December 31, 2004

Sticky A proposal for handling comment spam at MuNu

It's clear that comment spam and crapflooding have become such a problem at MuNu that they're interfering with Munuvians' ability to enjoy their blogs.

One of the challenges at Munu is that, because we are all connected under one MT install, changes or problems generated on one blog can cause difficulties or vulnerabilities for everyone else at the same time. In addition, we also have users of a wide range of experience, from almost none to Pixy-God.

However! This interconnected community can also be used to the advantage of all Munuvians if we choose to work with the situation, instead of against it.

What we need:

    A way for those without the ability to manage comment spam on their blogs (whether due to lack of experience or time) to have it taken care of for them, while allowing those with expertise to do so for themselves, and to assist others if they choose.

My suggestion:

    Set up a SpamControl Blog for MuNu. A group of experienced volunteers (preferably from a range of time-zones) can then be given the username and login info* for SpamControl.

Any Munuvian who wants to have spam control and Blacklisting handled for them can simply go to that blog to see instructions for how to add SpamControl to the list of authors on their own site, thereby giving SpamControl the ability to monitor, Blacklist, and clean spam from their site. They can also post comments there alerting SpamControl to unusual spam problems on their site, so volunteers can find and deal with them quickly.

(Pixy, I realise you've been doing this sort of thing already, but it's gotta be a Herculean task, & I think it's time you got some help.)

In addition, this blog would be a place for Munuvians to go to request that an authorised server administrator (probable just Pixy and 1 or 2 designates) use MTClose-2 to close (or open) old comments/trackbacks on their blog after an individually specified number of days.**

Lastly, Pixy, could you install this Close Comments plugin? It would provide those who are comfortable editing their templates the ability to close old comments themselves for just their blog by inserting a new tag specifying their preferences.

The end result:

    Munuvians who need help controlling spam would get it, with neither they nor the helpers having to wade through the unrelated posts here on Munuviana to get timely assistance.

    Munuvians who are able to help would be able to do so efficiently.

    Munuvians who are experienced in MT can continue to take care of themselves, but with an additional tool.


Feedback/improvements/additions please?


* By having only one author for SpamControl, blogs using the service wouldn't be cluttered with author names for each of the volunteers.

** Controlled simply by uploading the plugin when changes are required, then deleting it afterwards (since leaving it in place would cause the vulnerability Pixy has mentioned previously).

Posted by PaulT at December 31, 2004 11:37 PM
Comments
#1

What a great idea! And the close comments scripty thingy would be a welcome addition to the toolbelt ;-)

Posted by Gir at December 29, 2004 06:42 AM
#2

I'll install that plugin - it looks like a nice simple one.

The other thing we can do is move to MT3, which does handle this stuff a lot better. Unfortunately, there are still a few odd wrinkles in MT3, so I'm not about to force anyone off the existing version which is otherwise working fine.

The really annoying thing is we've mostly got spam under control now - and along come the crapflooders, who aren't looking to make money, but only to cause trouble. Evil tiny-minded vandals, who should be shipped off to Antarctica to work in the crushed ice mines for a few hundred years. Grrr!

Posted by Pixy Misa at December 29, 2004 12:48 PM
#3

Is there an easy way to handle the crap-flooders?

Blacklist works well enough for me (except for last week when I inadvertantly blacklisted aol.com -- I fixed it though), the crap-flooders are what drives me nuts.

At least I've figured out that they tend to flood in groups of four or five posts, so closing comments to those threads tends to fix 'em for the short term. I'm also noticing that they are coming in from IPs tied to domestic cable internet providers (primarily Cox, Comcrap & Verizon).

I don't want to block those providers by any stretch of the imagination, but is there a way to work with those providers to police their users?

Posted by mhking at December 29, 2004 01:58 PM
#4

I'll volunteer. I'm Am. EST and I'm POed by the crapflood. I was taken off the net for 3 to 4 days and received a good 450 spam comments. Anything to kick back at them would be great. I'd suggest the move to MT 3.X asap though, and then setting up Typekey. Simple and easy.

The crapflood is actually an attempt I feel to fill up MT Blacklist with junk domains and then deluge us with accurate ones that we can't easily block. Kinda clever.

Posted by Nick Queen at December 29, 2004 10:35 PM
#5

Let's shit tha beat outta the fargin bastages!

Posted by Madfish Willie at December 30, 2004 01:35 AM
#6

Gir: Yea, we need all the tools we can get our mitts on.

Pixy: Glad you think the plugin'll work, for those still on 2.6. I'm going to send along a couple of others - one in particular that improves dramatically on the lame (broken) comment throttle in 2.6. You'll need to evaluate it, but it looks like it could be a major help with the crapflooding. Just not sure if it might be a problem given the hundreds of blogs on MuNu.

It would be great to get everybody over to 3.1, but knowing that's going to take some time, (and as you say, many are happy with 2.6) it would be great to give those folks some options. Also, the SpamControl blog would still be useful for helping those on 3.1 who don't have the background in handling the Blacklist. Would you be comfortable with the procedure I laid out for the SpamControl Blog?

Michael: The reason you're seeing so much crap from the domestic cable internet providers, is because the vast majority of this crap is generated from 'innocent' users' computers that have been infected by trojans and controlled for use by the spammers. The always-on nature and network architecture of cable makes infection easy, and provides lots of bandwidth to spew this shit at others. Yet another reason to insure one's computer is clean!

Nick: Glad you're willing. I'm suggesting this'cause I'm PO's at the bastards getting any satisfaction out of the mess too. I'm sure Pixy'll let you know if he decides this is worth setting up.

I'm afraid I'm not a big fan of TypeKey, although Pixy's willingness to set up a local server for authentication helps somewhat. Unfortunately, the vast majority of casual readers to blogs simply won't bother with TypeKey... they just won't comment. Maybe it 'shouldn't' be that way, but it is. And even worse, TypeKey has already been compromised to use for spamming. It's nature allows it to react faster to banning, but the spammers can just continue to register new accounts as they get blacklisted. It's another version of the arms race, it seems to me.

I suspect you're right about the Blacklist hammering purpose of the crapflooders.

Madfish: Go get 'em! Sic 'em! ;)

Hopefully others will weigh in with what they think of this idea too.

Paul

Posted by Light & Dark at December 30, 2004 01:39 AM
#7

I'm fine with it so long as it doesn't affect anything I have to do. I get less than one unwanted spam/crap comment a week, so I'm fine the way I am. Could do with some more real comments,though. ;)

If all else fails, I still kinda like the idea of a password field, so long as the password is obvious. Like:

PASSWORD
Type the password in the field below. The password is qwerty. Type qwerty here:
[__________]

This lets every actual person in, but foils the spambots. Still don't know if it's possible though...

Posted by Tuning Spork at December 30, 2004 02:22 AM
#8

Spork:

That's the beauty of this proposal. Those who can handle the care and feeding of MT won't see any effect at all, aside from having another weapon in their arsenal, should they decide they need it.

Posted by Light & Dark at December 30, 2004 09:07 AM
#9

Yes! I really want a system wherein they can comment, as long as they can re-type the letters, numbers, or words they see in the little box, and prove themselves not a spambot.

I'm at the techno-ignorant end of the scale, but I'm willing to learn whatever I need to: most attacks affect 5-30 posts, but I had one that infested hundreds. I'm disgusted and discouraged.

Posted by Attila Girl at December 30, 2004 11:25 AM
#10

I'll second Attila Girl--I'm not very web-savvy either, but whatever it takes to stop these jokers, I'd love to do. I'm teachable. And, Pixy, how does one sign up for MT 3.1?

Posted by ilyka at December 30, 2004 09:32 PM
#11

Just testing a new anti-crap weapon.

No... Bit too effective.

Posted by Pixy Misa at December 30, 2004 11:57 PM
#12

I'm generally in favour of all of these suggestions.

I've also just put in a crap detector (a verion of MT Blacklist that I hacked up) which should help a lot.

Posted by Pixy Misa at December 31, 2004 02:05 AM
#13

I've installed the Close Comments plugin now...

Works, too.

Posted by Pixy Misa at December 31, 2004 02:21 AM
#14

Seeing as how I just got pounded in the, um, blog by over 214 of these pieces of crap, I'm in for whatever the group decides.

Also, any help getting the Close Comments plugin installed would be appreciated. I'm going to try and close comments for everything now.

Posted by Howard at December 31, 2004 08:38 PM
#15

I've installed the plug-in now, and so far, so good: they like to attack relatively old posts, and these shouldn't be available to 'em any more.

Seriously: it's been two days or so, and no new attacks.

Posted by Attila Girl at January 1, 2005 11:41 PM
Live Comment Preview
Post a comment









Remember personal info?