| « prev next » | ||
Recently, the admin tool of this site is very slow. I didn't pay enough attention until it takes about several minutes to load a page in MovableType admin. I found out it was because of the comment spams.
The log shows I am almost 1000 junk comments every day. In the peak time (6:00 - 8:00 AM), there are more than 10 comment requests in every single minute.
MovableType have great anti-spam features. It blocked all of them, but it requires a lot of resources to handle that. The result is, the server is slower and slower. Lunarpages, the hosting company ever emailed me complaining my MT installation sometimes consumes about 40% of one CPU, out of 4 CPU they have for the server.
It seems to be a serious issue.
Changed the Script Name
I guess the spammers may try to post to the default installation of all the MT based blogs: /cgi-bin/mt/mt.cgi. I decided to change the default script name from mt-comments.cgi to something new. I choose the name of the script to a random name.
mt-comments-ifuleuiycfi.cgi
I Fu Le U If You Can Find It.
Fu Le means admire in Chinese
Spams Comes After Me
To be honest with you, I don't think they will check the page for comment scripts before posting spams.
I was wrong, deadly wrong. Within one minute, a new comment spam appeared, using the new comment script. I did a rename, so the previous comment script does not exist already.
New spams keep coming. I'd like to say: "I really admire you guys, spammers".
Since many of the URL ends with .ru, I guess it comes from Russia.
Changed to Javascript Code
The rule I set for anti-spam is, I don't add additional work to people who comments. Quickly, I wrote a piece of code like this:
<form method="post" action="http://home.wangjianshuo.com/cgi-bin/mt/mt-comments.cgi" name="comments_form" onsubmit="if (this.bakecookie.checked) rememberMe(this); s1='http://home.wangjia'; s2='nshuo.com/cgi-bin/mt/mt-'; s3='comments-ifuleuiycfi.cgi'; this.action = s1+s2+s3;">
The form still direct the robots to mt-comments.cgi, which does not exist.
This time, the comment spams went away. I got only one spam in the last few days - obviously, this honest guy posted manually.
From the server log, mt-comments.cgi is really busy. A file not found error does not add as much burden to the server as a real comment.
So way to go, cheers, and jia you, those spam robots!
Posted by Jian Shuo Wang at February 21, 2006 6:03 PM
Copyright: You are free to redistribute this work, as long as you keep this disclaimer
and this link: http://home.wangjianshuo.com/archives/20060221_ifuleuiycfi_i_really_admire_you_spammers.htm
" hope I can rely " -->
" hope I can reply "
really nice code, the rule is: spammer spam on the common things, they don't waste time to dick further on one special site.
学习qq 增加中文水印
http://www.flickr.com/photos/chedong/102558738/
这里有一个样例
answer: the water print technology.
another simply implement:
add a hidden inputbox with foo=bar in all comment box
and varify in mt-comments.cgi
well, i do not think the guy does it manually.
i guess the spam does in this way:
1. Crawl a HTML Page
2. Find Tag and then find the action, the textbox, etc
3. Programmatically post.
So if you change the action to anything, it still works. You use some fake action in the second method so it does not work. It is hard to recognize it programmically to analyze the javascript.
Well, i hate spam
Posted by: Jack (external link) on February 21, 2006 8:51 PMChedong, I have that in the script, but the guy quickly get all the hidden value and start to post. I would say, they are really smart on this part.
Jack, my point was, when someone still be able to post, i believe they posted mannually - at least they catch up so quickly.
Posted by: Jian Shuo Wang (external link) on February 21, 2006 10:28 PMHi,
Can I use this trick code in my site?
We might need to consider HIP (Human Interaction Proof), the pictures with blured/twisted/dotted text.
Posted by: mvm on February 22, 2006 12:06 PMXinquan, of cause. It is just a simple trick and not protected by any law. :-) just remember to change it to your URL otherwise, it will all come to my site.
mvm, one principle is avoid adding burden to people who comment. There are too much overhead to use that kind of technology in spam protection. I am a strong believer to evaluate the conditions we are in before we take action. The condition I am in is, the spammers won't spent any second on a particular site like this.
Posted by: Jian Shuo Wang (external link) on February 22, 2006 2:07 PMMy blog had also been spamed by those ads, but I'm using drupal without any anti-spam features, it took me more than an hour to delete all spammed comment. :(
Posted by: bugs on February 24, 2006 3:24 AM