First comment attack
DMZ · September 23, 2004 at 10:14 am · Filed Under Site information
First comment spam attack on the site began this morning, advertising Party Poker Online. Thanks, Party Poker, your outstanding business practices have ensured I will never use your service and will actively encourage others to do likewise.
Bans are in place, you shouldn’t notice anything.
Comments
22 Responses to “First comment attack”
The vast majority of those online poker casinos are all one company. Most of them – including Party Poker – operate from servers on the Kanewake reserve outside Montréal. So, if you’re boycotting Party Poker you should probably do the same to Empire Poker, Poker Room, and the others.
Just as a point of information.
When I’m made dictator, spammers and people who reply to spam, whether in comments, email, or whatever, will be shot. We have plenty of people on the planet even without those morons.
Um, today’s post doesn’t count, does it? Because I’m allergic to bullets.
Derek, if you want to be proactive in beating spam before more get to you, you might want to checkout the blacklist below (it is actually for a Movable Type plugin, but you should be able to build a good blacklist out of it):
http://www.jayallen.org/comment_spam/blacklist.txt
Actually, you can rig WordPress to run off the blacklist that Jay Allen puts up.
http://www.jayallen.org/comment_spam/2004/04/blacklist_for_wordpress_users
http://wordpress.org/support/10/1988
Those Party Poker moruns were spamming my site 40-50 times a day, but MT-Blacklist blocked them at the perimeter.
Without getting too specifically into what I’m doing on the backend, I’m all over that, and it got through.
Interestingly, they’re trying to essentially inject comments directly without following links to posts. It’s a weird sort of brute-force attack I haven’t seen before.
Coincidentally, spam mail and advertisements were a crucial part of my plan for fighting the War on Terror.
Don’t know if it’s the right solution for this site (or even how feasable it would be), but I like IMDB.com’s posting delay timer feature. Basically, you have to wait two minutes between posts. Wouldn’t stop everybody, but it would make it easier to catch people before they do too much damage.
How about making folks register before commenting? Does your blog software support it? A uid and password would go a long way in getting rid of comment spammers.
I don’t like the UID/password requirement. For whatever reason, sites that require them get less celebrity participation…like Raul Ibanez’ insight today into his own dropoff in power…that would be a shame.
who the hell is DMZ?
DMZ is around the 38th parallel in North/South Korea.
You might want to consider catchpa or something else that presents a little authentication code that spambots can’t read. I don’t know if wordpress supports it, but it worked for me when I got my first celebrity poker spam and it’s worked for other people I know as well.
Nooo captcha.
Those things are getting so ridiculously distorted that I don’t get them right half the time.
Blacklists and minimum wait times between posts (ideally you don’t give a quick reject, you hold onto the connection for a while. Screws up the spammers), plus a little human intervention here and there.
If they’re doing a direct-inject, change the name of the PHP file that processes comments (and alter the PHP so it’s calling the new file). A lot of the spamhouses depend on standard names to propigate their cra^H^H^Hstuff.
I use MT BLacklist on my blog and it works wonders. Highly recommended.
Nice. In the UK Party Poker actually advertise heavily around the MLB coverage on a cable/satellite channel.
Not for blog stuff, but just for everybody… check out AdWare (you can download if from download.com) if you’re having problems with random popups. I used the google toolbar for quite a while to block popups, but recently that became ineffective. Tried AdWare, which a friend recommended, and it works awesome. Free download, too.
Using a browser that isn’t IE is the best way to fight pop-ups, frankly. I haven’t seen a pop-up in months.
My WordPress blog got the same attack from the poker folks. I made the appropriate changes to the site to block them. I think DMZ’s already figured out what to do, but just in case you have any questions, feel free to email.
As somebody familiar. Odds are very unlikely it’s Party themselves, but rather somebody who is an “affiliate” through party (i.e., gets a % of anybody who signs up through them). So A- if you’re blocking Party itself, it won’t work and B- it’s probably not Party doing it.
Ack- that should read “as somebody familiar with online gaming”.
I wanna know why this site gets spammed, and mine, actually about poker, doen’t. Oh wait… actual readers…
B David — Well, first, there’s no referer id or weird URL tracking in the comment spam, so there’s no way for them to get paid as you’d suggest. They must be being paid to generate traffic, and Party Poker has to be responsible for that, in the same way Netflix should be held accountable for their long period of tolerance of spamming on their behalf by “affiliates”.