[drupal-devel] Dealing with spam (was rel=nofollow)

mike at fuckingbrit.com mike at fuckingbrit.com
Fri Jan 21 11:04:59 UTC 2005


>All that is good, but introduces another problem:
>If a spammer knows a filter or a subset of it, it is trivial to write
>a generator for spam based on the filter.

All that is being shared with the MT blacklist and the custom filters is
regexes for domains.

Spammers are spamming to promote web sites that sell something/make them
money. Yes, they can alias a million domains to one site, so blocking one,
and telling them how we block it means they move on to another. Sub-domains
are free.

But if they keep changing the url they are spamming, it screws their
chances of getting a good google rating for it. They are then competing
against every surviving post for their old domain. And their competitors.
And legitimate sites of interest...

If we use a /closed/ domain regex blacklist, then when they swap url each
web of trust has to update individualy, and as pointed out, spammers will
get onto lots of webs of trust. They'll blacklist their competitors (which
actualy works to our advantage ;-)) to boost their chances of success. And
work round the filters. If each WOT has to update itself on it's own, it'll
take longer to cleanse the net of a new spam url.

With a public system like the MT blacklist, one webmaster notices, updates
his core site (if it's drupal powered that pushes out to all sites under
his control, plus the sites of his friends and colleagues, which push out
to...) and notifies the master list. Other sites read the updates regularly
and then blacklist it themselves. It's a fast way of rushing a block to
everywhere.

Speed is the key with this, not privacy.

If spammers learn that when they spam a new url, a baysian filter will pick
up their spam message, generate a regex, notify a core, which will notify
all other sites, which will then block it for the future, and remove it in
the past... then url spamming this kind will eventualy die.

Pipe dream? Yes, it's a war and the spammers are as resourceful and
organised as the CMS/Blog engine developers. They'll find a new way to
spam. But with a bit of luck, it won't involve comment/http-referer attacks.

Cheers,

Mike

--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .





More information about the drupal-devel mailing list