Upgrading the Defenses

Matt is right: captchas are irrelevant, and you’ll just push the spammers to TrackBack spam. I started seeing TrackBack spam yesterday, and it’s now getting nuts.

I’ve been using a combination of Kitten’s Spam Words, the Open Proxy Comment Checker, and Dougal’s TarPit for the last little while; it’s been effective, but not as much as I’d like. Per Matt’s recommendation, I’m giving Mark Ghosh’s Three Strikes a try on GFMorris.com, Kitten’s Spaminator a whirl here on IJSM.org, and Dr. Dave’s Spam Karma a try on GFMorris.org. Running multiple WP installs that are getting attacked by comment spam gives me an opportunity to evaluate the efficacy of each. They get spammed in the general volume ratio of GFMorris.com > IJSM.org > GFMorris.org, and that’ll have to be evaluated. I’m not going to do this quantitatively; I only wish that I had that kind of free time.

Frankly, I wish that we weren’t really deleting the comments out of the database, but rather flipping a flag that says, “This won’t appear in the WP system anywhere, but the data is still there so that we can continue to learn from the spammers.” That would be a great little bit to flip, don’t you think? Storage is relatively cheap. [I may be in the minority in this thinking, but I also have my own box and don't have storage concerns.]

I will leave the RMFO-Blogs About log with my status quo antebellum trifecta of plugins as a control. It sees about the same amount of spam activity as GFMorris.org does.

Update: The more I read about Spam Karma, the more I liked it. Beacuse of a need to support my RMFO-Blogs users, I’m using it and nothing else on the About log. Should be interesting to see how that goes.

Posted January 5th, 2005 in WordPress.

14 comments:

  1. [rmfo-blogs.com]: About:

    Testing Spam Karma
    As announced, The About Log is testing the Spam Karma plugin as its sole spam-stopping solution.

    I’m serious about comment spam; it’s a burden to have 50+ users, many of whom don’t have or can’t make the time to delete their spam, and a solution…

    January 5th, 2005 at 3:44 pm
  2. Jeff:

    “…captchas are irrelevant…”

    Only if you actually use trackback. I don’t, so the captcha is working beautifully for me. Obviously that’s not the choice that most WP users would make, but it makes sense for slidingconstant (where I get a handful of legitimate comments a year).

    In addition, I’m just pessimistic in general about content-based filtering. It’s only barely working for email.

    January 5th, 2005 at 3:54 pm
  3. Geof F. Morris:

    See, I’m not having a problem with content-based filtering for email at all. I have a spambox for SpamAssassin to dump my spam emails into, and I check it it every couple of weeks or so. I rarely find a single false positive. :shrug:

    January 5th, 2005 at 4:03 pm
  4. Mike:

    SpamKarma’s been working wonders for me in the five or six days that I’ve had it running.

    January 5th, 2005 at 5:13 pm
  5. Brad:

    What’s needed is some sort of central registry where WP blogs can automatically pull banned IPs from, and where WP admins can submit IPs to. Something similar to the Netcraft toolbar for phishing websites.

    I think it’d be conceptually very simple, just a list of IPs and how many WP admins had banned each IP. Then WP admins could have some kind of threshold for IP bans (say, I wouldn’t allow comments from IPs that have been banned by five other admins) in order to avoid spiteful IP bans (say I don’t like Geof, so to prevent him from commenting I submit his IP address). Tweaking would be needed to prevent abuse, but I think it could work somehow.

    Something’s needed in order to avoid having each and every single WP admin fight the battle alone. Hell, the list of IP addresses could be published by RSS and your WP site would pick it up once or twice a day…

    January 5th, 2005 at 7:03 pm
  6. Geof F. Morris:

    Brad:

    A few of the folks at the leading edge of the comment spam fight [mainly plugin writers] do make their banlists known. Others say that centralized systems don’t work.

    I know that, right now, some plugin writers are utilizing the RBL and other spam-oriented IP ban lists that have far greater scope than just WP. That makes sense to me, as does your proposal.

    January 5th, 2005 at 7:22 pm
  7. Brad:

    Yeah, I took a look at the one you linked to that does a DSBL lookup. It makes the assumption that blog comment spammers are run from the same places as email spammers. I don’t know how good that assumption is, but there must be some overlap. It’s a good start, I’d say.

    January 5th, 2005 at 8:23 pm
  8. Jeff:

    Even with a tweaked SpamAssassin setup (complete with force-feed training of all spam back into the Bayes mechanism), I still tend to get several spams a day. Most of it is REALLY obviously spam when I look at it. That’s small compared to what it successfully blocks, and I never have any false positives. However, it’s a sign to me that automated content filtering still isn’t “smart” enough. I’m not convinced it ever will be.

    (BTW, I also tried CRM114…you know, the one that claims 99.something percent accuracy? Nope. My mix of spam and ham was too weird for it. It actually started trending worse after a while. SA is much better for me…and requires much less feeding.)

    As far as weblog comments go, both the spamming techniques and the filtering software I’ve seen so far look a bit behind their email brethren. I don’t see why things won’t trend the same way, though. End result: we’re chasing the spammers instead of getting in front of them.

    …not that there’s a perfect way to get in front of them either. *shrug* My point isn’t that content filtering is terrible. Only that it’s not a silver bullet. Each of us has to find what works best for his/her own application.

    I will say this, though. I never thought about the captcha-trackback problem before I read this. I’m not sure I would have seen it coming even if I used trackbacks.

    January 5th, 2005 at 10:20 pm
  9. Jeff:

    Oh…and I agree with Brad on the blackhole list plugins. They seem to make the assumption that open email proxy == open web proxy. It’s a good try, but I’m not sure the right blackhole list exists.

    The three new gadgets look pretty interesting, though. Unsurprisingly, they appear to take a very SpamAssassin-ish approach (wide spectrum of tests). That really seems to be the way to go for content checking.

    January 5th, 2005 at 10:34 pm
  10. MtDewVirus:

    WordPress Plugins: Trackback And Pingback Moderation
    These two plugins basically do the same thing, but I wanted to keep them seperate. When you turn one on, it will automatically place either all trackbacks or all pingbacks (depending on the plugin) into the comment moderation queue. It’s meant as a si…

    January 5th, 2005 at 11:19 pm
  11. John Wilson:

    Spam karma did *nothing* for the types of spam I was receiving yesterday Geof. They kept trickling in, so I’m assuming that spammers have already adapted to some of the protections that SK offers.

    What I want is SK with a bayesian filter.

    January 6th, 2005 at 10:20 am
  12. Geof F. Morris:

    Well, best as I know, John, SK uses a Bayesian filter. Were you getting TrackBack spam, as I was? If so, what the spammers were doing was an end run on wp-comments.php and all plugins [including SK] that filter on that file.

    January 6th, 2005 at 11:24 am
  13. The Indiana Jones School of Management:

    Battle Testing Spam Karma
    Now let’s really run Spam Karma through its paces!

    I’m going to have it protect GFMorris.com—the Three Strikes attempt wasn’t acting much different than what I presently had—and I’ve removed all other protections. I even cleaned out my mode…

    January 6th, 2005 at 1:59 pm
  14. Darius:

    another two free web proxies

    http://anon.emigrantas.com
    http://proxy.emigrantas.com - text based

    August 6th, 2006 at 4:08 pm

Leave a response:

Note: This post is over 3 years old. You may want to check later in this blog to see if there is new information relevant to your comment.