« Via PhiNews | Main | Horsebreeders are nuts (slight return) »
May 20, 2005
Comment Spam
This weblog was started on the 5th March 2005, and today it received its first ever piece of comment spam. For the blissfully ignorant, just as email spam is unwelcome email, in practice often designed to get you to buy pharmaceuticals, loans, software or perhaps take part in intriguing African business adventures, so spam comments are unwelcome comments on weblogs, in practice often including links to other sites promoting porn, gambling, pharmaceuticals or credit.
Today I had just a single piece of comment spam, though other bloggers report getting hundreds per hour. Perhaps the spammers were testing the blog for susceptibility to more serious attacks. Thanks to warnings from from fellow bloggers (especially Greg Restall and Matt Carter) this blog is not especially susceptible. Among other measures, I have been running MT Blacklist for several months now, and moderate all comments from unregistered users.
Yet it is also reasonable to believe that until now this blog has benefited from "security through obscurity" - languageandlogic.net was relatively new and so the spammers simply didn't know that it existed. Sometimes I have heard people say that security though obscurity is not really security at all. I suppose they are thinking that instead of taking exciting and (possibly expensive) measures to foil security-enemies, security through obscurity is merely a matter of lying low and hoping for the best. But it seems to me that obscurity can be very effective. In fact, isn't that how passwords work? (Not every security measure works through obscurity though, e.g. guards, walls, alarms, (maybe the kind of dna identification one sees in Gattica?)) And the mere fact that no-one knows what security systems one has in place (at, say, a bank, or an ancient tomb of interest to the likes of Lara Croft or Indiana Jones) can be very effective at keeping something secure. Of course, if you are in charge of security at a bank, you probably don't want that to be your only security measure...
Posted by logican at May 20, 2005 10:53 PM
Trackback Pings
The trackback address for this entry is:
http://www.logicandlanguage.net/trakbak.cgi/65
Comments
The really insidious thing about comment spam is that they want to use your google rank to raise their own by linking to themself. So blocking links in comments has a tendency to stop some amount of it.
I've gotten some amount of comment spam, but it might be through links from cardinalcollective.com, which is the non-philosophical blog I (jointly) run on the same host. Fortunately, once something is blacklisted from one blog it's also blacklisted on the other. Cardinal Collective gets tons of spam though. We moderate comments on posts older than 5 days (I think), which catches most of it immediately. But it's still annoying when I go to check my e-mail and have 50 comment spams sitting there.
Posted by: Kenny Easwaran at May 21, 2005 05:30 AM
I close comments on old entries (using this plug-in). That stops a lot of comment spam; and I think it may make the blog less attractive as a target. In any case, I don't get attacked that often anymore--it's been a while since I've had an attack that MT-blacklist couldn't despam in a couple minutes.
It's a bit sad that people can't comment on old posts but no one ever showed any inclination to, anyway. That's the flipside of security through obscurity....
Posted by: Matt Weiner at May 21, 2005 01:40 PM
If you want to hurt the value to spammers of getting links in comments, just add the nofollow tag to all href anchors in comments (I can explain what this means if it's gibberish, but would prefer to do by email). IIRC, Richard Zach said something about a weblog feature that also killed the value of links.
It's better to have links, if you can, since they increase the utility of comments.
Posted by: Charles Stewart at May 27, 2005 10:48 AM