And another thing… about SPAM

The nice folks at Movable Type have put together an excelent reference for fighting SPAM in MT weblog comments. The document is both informational, and instructive. They explain in plain terms how SPAMMERs operate and get around some things we try to do. It’s understandable these days when systems adminstrators get frustrated and just want to take the most drastic actions possible; it’s just not always a good thing. MT acknowledges this and fights against the urge by giving pros and cons of various methods in a balanced way.
And most importantly they provide specific advice wiuth regard to MT Blogs and comments. I had not followed all the advice, but now I have. The number of SPAM went from about 50 yesterday morning to only 3 this morning.
Movable Type Publishing Platform: Guide for Fighting Comment Spam
In the words of Gomer Pyle: “Thank you thank you thank you!
I would like to add one related note to the discussion. Something I noticed the other day that I needed to fix in a hurry before I got Google Dorked. (More on Google hacking and Google Dorks in a future post.)
Many web statistics programs track referers. Referers are explained in the MT article. As I read this section I remembered that I had recently noticed some SPAM urls in my referers reports. I wondered about this at the time, but moved on.
Now as I was reading the article, it occurs to me, that this reference in my statistics may be another side effect they are hopeing to gain. If I understand it correctly, there is a class of SPAMMER that merely wants the links to appear on a web page, so they can gain ranking in search engines. They never expect anyone to click the link off my blog or yours. They just want their site to rank well.
So back to the statistics page. I wondered about this, and sure enough as I watched connections come into the server ( tail -f /var/log/httpd/access-log ) each time before a comment spam from this one source came in, it would hit the page it was commenting on. (And so getting double refer hits I might add.)
If Google got a hold of my statistics page, and saw that link, the SPAMMER would have scored their goal, and my stats page would be helping them. I put a stop to that.
Recommended additional step to fighting SPAM
Remove public access to your web stats, or at least block Google from indexing them. Most web hosts will allow you to password protect a directory. This is probably the most direct way to resolve the issue. Don’t let anyone who doesn’t have a reason to see those stats.
If you need to allow public access, at least hide the directory from Google. Use a robots.txt file to keep respectful Spiders out of your web site, and dont make links to your stats pages.

Comments are closed, but trackbacks and pingbacks are open.