Desperate Times….
Desperate times call for desperate measures.
After doing some log watching yesterday, I realized that almost 25% of the hits to my site were people attempting to spam a now-defunct weblog with trackback spam, as well as using spam referrers. After watching this for a while, I got pretty tired of seeing all these ads for poker and so on, so I started going on a rampage. No more Mr. Nice Guy, I thought. These machines aren’t even hitting valid URIs: they’re spamming something that hasn’t even existed for the past two months. I’m tired of it.
So I started blocking them. Each and every IP that came in bearing trackback spam, spam referer headers, or anything else was no longer going to touch my server. Unfortunate, yes, becase many of the machines which are doing these things have owners who are completely unaware of it. In some cases, the IPs may have been dynamic: there was more than one comcast IP address in there, and I’m pretty sure they don’t give out completely static IP addresses all that often. So, it may be that in blocking this spam, I’ve ended up blocking some legitimate users of my site, and that sucks.
However, I am very tired of deleting spam. I am tired of sorting through crap. I am absolutely tired of people talking the problem to death, because until the people doing these things actually start getting in trouble, nothing at all is going to change. The only way to stop people from spamming, be it email, weblogs or what have you, is to get to the people behind these attempts, and make it unprofitable. Sue them, charge them, whatever, but make it so that if they try and go about it in a way that no one thinks is right, they lose money. Because spammers still make plenty of money on spam. If they didn’t, they wouldn’t keep doing it.
Overnight, I received 90 trackback spams. Approximately 15 of these were new variants on spellings and so on to the point that they made it past my spam moderation filters. As a result, when Iwoke up this morning, I had a major spam problem to deal with. (Luckily for me, it’s my day off work. Unluckily, I’ve been spending most of it fighting spam fires. Annoying, really.)
I’ve turned on comment moderation. All comments must be approved by me. I’m not dealing with this stuff anymore. There is no no way that a spammer can get a comment onto the site and public without me seeing it first. I don’t like it, it’s annoying, and it’s troublesome to comment authors, but it’s worth it to me to be able ot know that no one is going to get a higher search engine ranking because of this site. I’ve started dropping access to any IP address which sends spam. If someone can’t get to my site, hopefully they can email me or something, but I just can’t take the crap that I get anymore. And it’s been helping. Hits to my now-defunct weblog have gone from a major hit count to a few silly aggregators which haven’t adapted yet. The trackback spam flood has slowed down (although not perfectly: I’ve gotten 6 while writing this post.) The message I’m trying to send is pretty simple: I don’t have the money to find you and sue you, but I’ll be damned if my site is going to be a way for your to peddle your wares.
Desperate times call for desperate measures. And I’m taking them.
On the plus side, I did notice a few things yesterday while watching my logs. First, I’ve somehow ended up as the first hit on Google for passive aggressive emo. I think Google heard me shouting, and decided I really meant it. I’m 7th for paris hilton phone hacked – which is amusing, because the post in question doesn’t contain any of the words other than “phone”: it’s a post about RDF toys on the phone. Sounds to me like Google could have used a bit more RDF in its storage mechnism there, seperating spam comments from the actual post content. Metadata would have fixed that bad search result.
I’m going to be looking into a more permanant solution to the problem soon. Right now, I’m passing IP addresses to iptables for dropping: as I said, I’m being a bit of a vigilante about the whole thing. I do want to make it so people can at least navigate the site without problems though, so I will be changing the way this is done around. I just wish it wasn’t neccesary.
February 21st, 2005 at 3:22 pm
Not that this is ethical or moral, but you could (but shouldn’t) send a decompression bomb as a gzip encoded response. Not sure how well it would work, but it might make you feel better.
February 21st, 2005 at 5:05 pm
This WordPress plugin is helpful. It allows a configurable window for new posts, during which comments can be submitted without moderation. In my experience, it takes about a week for the spammers to find a new post, so using this with a 7-day window does wonders for the efficiency of moderation.
If it’s helpful, cool. Either way, hang in there.
February 21st, 2005 at 6:05 pm
Jeff: Thanks for the tip. I may put that into use, however, it seems your spammers have tactics slightly different from mine. A number of the spam comments I received last night were on my most recent or second most recent post. In addition, I still get trackbacks on posts that I wrote a month ago, so I don’t really want to turn them off.
Thus far, they’ve been slowing down as I slowly block access to my machine from spamming IP addresses. That’s a plus to me, at least, even though it may mean someone can’t get to the site.
February 21st, 2005 at 8:57 pm
Not doing a captcha, or the “Comment will only show if comment author has a previously approved comment” tickbox?
February 23rd, 2005 at 12:49 am
Awesome rant! How ’bout a DDOS revenge?
February 26th, 2005 at 11:45 pm
d8uv: Captchas work fine for local comments, but all my spam these days (or most, anyway) is in the form of trackbacks, where you can’t do any of that kind of stuff. In addition, most of my trackbacks come from totally new hosts, so I’d rather just play it safe and block everything, and approve it myself.
For the time being, most of the spam seems to have died off, but I still occasionally get a couple dozen at once, then I block the IPs, and they go away for a while.
I really just wish spamming didn’t result in getting these people higher google rankings or clicks or whatever it is they’re looking for, so they would go away.
Randy: I don’t believe in fighting “fire with fire”. Not to mention the fact that this stuff is coming from dozens of different IP addresses: 72 different IP addresses in the iptables chain. So, it’s not something that could likely be very succesfully mounted, even assuming I did want to take that route, and I had dozens of hosts at my disposal.