p2pnet comment spams
p2pnet.net News:- p2pnet’s comment spam problem is taking on interesting dimensions and I’m posting this in the hope that a reader somewhere will be able to shed some light on the where’s and why’s.
We’re being flooded by spurious posts, and I mean hundreds a day, leading to Chinese sex sites and pharmaceuticals, not to mention used cars, online poker and all kinds of other excreta.
A relatively small number arrive via voila.fr in France and missives to voila.fr abuse notwithstanding, the company doesn’t seem interested in dealing with the problem, not even bothering to reply. Thanks, voila.fr. Luckily, however, these are relatively few and fairly easy to deal with
And we now have a comment verification system which is stopping a lot of the e-junque at the gates. But some is still getting through, although it doesn’t last for long, thanks to the efforts of the hosts who are cancelling the accounts as soon as we tell them they exist. (On this, we’ve had a couple of suggestions from readers as to exactly why the comment spams are able to penetrate the verification shield, but they didn’t pan out.)
There is, meanwhile, one offender, by far the worst and which won’t go away, leaving comments on p2pnet pages old and new throughout the site, and without obvious rhyme or reason.
Here are some examples:
http://p2pnet.net/story/1533 This goes to Lockbox for digital radio, posted on May 24, 2004. But the spam therein (scores of the bloody things) apparently arrived on the page on different dates during this year. I didn’t look at all of them, but the accounts were cancelled on the ones I checked.
They seem to include the identical subject headers and text for just about every example I’ve seen so far.
http://p2pnet.net/story/453 is Do we have a deal for YOU !!! and was posted in 2003. But the fake comment posts all arrived today (October 4, 2006).
http://budunja.freewebpages.org/dtva/index.html was one of scores which arrived this morning, and which are still pouring in. It has ‘God and Chaos’ in the subject line and the text reads, “A brash princess takes revenge on a vindictive beggar, and romance ensues.
Others say, “A king raised by gypsies kills a wise pixie.” Then here’s, “The Citadel of the Twilight - A grief-stricken princess spies on a band of dwarves”.
FreeWwebpages.org, the host they all go back to, swears the accounts have been cancelled. But another 57 arrived while I was writing this and indeed, the six I looked at (http://budunja.freewebpages.org/dtva/index.html was one) all went to “Sorry, this account was closed due to abuse” and http://budunja.freewebpages.org/ goes to ” No INDEX.HTML Page Found”.
Killing these, and all the rest, off manually has become a daily chore. And no, I can’t do a blanket hunt-and-kill because genuine posts are interspersed. Is there a more efficient way of dealing with them? I’m comfortable around computers, but I’m no techie (ask anyone who knows me : )
If anyone has any ideas, I’d love to hear about them.
Cheers! And thanks …
Jon
p2pnet newsfeeds for your site.
rss feed: http://p2pnet.net/p2p.rss
Mobile - http://p2pnet.net/index-wml.php
October 4th, 2006 at 5:33 pm
whoi cares?
October 4th, 2006 at 5:50 pm
there still are weaknesses in the test; i’ll see what i can come up with to solve it.
October 4th, 2006 at 7:40 pm
Some of these comment spams could be what are called Joe jobs. Joe jobs occure when someone sends out a bunch of spam advertising a victim’s website in order to cause problem for the operator.
October 4th, 2006 at 11:05 pm
Jon, oftentimes it’s pretty easy to contain comment spam. A few ideas:
* Comment spammers tend to hit reply forms directly - check for the referrer and see if thy are actually coming from the article in question.
* Also stunningly effectful: measuring how long it takes someone to post a reply. If it takes less than, say, 10 seconds, there is a good chance he is a spammer. Or the comment isn’t worth posting anyway
* Only allow x comments per IP address per hour, or block IP addresses completely from commenting if they send too much.
* Captcha works too, of course - but I see you figured that ione out yourself
In the long run I would suggest to swtich to a more widely supported CMS. Most of them have comment spam solutions right out of the box nowadays.
Janko / http://www.p2p-blog.com
October 5th, 2006 at 4:34 am
Your security code image looks like it would be quite easy to read with some OCR software. Try breaking up the background a bit with a bold pattern. One thing I just thought of that I haven’t seen any one else do (which, I hope, means the spammers won’t have thought of it yet) is to make it an animated gif with a couple of different letters on each frame.
I know you can generate animated gifs automagically with imagemagick so there’s no reason why it couldn’t work.
October 5th, 2006 at 8:59 am
The only real spam that I have seen seems to be chinese, and they are using the chinese pictorial glyphs. Now that is unicode format, so what you can probably try to do is reject any post that contains characters outside the ascii range 32-126 which is basically every character that can be typed using just the normal key or with shift. That will put a stop to all chinese based spam since it is in chinese.
Furthermore, you can also drop any posts that contain html web links like <a href=”http://www.spammersite.com”>Viagra</a>. You could probably put a filter in place to scan the posts before they are posted too.
October 5th, 2006 at 7:52 pm
These spammers all post links, so the solution seems simple: reject any posts that have “http://” or “www.” in the post. So if the post contains obvious weblink components, it should get kicked back into “preview” mode. (which is preferable than losing someone’s post into the ether)
This should not be a big problem for most normal users - we can just say “Google.com” or “p2pnet.net” without giving the full link.
BTW: no solution you can possibly come up with will permanently stop spammers, but maybe it will give you a few moments of peace until the next cycle in this never-ending arms race.
Also, the text in P2Pnet’s images can easily be figured out with OCR methods that spam bots are now using. Better images now use distorted text that the bots can’t yet figure out.
October 5th, 2006 at 8:02 pm
When the spammers figure out how to get around that, the next step is to disable automatic linking - which sometimes even creates live weblinks in error.
Also, to find all the existing spam posts, develop a script that will collect all the posts containing weblinks, then these can be looked at for deletion. The script can also be designed to find keywords commonly used by spammers.
October 5th, 2006 at 9:59 pm
How about a time limit on posts? For example, any post newer than, say, 2 months past a story’s post date would be ignored and discared.
It won’t stop the spam, but maybe it will stop the spurious posts directed towards older stories.
October 6th, 2006 at 2:46 am
How about, at most, a few days after the article disappears from the front page? At that point, no one is going to be reading comments, anyway, and no one (except spammers) posting.
October 7th, 2006 at 7:17 am
Jon, arent you a bit of parasite yourself?
- the united front for the spam community (UFSC)
see: UFSCnet.net for more information
October 11th, 2006 at 10:09 pm
Askimet got all but one. The one got put in the moderation queu for having more than 1 hyperlink in it. I don’t get many legit comments at all. 16 total in the full lifetime of the blog (March 2006). This may impact P2PNet because my weekly news comments posts have half of the comment blocks based on and linking to P2PNet articles.
October 11th, 2006 at 10:12 pm
Oh I forgot. My whole site only gets an average of 125 page views per day! Which 100 of that is the blog and 24 of that (minimum) are comment spammers!