December 19, 2004

The Comment Spam Battle

I found this article from a link on Instapundit. The article is here at Netcraft but I'm going to quote the whole thing in the extended entry since it applies to us.

There may be hope

Comment spam attacks on Movable Type weblogs are straining servers at web hosting companies, leading some providers to disable comments on the popular blogging tool. The issues are caused by bugs in MT, forcing publisher Six Apart to recommend configuration changes while it prepares fixes.

The server load issues have affected “a number of web hosts,” according to Six Apart's Jay Allen, and are “especially evident in shared hosting environments.” Allen said the problems are tied to two bugs that cause Movable Type to rebuild posts even when no pages are being changed, allowing comment spam attacks to tie up server resources. Six Apart is promising a fix within 48 hours.

Comment spam, also known as link spam, is believed to boost a site's ranking in Google, which uses inbound links as a measure of a site's popularity. Spammers are using automated scripts to bombard weblogs with comments that include links to sites offering prescription drugs or porn. While weblogs on all platforms have been affected, Movable Type and its mt-comments.cgi script have become a particular target.


“Over the past two weeks, five hosts have in some way disabled MT or MT comments because of the server load they were creating,” writes MT blogger Reid Stott. “Not five little Mom & Pop hosts - at least three of them I’d consider serious to top-notch hosts.” Other bloggers also reported web hosts disabling MT scripts. One said their host, XO Communications, disabled MT after seeing 100 active connections to mt-comments.cgi, suspecting a denial of service attack was underway.

In shared hosting, dozens and even hundreds of sites can share the same web server, meaning that overactive scripts on a single site can impact many other customers. As a result, hosts will disable resource-hogging scripts, usually by changing their permissions so they can't be executed. Repeated problems can prompt a hosting company to ban a script or application from its servers. Movable Type users fear continuing comment spam problems could prompt such a “death sentence” from more hosts.

Six Apart, which also operates the TypePad blog hosting service, says it is working with web hosts on a resolution. “We have learned a lot from running TypePad, and we're working on a way to share that information out with the hosting community at large,” says Anil Dash of Six Apart.

While they await a fix, some bloggers are collecting tips and strategies to help reduce comment spam and server load. Six Apart says it is determined to fix the software, and develop broader solutions to the comment spam problem. “There is no higher priority to us than making sure that our customers and their websites are protected from the effects of these malicious attacks,” said Allen.

Posted by Stephen Macklin at December 19, 2004 01:08 AM
Comments
#1

Yep.

I've had to disable comments a few times too. Of course, I enable them again once the spamstorm has passed... Except when I forget.

Posted by Pixy Misa at December 19, 2004 10:01 AM
#2

Stephen:

Unfortunately, the measures they're talking about in that article, (and at 6Apart, currently) are only aimed at reducing the server impact of the spam being received, NOT at actually reducing the number of comment spams that get posted.

It's frustrating to see that the only time 6Apart seems to move quickly on this issue is when their profits are threatened (web hosts have been threatening to disable and/or disallow Movable Type on their servers due to the overload being created by spam processing).

6Apart's users have been struggling with the problem for almost a year, but it doesn't seem like much progress has been made to protect the users themselves. I'm a huge fan of 6Apart and MT & Typepad, but their 'free pass' on this issue is about to expire.

Paul

Posted by Light & Dark at December 20, 2004 03:29 AM
#3

Or you can do what I am hoping the Munuviana group all agree to do-shut comments after a certain amount of time. I shut off all comments older than one week. You have a comment you want to leave on an old post? Pick up the shattered pieces of your life and move on. I hate spam so much that I remove it as an option.

And NO-I won't join the Blacklist.

Posted by Helen at December 20, 2004 12:50 PM
#4

MT 3 will let you do that, Helen. All easy and happy and carefree! :)

Oh yeah, I was supposed to be setting some people up with blogs, wasn't I? (Hides behind sofa.)

Posted by Pixy Misa at December 20, 2004 01:48 PM
#5

How about the solutions noted below. Would these work? Can we do it?

http://www.rayners.org/2003/12/closing_comments_on_old_entries.php

http://q.queso.com/archives/001478

http://www.cadenhead.org/workbench/comment/2389

Posted by Dave at December 21, 2004 04:17 AM
#6

I'll take a look. I installed one comment-closy thing before, but it gave everyone access to closing comments on every blog, which seemed like an accident waiting to happen.

MT3 has several features along these lines, and I think they are configured individually for each blog.

Yes, I need to get more people set up with MT3. I'll do that tomorr - um, today. Later today.

Posted by Pixy Misa at December 21, 2004 02:27 PM
#7

Aargh! Comment spam! I hate comment spam!

Posted by Pixy Misa at December 22, 2004 03:54 AM