1 nomad Mar 16, 2006 00:52
3 nomad Mar 16, 2006 09:38
Thanks. But I suppose I'll have to try the guest-account alternative. 114 comment spams tonight! 8|
4 topanga Mar 16, 2006 10:21
I know.
I'm lucky to publish mainly in dutch.
It's only my english posts who are disturbed by comment spam..
That means :
Consult my own blog several times a day.
Examine all comment spam to see if there is a common url or a common piece of sentence and ban that localy
5 nomad Mar 16, 2006 10:26
You're correct, it's only my English blog that gets spam. I've blocked millions of URLS, the recent attack uses google links like http://www.google.com/url164 ! Of course, you cannot block then, I have to delete all the comments manually
6 nomad Mar 16, 2006 10:38
Hm I guess the guest account was no good idea ... everybody can change the guest account settings. So now I've stopped the spammers (more than 150 during the last six hours) after letting only registered users comment
7 unclespeedo Mar 16, 2006 10:44
nomad wrote:
You're correct, it's only my English blog that gets spam. I've blocked millions of URLS, the recent attack uses google links like http://www.google.com/url164 ! Of course, you cannot block then, I have to delete all the comments manually
block url164 localy nomad, fwiw my server is getting pounded right now, comment and referral spam, the lame thing is most of the comments have no url in em at all, this is retarded.
8 nomad Mar 16, 2006 10:57
Thanks! Good idea. I also blocked html4897. Saved me a lot of work, thanks!
9 topanga Mar 16, 2006 11:38
We will have to think like humans...
and than we can handle.
10 edb Mar 16, 2006 14:58
nomad wrote:
You're correct, it's only my English blog that gets spam. I've blocked millions of URLS, the recent attack uses google links like http://www.google.com/url164 ! Of course, you cannot block then, I have to delete all the comments manually
You certainly CAN block that locally, and you certainly SHOULD report it! Just don't ban and report only the google.com part! Include the /url164 part and it will not block something that does not contain the full 'google.com/url164' string.
Same with ANY spam that includes a URL that seems right but isn't real.
I just reported the link mentioned above (including the http part, which I shouldn't have) and another that gave me over 100 spam comments in the past 8 hours - 'google.com/bb497'.
Very soon I'll go into the antispam keyword list and publish appropriate keywords to address the three 'fake googles' that have been identified in this thread. A quick look tells me we've got hundreds of reports for various versions of those keywords.
Another one I'll be banning is the full text of most of these comments AND I'll be reporting it even though it will probably never be published as a keyword. The text I want locally banned is "Hi ! Your site is very interesting. Thank you." because that will block another 100+ comments that did not have a URL in them.
Feel free to report anything you ban locally! On the other side of your reporting we look at all of it and make the best decision we can about what to publish. Without reports how will we know?
11 topanga Mar 16, 2006 15:18
EdB wrote:
Feel free to report anything you ban locally! On the other side of your reporting we look at all of it and make the best decision we can about what to publish. Without reports how will we know?
I was afraid of 'spamming' the antispamsite, that you, EdB, are caring for.
But if you want us to do it, we'll do ;)
12 nomad Mar 16, 2006 15:25
I do always - or mostly - report spam that I ban locally. Today, the b2evo-server has been down, though
13 edb Mar 16, 2006 15:31
I know it's asking for trouble on the inside, but the more reporters the more we know it's a rampant problem, which makes it easier know what to pick. Too many keywords already, but the spam problem keeps happening. So I try to be very selective about what I publish. Stuff that is HEAVILY reported gets banned, so the more reporters the merrier!
Okay some more info for those making the reports. These new ones - the fake google things. No need to include the 'http://' part, or the www part, but please do include the '.' before google AND of course the '/whatever' after it.
In this case it hardly matters but in general we are trying to publish keywords that have punctuation in front of them. This greatly reduces the likelyhood of a 'false positive'. For example imagine if we banned 'uglydog.com' because it was spamming everyone. We would also ban 'mydogisanuglydog.com' even though they did not spam anyone. By including the preceding dot we make sure we only ban the bad guy. Therefore:
http://www.subdomain.badguy.tld should be reported as .badguy.tld
www.badguy.tld should be reported as .badguy.tld
http://badguy.tld should be reported as //badguy.tld[/list:u]
Or don't worry! Just click the ban symbol and be happy with whatever it reports. We'll figure it out.
14 sawatdee Mar 16, 2006 16:06
nomad wrote:
gave me over 100 spam comments in the past 8 hours - 'google.com/bb497'.
Count yourself lucky. I just woke up to 600 of these comments. This may be a stupid question, but why spam with this google link that goes nowhere?
Also, I tried banning the domain, but it is not working. Is it because this is inside the comments and not in the usual website field? I have to keep deleting manually, five at a time by searching for 'google.com/bb497' every five minutes.
15 stk Mar 16, 2006 16:44
Hey Ed ... thanks for the advice on "how to report spam" ... maybe you could make a consolidated post and make it a separate STICKY (since yer the guy looking at the stuff ... maybe you'll get less of the kind of reports you don't like and more that are useful?)
BEST WAY TO REPORT SPAM (or summat) :D
16 yabba Mar 16, 2006 16:48
In this case it hardly matters but in general we are trying to publish keywords that have punctuation in front of them. This greatly reduces the likelyhood of a 'false positive'. For example imagine if we banned 'uglydog.com' because it was spamming everyone. We would also ban 'mydogisanuglydog.com' even though they did not spam anyone. By including the preceding dot we make sure we only ban the bad guy. Therefore:
There's a problem with this (at least in 1.6) http://spammer.com doesn't get matched by reporting .spammer.com a simple solution would be for getBaseDomain() to add a preceding dot to the url it returns if it doesn't already have one.
¥
17 edb Mar 16, 2006 16:59
This thread went way off track eh?
It seems the guestaccount idea didn't work out so good, so that's a wrap.
Versions .9.1 and older do not check comment text for banned words, but beginning with version 1.6 it does. Therefore some people have had success with banning urls that show up in the comment but others won't.
I'll do up a sticky post about what good reports look like, but not for a while.
18 chetly Mar 18, 2006 22:56
I was hit by the fake google links too. My question is what do the spammers gain with the fake google link? I could imagine it is a way of attacking google or sites that were dumb enough to blacklist the google.com only part. How does it improve a ranking though?
Same question: what do they gain with fake referrer keywords (such as very scientific links such as "atmospheric absortion" etc.) from search engines? Are they trying to increase the value of a particular search in google's search value algorithm?
Stemming the tide of the googles was easy, just as suggested above. How does one stem the fake referrer reports above without killing other searches.
There is - till now - still not a possiblility to write 'draft' comments..