ifuleuiycfi - I Really Admire You, Spammers
By Jian Shuo Wang on 2006-02-21 18:03 · SpamRecently, the admin tool of this site is very slow. I didn’t pay enough attention until it takes about several minutes to load a page in MovableType admin. I found out it was because of the comment spams.
The log shows I am almost 1000 junk comments every day. In the peak time (6:00 - 8:00 AM), there are more than 10 comment requests in every single minute.
MovableType have great anti-spam features. It blocked all of them, but it requires a lot of resources to handle that. The result is, the server is slower and slower. Lunarpages, the hosting company ever emailed me complaining my MT installation sometimes consumes about 40% of one CPU, out of 4 CPU they have for the server.
It seems to be a serious issue.
Changed the Script Name
I guess the spammers may try to post to the default installation of all the MT based blogs: /cgi-bin/mt/mt.cgi. I decided to change the default script name from mt-comments.cgi to something new. I choose the name of the script to a random name.
mt-comments-ifuleuiycfi.cgi
Then changed the configuration so it is now the new comment script. The name ifuleuiycfi of the scripts reads:
I Fu Le U If You Can Find It.
Fu Le means admire in Chinese
Spams Comes After Me
To be honest with you, I don’t think they will check the page for comment scripts before posting spams.
I was wrong, deadly wrong. Within one minute, a new comment spam appeared, using the new comment script. I did a rename, so the previous comment script does not exist already.
New spams keep coming. I’d like to say: “I really admire you guys, spammers”.
Since many of the URL ends with .ru, I guess it comes from Russia.
Changed to Javascript Code
The rule I set for anti-spam is, I don’t add additional work to people who comments. Quickly, I wrote a piece of code like this:
The form still direct the robots to mt-comments.cgi, which does not exist.
This time, the comment spams went away. I got only one spam in the last few days - obviously, this honest guy posted manually.
From the server log, mt-comments.cgi is really busy. A file not found error does not add as much burden to the server as a real comment.
So way to go, cheers, and jia you, those spam robots!
9 Comments
" hope I can reply "
http://www.flickr.com/photos/chedong/102558738/
这里有一个样例
answer: the water print technology.
another simply implement:
add a hidden inputbox with foo=bar in all comment box
and varify in mt-comments.cgi
i guess the spam does in this way:
1. Crawl a HTML Page
2. Find Tag and then find the action, the textbox, etc
3. Programmatically post.
So if you change the action to anything, it still works. You use some fake action in the second method so it does not work. It is hard to recognize it programmically to analyze the javascript.
Well, i hate spam
Jack, my point was, when someone still be able to post, i believe they posted mannually - at least they catch up so quickly.
Can I use this trick code in my site?
mvm, one principle is avoid adding burden to people who comment. There are too much overhead to use that kind of technology in spam protection. I am a strong believer to evaluate the conditions we are in before we take action. The condition I am in is, the spammers won't spent any second on a particular site like this.