Wednesday, March 21

Blog

Die, Spammer Bastids!

Got my first piece of spam since I moved across to mee.nu.  Took a look at the automated spam filter, and the cupboard was bare.

Minx uses two spam filters: A conventional URL/IP filter fed from a honeypot system, and the statistical system called Snark that I wrote late in 2005 to deal with trackback spam at munu.  Snark worked really well, getting rid of 99.8% of trackback spam with almost no false positives, until I accidentally clobbered its data files during the DDoS attacks.  New Snark uses MySQL, of course, making it less likely for me to accidentally clobber it.

Unfortunately, (a) the honeypot isn't catching any flies and (b) one spam isn't enough to feed a statistical anti-spam engine.

I think, first, I need to fix the honeypot, and second, I need to fix the comment moderation screen.  A Pixy's work is never done.  Particularly when said Pixy embarks on major web development projects...

Posted by: Pixy Misa at 06:22 PM | Comments (10) | Add Comment | Trackbacks (Suck)
Post contains 159 words, total size 1 kb.

1

S*P*A*M is only POPULAR in Hawaii.  On the shelves, its a fairly decent (if oh-so-ordinary) product.  In a blog-site its a pain in the kiester!  Good work Pixy.  I'm waiting with bated breath!

Gads, I love playing with the comment thingy!!!

Posted by: GM Roper at Thursday, March 22 2007 09:38 AM (S60yG)

2 That looked like an explosion at the font factory.

Posted by: Steven Den Beste at Thursday, March 22 2007 10:31 AM (+rSRq)

3 Yeah, sometimes he goes a little overboard with the editor. smile

Meanwhile, I've fixed the comment moderation screen, and put up the mee.nu smilies server.  Still not sure what happened to the honeypot.

Posted by: Pixy Misa at Thursday, March 22 2007 11:03 AM (PiXy!)

4 One other thing you can do is to create a field near "Name" which must be left empty for the post to work and obscure it with a CSS trick. For the benefit of those with obsolete browsers, add an explanation elsewhere. You can also blacklist those who enter something into the empty field.

Posted by: Pete Zaitcev at Thursday, March 22 2007 07:00 PM (9imyF)

5 Cough cough check the page source cough... wink

Posted by: Pixy Misa at Thursday, March 22 2007 07:24 PM (PiXy!)

6 I finally gave up and used JavaScript to rewrite the comment-submission URL after the page finishes loading. If someone tries to use the URL that's embedded in the HTML, my log-scanner blocks their IP address at the firewall. -j

Posted by: J Greely at Thursday, March 22 2007 07:43 PM (9Nz6c)

7 Only problem with that is users who have Javascript disabled.

I'm expecting to use a combination of honeypot tricks (honeypot sites, hidden fields, URL rewriting) along with statistical analysis (the advantage of running hundreds or thousands of blogs on a common database is that you can see trends much more easily).

Posted by: Pixy Misa at Thursday, March 22 2007 09:57 PM (PiXy!)

8

"Yeah, sometimes he goes a little overboard with the editor."

Not always!!!   Harrumph!

 

Posted by: GM Roper at Thursday, March 22 2007 11:00 PM (S60yG)

9 The latest spam to get through your shields landed on a post about spam. I think my irony meter is smoking.

Posted by: Steven Den Beste at Friday, March 23 2007 06:46 PM (+rSRq)

10 Not being html, php, java, or otherwise web proficient (I know enough to get myself into trouble :-) )  I bow to you Pixy for undertaking  this incredible job.  Whew! 

I just spent over 3 hours today working with someone to update 1 single, poorly written, web page... sheesh!  It's a group I belong to, and I had suggested that we get a pro to redo the page - I'm getting static from IDIOTS who won't lift a finger, about spending money for nothing.  ARG!!! 

So once again I say - All Hail Pixy!  You're doing one hell of a job!

Posted by: Teresa at Friday, March 23 2007 07:49 PM (gsbs5)

Hide Comments | Add Comment

Comments are disabled. Post is locked.
49kb generated in CPU 0.0152, elapsed 0.0999 seconds.
56 queries taking 0.0896 seconds, 349 records returned.
Powered by Minx 1.1.6c-pink.