September 30, 2004

MT Blacklist primer.

Since Linda & others have asked, this is just a quick backgrounder for Munuvians trying to get their heads around what Blacklist is and does.

Blacklist is a piece of code, or ‘plug-in’ that is installed into the core of Moveable Type to help block comment spam. Because it’s installed into the core of MT (not on individual blogs), its settings affect every blog at MuNu. And therein lies its greatest strength and its greatest weakness.

If a spam comment is received by one of us, and an appropriate entry made into the Blacklist as a result, any further attempts to add similar comments to any other MuNu blog will be automatically blocked. That’s good.

It also means that if a spammer dumps a huge amount of junk on us at once, before we have time to alert Blacklist to the problem, we can still retroactively add an appropriate entry to the Blacklist, then tell Blacklist to go back and look at all the last 1000 (or however many) comments, and automatically delete any that it finds that match the new criteria we just added, so we don’t have to delete them all by hand. That’s also good.

The problem is – blacklists are very blunt tools. They cannot think for themselves, so can only filter what we tell them to. That means for new spam, we actually have to get hit with it first, in order to tell Blacklist how to block it from then on. Also, if someone tells it to block the word flag, for example, then Blacklist doesn’t see a word, but a string of letters, and it will block any comments containing the word ‘flag’, but also any containing the word ‘conflagration’ or any others containing that string. And it will block such comments for every other blog on MuNu. So if one of us accidentally adds the text string ‘http://’ to the Blacklist (which recently happened) then every blog will block comments with that string. (it’s how blog addresses are entered in comment boxes, so it essentially disallowed almost all commenting.) That’s bad.

Blacklist allows us to enter both url’s to block, and individual words. It’s almost never a good idea to block individual words, because they’re guaranteed to be needed/wanted by someone else in some form or variation later. Much better to block the web addresses of the sites these scumsuckers are trying to advertise.

Because the scumsuckers also know exactly how MT Blacklist works, they are tailoring the content of their spam comments to cause problems for less experienced Blacklist users. It’s called the ‘poison pill’ approach, where they include a legitimate and important string in with the junk of their message, so that if you blacklist the comment without noticing, you’ll screw up a whole bunch of legitimate commenters for all MuNu blogs. This is how '' accidentally got added to the Blacklist recently, meaning that no one entering a yahoo email address could comment.

So, the bottom line is that unless you’re quite sure you know what you’re doing, it’s not a good idea to be adding entries to the Blacklist yourself. The good news is, you can still use Blacklist to help you. That’s the subject of the next post.

Posted by PaulT at September 30, 2004 04:21 AM

Yeah--I've gotten attacked by the spambots a fair amount lately, and I had been wondering if there were a central blacklist for exactly this purpose.

I've been keeping a list of evil IPs, so I'll check back to see what I'm expected to do to get these in the central database.

In the meantime, I'd be happy to "sign on" to a rule to the effect that we close our comments after two weeks. For the record, the freshest post I've had attacked by a spambot was 20 days old.

Thanks for staying on top of this, Paul and Pixy.

Posted by Attila Girl at September 30, 2004 05:36 AM
Live Comment Preview
Post a comment

Remember personal info?