Categories
Technology Weblogging

Comment spam? Or DoS?

Recovered from the Wayback Machine.

The topic about comment spam still rages, with people following the spammer’s tracks to shut them down or at a minimum harass them with bills and whatnot. The spammers then come back with, “It’s all legal, your comment forms are open.”

Well, yes and no. Try thinking of comment spam as a Denial of Service (DoS) and the legality changes, real quick. All it takes is using Movable Type with comment emailing turned on and then getting hit with close to 150 comment spams at once, as happened to me this morning before I shut the web server down to stop it.

When you have this many comment spams at once on Movable Type, with the associated activities such as database lookup, update, and email, then any and all other activity basically slows down to a crawl, or stops completely. Since the person deliberately triggers this many updates at once, it is a deliberate denial of service, and hence a DoS, and against the law.

This is the approach I’m taking to fighting back at comment spam of this nature.
If the spammer just did a few comments and I had better comment control, this wouldn’t bother me. But the recent multi-post blitzes, well they take down the system and I’m getting right tired of this.

I’ve already warned the company hosting the dial-up, and the company providing the nameservers – one more DoS and I’m filing a criminal complaint.

Mt-blacklist would have stopped the multi-post blitz, but I don’t have mt-blacklist installed – it stopped working for me with version 1.5, and still doesn’t work with version 1.6. Since I’m trying to move several webloggers to a new server, I don’t have time to work through what’s out of synch.

However, I do want to take this time to refresh my Movable Type wish list (and yes, Six Apart, you can put this into a commercial variety of the beast – just don’t go crazy on the fees, okay? )

Movable Type Comment and Trackback Wish List

Pretty please, sirs and lovely lady. May I have some more…

– Comment control: pull up and review comments by email, url, and IP address. Allow deletion based on all entries pulled up, or based on checks next to each item. Allow this at the installation level, not the weblog level – and also provide rebuild based on deleted entries

– Trackback control: ditto

– Blitz Prevention: Test to make sure the blitz doesn’t happen, this is really killing my system each time it happens. Restrict based on number of comments posted within an inhuman length of time for the same IP, or something of that nature.

(This is a real killer for me and I may hack the code myself to stop these blitzes, because I have a feeling I’m going to be getting these more frequently.)

I’d rather have these then blacklisting. We in the Wayward Weblogger co-op are already suffering because of uncontrolled blacklisting from SPEWS and I’m not sympathetic to banning in any form, though I can understand why people like this preventative measure.

(Not that I don’t appreciate Jay Allen and his mt-blacklist (which I wish I could get working again) – right now it’s the only thing standing between us the howling comment spammers at the door.)

As for the new wars: I think i’ts good we’re all fighting back, as long as we all remember something: anyone who we push can push back, and most of us share servers with others. When you say you’re going to put yourself on the line – you might want to spare a moment or two to the others you’re dragging along with you in your crusade. Be deliberate if you’re going to pick a fight, knowing all the consequences.