commented-out snippet of RDF. This is used for Trackback Autodiscovery.

In particular, that’s why the name of your trackback CGI script is not particularly relevant to these spammers. I’ve changed mine from the default “mt-tb.cgi”, but it’s only a little more work for the trackback spammer to find the new name using TB-Autodiscovery.

16

Michael 02.01.05 at 11:05 pm

To be more precise, the method you’re looking for is called a CAPTCHA ( completely automated public Turing test to tell computers and humans apart ). Most CAPTCHA’s consist of either a picture of some numbers or letters with some warping or other distortion, to fool automated software.

17

Jacques Distler 02.01.05 at 11:27 pm

To be more precise, the method you’re looking for is called a CAPTCHA…

CAPTCHAs have nothing to do with (stopping) trackback spam. Trackbacks are automated computer-to-computer communication. No human intervention is involved.

This post is about trackback spam. Why are people talking about CAPTCHAs?

18

Jacques Distler 02.01.05 at 11:28 pm

To be more precise, the method you’re looking for is called a CAPTCHA…

CAPTCHAs have nothing to do with (stopping) trackback spam. Trackbacks are automated computer-to-computer communication. No human intervention is involved.

This post is about trackback spam. Why are people talking about CAPTCHAs?

19

ha 02.01.05 at 11:39 pm

The Spammers the

20

Yusuf Smith 02.02.05 at 12:13 am

Jacques Distler said:

In particular, that’s why the name of your trackback CGI script is not particularly relevant to these spammers. I’ve changed mine from the default “mt-tb.cgi”, but it’s only a little more work for the trackback spammer to find the new name using TB-Autodiscovery.

Well, on my host a CGI script has to have a .cgi extension. So renaming it *.pl makes it inaccessible for spammers, or indeed anyone.

By the way, CAPTCHAs (used against comment spam, not TB spam) are inaccessible for blind people’s screen readers as well as spam-bots. It’s why I didn’t use this when I had a big comment spam problem, as one of my regulars is blind.

21

belle waring 02.02.05 at 6:14 am

silly old past self. what do you have in common with him anyway?

Comments on this entry are closed.