February 01, 2005

Die Spammers Die

Posted by Kieran

We’re dealing with a flood of trackback spam this morning. Sorry for even more inconvenience than usual. We will get around to upgrading eventually, even though my past self wisely tells me not to.

Posted on February 1, 2005 04:00 PM UTC
Comments

I never get bothered by spammers. To an almost hurtful degree I don’t seem to be their type.

Posted by Harry Hutton · February 1, 2005 04:13 PM

I had the same problem. Literally hundreds of trackback spams received during the night. I turned off trackback on my site. Grrrrrr.

Posted by Ed Felten · February 1, 2005 04:34 PM

I had the same problem. Literally hundreds of trackback spams received during the night. I turned off trackback on my site. Grrrrrr.

Posted by Ed Felten · February 1, 2005 04:39 PM

February 1, 2005

Dear Manager, Crooked Timber:

Thank you so much for adding our Lawrence Velvel link to the LAW blog listings on your 2/1/05 edition of Crooked Timber.

Dean Velvel is posting regular columns to his velvelonnationaffairs site concerning up-to-the-day events in Iraq, Washington, and other current hot spots, and these will certainly be of interest to the Crooked Timber readership.

In addition, we have upcoming news concerning both Books Of Our Time, our Comcast cable author/book discussion show, and recent published works from Dean Lawrence Velvel, and will be glad to share them with you and your readers.

Until then, much thanks and keep up the good work at Crooked Timber.

All best,

Robert Kent
rkent@mslaw.edu

Posted by robert kent · February 1, 2005 04:43 PM

Here’s an interesting and disturbing look behind the scenes: an interview with a link spammer.

Posted by Sven · February 1, 2005 04:44 PM

Might I suggest getting a copy of MT-Close and start closing all the old comments and trackbacks. I’d recommend closing all comments at least 2 weeks old and older. I myself go for 5 days old, and it has cut down on spam tremendously.

Posted by Steve · February 1, 2005 04:50 PM

Steve, I think they do that already — after a post leaves the home page.

Posted by Backword Dave · February 1, 2005 05:21 PM

Might I suggest getting a copy of MT-Close and start closing all the old comments and trackbacks.

We already have a little script that does that for comments more than a week old, and as of 5 minutes ago we now do it for trackbacks, too.

Posted by Kieran Healy · February 1, 2005 05:23 PM

“It’s German for ‘The Spammers The’”…

Posted by john b · February 1, 2005 05:42 PM

Would a Turing number help prevent some of the attacks?

“What is a Turing number?

A Turing number is a randomly generated image that displays a series of digits. A user attempting to login to his or her account must be able to read back the digits and correctly echo them back to the e-gold website. The purpose of the Turing number is to prevent automated access to accounts.

For the visually impaired, an audible turing number is available which provides the same benefits of the turing number, except that it is presented audibly rather than visually.”

Posted by Darren · February 1, 2005 05:57 PM

Ah, yes, many hundreds of attempted trackbacks on my site last night and this morning. None successful, since they all came via open proxies on the blitzed.org open proxy list.

I ‘spose I should write up a post on dealing with the critters, but until I get around to it, you might want to modify the mt-dsbl plugin to work with opm.blitzed.org instead of list.dsbl.org (which is mostly useless for current purposes).

Posted by Jacques Distler · February 1, 2005 07:40 PM

Darren, Would the Turing number help with Trackback spamming? Most of the Trackbacking I do from my blog is done automatically in some way—I don’t have to interact with the site I’m pinging. (Most of the Trackbacking I do seems not to work anyway, but that’s another story, I think.)

Posted by Matt Weiner · February 1, 2005 08:30 PM

My normal method of dealing with TB spam is to log into my web host account and rename the tb.cgi file to something else, usually tb.pl. I have a banner at the top of my blog which says whether comments and TB are on or off. Generally TB spam floods happen in one go, and are over after a few hours.

By the way, how does anyone know your TB addresses anyway? I’ve never been able to find them on any of your blog entries.

Posted by Yusuf Smith · February 1, 2005 09:29 PM

What’s the legal status of someone who hijacks open proxies like the spammer in the link above. Isn’t this a criminal offence? Not that this immediately resolves the problem, but it raises the stakes for all concerned. I note that the spammer claims that this is legal.

Posted by John Quiggin · February 1, 2005 10:40 PM

By the way, how does anyone know your TB addresses anyway? I’ve never been able to find them on any of your blog entries.

It’s right there when you “view source” on this entry:

http://www.crookedtimber.org/mt-tb.cgi/3128

in a little commented-out snippet of RDF. This is used for Trackback Autodiscovery.

In particular, that’s why the name of your trackback CGI script is not particularly relevant to these spammers. I’ve changed mine from the default “mt-tb.cgi”, but it’s only a little more work for the trackback spammer to find the new name using TB-Autodiscovery.

Posted by Jacques Distler · February 1, 2005 10:46 PM

To be more precise, the method you’re looking for is called a CAPTCHA ( completely automated public Turing test to tell computers and humans apart ). Most CAPTCHA’s consist of either a picture of some numbers or letters with some warping or other distortion, to fool automated software.

Posted by Michael · February 1, 2005 11:05 PM

To be more precise, the method you’re looking for is called a CAPTCHA…

CAPTCHAs have nothing to do with (stopping) trackback spam. Trackbacks are automated computer-to-computer communication. No human intervention is involved.

This post is about trackback spam. Why are people talking about CAPTCHAs?

Posted by Jacques Distler · February 1, 2005 11:27 PM

To be more precise, the method you’re looking for is called a CAPTCHA…

CAPTCHAs have nothing to do with (stopping) trackback spam. Trackbacks are automated computer-to-computer communication. No human intervention is involved.

This post is about trackback spam. Why are people talking about CAPTCHAs?

Posted by Jacques Distler · February 1, 2005 11:28 PM

The Spammers the

Posted by ha · February 1, 2005 11:39 PM

Jacques Distler said:

In particular, that’s why the name of your trackback CGI script is not particularly relevant to these spammers. I’ve changed mine from the default “mt-tb.cgi”, but it’s only a little more work for the trackback spammer to find the new name using TB-Autodiscovery.

Well, on my host a CGI script has to have a .cgi extension. So renaming it *.pl makes it inaccessible for spammers, or indeed anyone.

By the way, CAPTCHAs (used against comment spam, not TB spam) are inaccessible for blind people’s screen readers as well as spam-bots. It’s why I didn’t use this when I had a big comment spam problem, as one of my regulars is blind.

Posted by Yusuf Smith · February 2, 2005 12:13 AM

silly old past self. what do you have in common with him anyway?

Posted by belle waring · February 2, 2005 06:14 AM
Followups

→ Trackback Spammers.
Excerpt: Blocking automated trackback spammers.Read more at Musings
→ Trackback Spammers.
Excerpt: Blocking automated trackback spammers.Read more at Musings
→ Trackback Spammers.
Excerpt: Blocking automated trackback spammers.Read more at Musings
→ Trackback Spammers.
Excerpt: Blocking automated trackback spammers.Read more at Musings
→ Interview with a blog spammer.
Excerpt: Thanks to people like these, I eventually decided to turn off comments in this weblog. (via comment in Crooked Timber). I had over 50 trackback spams yesterday. But MT 2.6x makes deleting spam much simpler. But wading through this stuff is still very i...Read more at Random Notes
→ Trackback Spammers.
Excerpt: Blocking automated trackback spammers.Read more at Musings

This discussion has been closed. Thanks to everyone who contributed.