Comment spam on TypePad
Upon reading up on comment spam (and actually getting a few myself), I had an idea for SixApart.
We can block IP addresses from posting comments in TypePad’s admin interface, and for all spam comments I have received, that’s what I have done. Now since TypePad is centralized, in theory, Anil or another SixAparter could write some code that finds common blocked IP addresses. For example, if 20% of TypePad users with > 100 comments have blocked 66.154.0.40, it gets added to a system wide blacklist. Participation should be opt-in, and maybe have a daily email summary of blocked comments.
Obviously the 20% and 100 comment numbers are just placeholders. The reason to only include users with a certain level of comments is that those users are going to be A) more likely to block spam comments and B) more likely to even get said comments.
Thoughts?
I love this idea, since it puts a wider set of eyes on the spam, and lets the community report things. Most blacklist services (not Jay’s, since he just made that a community reporting thing) rely on one person judging whether or not something is spam and they sometimes make mistakes. Certainly the central, shared nature of the Typepad community could weed out spammer IPs rather quickly.
(btw, I got the same online casino spam from that IP this morning on pvrblog)
Kinda like converting comment spam into email spam (the daily email idea).
Matt:
You have better connections than I do. I’d love to see this idea move forward :). I’m sure you know the parties involved.
That casino spam almost slipped through me because its email got tagged as spam, so I never saw it. I just saw it in the admin and thought it looked fishy. Jackasses.
Dowingba:
The daily email would just to make sure that it’s only blocking spam. Akin to counter reports from SiteMeter or sales reports from a credit card gateway.
To lessen the bad effects of IP banning (i.e. the next guy who gets that dynamic Ip is banned even though he didn’t spam), every IP address on the combined blacklist should have a time-to-live. Probably about 24 hours shoudl be good…
I’d be happy to help SixApart implement something, but they don’t seem to be answering email.
Good idea Jay–that would really help cut out the false positive. The best way to be heard these days is through http referrals. Getting through with email is hard, because most people are drowning in it.
So blog it, and get your friends to blog it.
I think the striking thing with blog spam is that there aren’t that many people doing it. I’d guess < 1000. The ads all seem very similar, and often times you'll see the same copy in multiple places. Moreso, it's done by hand. All three of those make it easier to stop.
Unfortunately, my research into the latest wave of comment spam suggests that the spammers are using known open proxies.
In effect, they have disposable IP addresses, so banning them means nothing unless we first add known open proxies to the ban list.
My blog is receiving a slow but steady stream of pornographic comment spam routed through a narrow range of Russian IP addresses — perhaps one of the open proxies that Mike is talking about. The spam is manageable now, but for how long? The problem is bound to escalate dramatically, as it has with e-mail.
IP addresses within a range are often dynamic, of course, and some Russians are legitimate users, but almost no one from Russia (or China) is going to be interested in my blog, and I feel I should be entitled to ban ranges of IP addresses, or open proxies, from my blog if I wish. I am disappointed that TypePad is not giving us this simple option.
Personally, I am not interested in a time-to-live limit on open proxies and irresponsibly administered IP ranges. Legitimate users within those ranges can either surf elsewhere, or move to an ISP with strictly enforced measures against spammers.
Another problem with trying to use IP blocking is that, even if the spammer isn’t using an anonymous proxy, the average user doesn’t have a static IP address. So you may end up blocking comments from non-spammers who have been assigned the same IP as the spammer had on a different day. This is especially true with some of the big ISP’s like AOL.
When are you planning to release a first implementation. SPAM is getting out of control?
Comment spam on TypePad
Here’s a splendid idea from Jon Gale to deal with comment spam among TypePad users….