Comment Spammers

Posted on by 16 Comments ↓

I am hopping mad. Some scumbag has been spamming my comments all morning long. I have about 5 IP addresses captured by Movable Type, and I browsed to http://thatIPaddress for each of them , and each of them had websites. But, of course, these IPs could be forged, so I have no idea if any of them were actually the culprits.

What are some actions I can take to investigate , report, and get these scumbags kicked off of their systems? What can I find out about them? Aside from IP addresses, I have an email thatkeeps posting these , and the website at the domain from which these emails come is an obvious scumbag spamming site (an online drugs/prescription site)

16 Replies to “Comment Spammers”

  1. Chris Capoccia

    They are using FloodMT…. It’s a group of mean-spirited, anti-Movable Type hackers that go by the nicks of wrt, rkz, lysol and desi.  One of these buggers wrote an article, Why your Movable Type blog must die for Kuro5hin and somehow got it up to the front page.  At least lysol is from the old GNAA trolling association.

    I got bombed by them last month.  Their bots commented so frequently that my webhost disabled my site because of the load on perl from mt-comments.cgi.

    One thing you can do is report the incident to the Internet Fraud Complaint Center.  It’s a joint venture between the FBI and the National White Collar Crime Center.

    Another thing you can do is do a whois request on the IP addresses (a site like SamSpade can help).  This should give you the ISP abuse contact information.  You can then file a complaint with them.  Most likely, each of those IPs is for a compromised machine.  I think these buggers are smarter than to use their own machine’s IP address and risk losing their internet connection.

  2. Chris Capoccia

    Another Idea:

    I re-read your post and realized that maybe you were talking about individual spam comments and not a massive flood of comments.  Here are some suggestions to deal with this problem.

    Any ’blog is vulnerable to comment spam.  An advertizer will post an advertizement instead of a useful comment.  Movable Type has a vulnerability that allows this process to be automated.  A spammer does not have to use your website’s HTML form to post a comment.

    There are many MT plugins that are available to combat this problem.

    • MT Blacklist is available from Jay Allen.  You can also read more information from his Comment Spam Clearinghouse
    • MT Bayesian by James Seng.  Bayesian filtering is a better method than blacklists, but it requires a lot of training to be effective.  So this method is not very useful for ’blogs with less than 500 spam comments and 500 good comments.  James has future plans to ship this plugin pre-trained, but he has not doen this yet.
    • MT Captcha by James Seng.  It works by adding an image with a number in it.  This number must be typed in before a comment will be accepted.  It is supposed to verify that a human is entering the comment and not a bot.  But there are some rumors of circumvention.  The Palo Alto Research Center has a CAPTCHA page that gives some definition and explores its limits of effectiveness with improving OCR.
  3. Chris Capoccia

    Don’t click that FloodMT link unless you want a nasty pr0n surprise.  The site owners are using mod_rewrite to redirect people with your referrer to another site with something like this in their .htaccess file:

    RewriteCond %{HTTP_REFERER} ^http://*theoblogical.org* [NC]
RewriteRule .* http://some-nasty-url [L]

    Dale, maybe you should edit my first post to remove that link.  if people really want to know what it said, they can search google for “FloodMT” and use their cache.

  9. Professional Web design and Graphic design

    Menexis.com is a professional web design and consulting company for businesses, schools, churches, non-profits, and individuals. We provide full internet services to clients who are serious about having a successful online presence. Our services includes but are not limited to: graphic design, logo and corporate identity, internet marketing/SEO, 3D animation , illustration, consultation, web hosting, album cover, prints, interactive CDs and DVDs, flash, database programming, posters, flyers and much more. Strategic thinking, and aesthetic presentation is what we are about–welcome to menexis.com.

  10. Professional Web design and Graphic design

    Menexis.com is a professional web design and consulting company for businesses, schools, churches, non-profits, and individuals. We provide full internet services to clients who are serious about having a successful online presence. Our services includes but are not limited to: graphic design, logo and corporate identity, internet marketing/SEO, 3D animation , illustration, consultation, web hosting, album cover, prints, interactive CDs and DVDs, flash, database programming, posters, flyers and much more. Strategic thinking, and aesthetic presentation is what we are about–welcome to menexis.com.

Leave a Reply