November 25, 2002
MT 2.6 Feature suggestion: Collaborative spam-blocking

There's this whole thing about blog comment-spammers running from one blog to the next today. Nasty.

Feature suggestion for MT 2.6: Collaborative comment spam filtering on IP level: Any time a legitimate MT user blocks an IP address for commenting, a ping could be sent to movabletype.com (similar to what happens when donors ping today). Legitimacy could be checked e.g. by making it a feature only available for donors? Once 3 or more MT users has reported an IP address for spamming, the IP address could be added (permanently or say for 6-12 months) to a collaborative comment spam-block list that MT users could download regularly (or even through a nice MT feature any time a comment is posted, the site is re-generated or similar; possibly with a 1 hour minimum interval?)

Any takers for this idea?

Sponsored links
Related Entries
Comments

I'd be concerned about some bloggers blocking IPs of users they simply don't like rather than blocking legitimate cases of spam or harassment. Plonking someone for having a different opinion does unfortunately happen and if, in your example, three or more people don't like what John Doe has to say, he'd be easily added to the banned list by way of pinging a central archive. Pinging might exclude such people if enough people ganged up on a few particular IPs... I'd hate to see that happen in the blogging community.

It's a good idea, and I like it, but I'd prefer a way to double-check the list.

Posted by: Mariann on November 25, 2002 09:07 PM

A very valid point, Mariann, and the reason why I said "3 or more" above...

1) Blocking could/should be made optional, with the default option = "off"
2) Bloggers could set their own "threshold" - i.e. I could elect only to block IP addresses blocked by n others, e.g. ten or more should I choose to be conservative?
3) I'd like to see it semi-automated so that if someone had been harrassing n blogs, this IP would be blocked automagically by my blog, even if I am on holidays that day/week/whatever... (hence the idea of checking for new IPs any time a new comment is posted, with minimum n hours intervals (to ease server loads)) speed is of the essence to stop an attack in progress
4) a manual option could be introduced; blockers could add optional information when blocking an IP, other MT users could review comments before accepting to block certain IPs
5) funky/overkill option: you could have a list of other bloggers you trust and always accept their blocks? (e.g. "always trust blocks from anyone in my blogroll" etc)

Variations on the theme are definitely possible; a solution that combines ease of use with not-too-complex implementation while efficiently stopping attacks in progress should be possible...?

Another random observation: Spammers on dial-ups will be slower, but have the possibilty to switch IP addresses more easily. Something to take into account when finding default values for n (blogs) and n (hours refresh time)

Posted by: andersja on November 25, 2002 09:27 PM

Another solution would be to report all comments to a central server together with the originating IP and run an algoritm like razor and as soon as there's 3 identical posts the IP should be added to a blacklist. The blacklist could be made available through DNS (like the RBL's used for spamfiltering). If MT supported RBL-like lists for blacklisting we could deny all access from open proxies (which I expect most spammers use).

Posted by: Jan Chrillesen on November 25, 2002 10:54 PM

Or how about a neat alternative feature: search-and-destroy comments by IP? That way, when an idiot spammer floods a site's comment system with prolific spam, the site admin can rip it out with one click (or two, so as to avoid patent infringement.)

Posted by: Mike on November 26, 2002 02:16 AM

That's a nice idea too, Mike! (and a lot easier to implement than my suggestions above I think)

Posted by: andersja on November 26, 2002 11:47 AM

Given the fact that the majority of Internet users don't have a static IP, I think that targeting the IP addresses of spammers would create more hassles than it'd solve.

In a worst-case (but not all that unlikely) scenario, this sort of system would block a IP address of a dialup or DSL user of a prominent ISP (like Earthlink), and then when a new person got that address the next day or next week, his or her comments would be sadly blocked from many folks' blogs.

And -- dare I ask this -- is blogspam really that much of an issue? Okay, I'll admit, it's a high-traffic day on my humble little blog when I get even more than 2 comments in total, but so far, I've not had a single spammy comment left on my blog.

Maybe it's only an issue for more highly-visible / popular blogs?

Posted by: Adam on February 20, 2003 11:43 AM
Post a comment
Name:


Email:
(Will not be displayed if you enter a website below. Otherwise, it will be displayed "spam protected")


Website:
(if you have one)


What do you want to say?
(please don't bother posting "spam" (pornography, viagra-sales etc - I will delete such comments anyway))


Remember info?



Referrers to this page
TrackBack URL for this entry:
http://www.jacobsen.no/cgi-sys/cgiwrap/anders/MT/mt-tb.cgi/355
khakipants: MT 2.6 Feature suggestion: Automatic Classification (November 26, 2002 04:37 PM)
"Based on andersja's blog I began thinking about my article classification strategy. I currently pick a primary category and if"
Legends of the Sun Pig: Bayesian filter for blog comments (September 29, 2003 01:41 PM)
"

I don't get much comments spam myself right now (maybe a message a week or so), but the problem is definitely getting

"

24587 visits (1 today, 4 this week)

© Anders Jacobsen
[weblog / photography]