Jul 28 2004
Distributed Comment Spam
I was lucky enough to be the target of a Distributed Comment Spam last night. I recieved over 100 very similar comment spams, all with the same email address, but all from different IP addresses. I didn’t have the time to ban all of the addresses, and I’m thinking these are just comprimised zombie systems in any case. If this happens again, I’ll take a full list of the IP addresses and post them here.
Anyone else experienced this before? And what was your solution?
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
4 Responses to “Distributed Comment Spam”
you do have mt-blacklist installed, right?
I took a swipe at mt-blacklist earlier in the year and had some problems, so I just backed out of it. I may try it again this coming weekend. I’m not convinced it would have helped with the recent spate of comment spamming.
We use this application http://www.vamsoft.com/orf/orfee_prodspec.asp
Works very well. Allows you to block an IP address range. Also has a really easy interface. Spamcop blocks a bunch. Just have to be careful of legit emails and add them to whitelist when people start complaining.
I tried to install mt-blacklist again last week and ran into a problem I couldn’t resolve. Everything appears to go into place fine, but the moment I put Blacklist.pl in the Plugins directory, rebuilds on the index pages stop working. I’m using mt-rebuild by Timothy Appnel to renew my site every hour, in order to capture the latest news feeds. Apparently there is some sort of conflict between the two.
I’ve taken several steps to fix the spam problem, or at least limit it’s impact. I’ve closed all entries older than 45 days. I’ve renamed the mt-comments.cgi script. But I don’t seem to be able to get blacklist to work. Oh well. I hope this will work well enough for now.