Recovered from the Wayback Machine.
I’m not starting up Burningbird but a lot of good people were hit badly by a very sophisticated comment spam attack, including the Wayward webloggers who I’m responsible to.
The attackers this time only posted three comments to each post, each with different names, and different URLs. They either used spoofing or they’ve harnessed open computers to submit the comments – I think they’ve used traditional DDoS attacks this time, so be careful using IP banning, you could be banning innocent people.
Did mt-blacklist work? No. As I’ve said before, spammers have better habits then so-called legitimate developers, because they listen to their ‘customers’ and adapt accordingly.
In the meantime, clean up:
The only easy way to clean up is directly in MySQL. Even *mt-blacklist will require that you hunt down each individual URL and delete it – time consuming. If you don’t know how to access MySQL then ask for help in comments, send me an email, or ask help from your friends online.
In MySQL directly, or through PHPAdmin, to remove the comments, use the following:
delete from mt_comment where comment_created_on > ‘2004-01-12 15:40:08′;
Change the date to fit your needs, the format is yyyy-mm-dd hh:mm:ss. This will delete all comments after the timestamp. Be careful or you’ll lose comments you want to keep. In fact, always make a backup before you start global deletions. You can use mysqldump to back up your entire database at any time (check MySQL site for how to use mysqldump). Or you can use MT’s backup.
Once deleted, rebuild your site to clear the comments from your pages.
If you want, you can turn off comments on all entries older than 30 days using the following SQL:
update mt_entry set entry_allow_comments = 2 where
TO_DAYS(NOW()) – TO_DAYS(entry_created_on) >= 30;
This closes comments on all entries 30 days old or older. Most comment spams are on older content, which are also less likely to have legitimate comments so this isn’t a bad option. You can run this yourself manually every week or so, or you can add it as a cron job. If you’re unfamiliar with cron, holler.
The spammers have gotten smarter. Eventually if you restrict their access enough, you’ll shut down comments to everyone. The only true solution to this problem is better comment management in MT. However, if you feel as clever as the spammers, perhaps you need to attend a smart people conference, come up with nifty, neato, just gee wiz smart solutions (put into the public domain of course, with the cutest little cc brand.)
This is a short-term post, with comments allowed for now. However, with the keywords in the post, it’s now a target for comment spammers, so I’ll be closing comments in a couple of days, and then put the post into draft mode – the individual page will still exist, but it will disappear from comment posting as well as this front page.
Note that the more metablogging talk you do in your weblog, the more you use the words ‘comment’ and ’spam’ or ’spammer’, the more you make yourself a victim. That’s how they’re finding your posts. I imagine that they had a bit of a chuckle when they made this run.
For all the mt-blacklist users, if you’re using global lists and not checking that legitimate URLs have been inserted, then chances are you’re opening your system up for a poison pill attack – causing your system to filter common, legitimate URLs, and hence making the mt-blacklist less reliable. The technique is common in email spam, as outlined by Ken Coar. Something to think of next time you import several hundred entries, depending on technology when the spammers depend on their brains.
However, makes no nevermind to me what you do. I’m just passing through.
There is an MT plug-in that allows you to turn off comments on older postings. I haven’t tried it, but others have and it seems to be working. It’s at http://www.rayners.org/2003/12/27/closing_comments_on_old_entries.php.
Previous writings on comment spam: