Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SpamAssassin>
  3. users
OT: blog/forum spamming
matt at nightrealms
Mar 9, 2004, 9:49 AM
Post #1 of 4 (319 views)
Permalink
LiveJournal, a combination of blog (web log) and web forum, has recently
gotten spammers, who leave comments saying "Take a look at this link". The
LiveJournal admins have anticipated this, and just recently put into play
some anti-spam techniques:

* Anonymous posters are only allowed a small number of posts per time unit per
IP address before they have to prove that they're human through captchas
(see http://www.captcha.net/). Registered accounts are allowed a higher
rate of posting before they have to prove their human.

* When journal owners delete a comment from their journal, they now have the
option to mark the comment as spam. Comments so marked can be reviewed by
humans, who will delete the posting account if it really was spam.

* If someone posts a burst of comments to many different journals, as opposed
to the same journal (where a burst of comments would just be someone
participating in a discussion), this will be brought to the attention of
humans, who can determine if it's spam, and delete the responsible accounts
of it is spam.

See

* http://www.livejournal.com/community/lj_biz/219024.html
* http://www.livejournal.com/community/lj_biz/219332.html

--
Give a man a match, and he'll be warm for a minute, but set him on
fire, and he'll be warm for the rest of his life.

Advanced SPAM filtering software: http://spamassassin.org
Re: OT: blog/forum spamming [ In reply to ]
matt at nightrealms
Mar 9, 2004, 12:33 PM
Post #2 of 4 (315 views)
Permalink
On Wednesday 10 March 2004 03:13 am, Bob George wrote:
> Matthew Cline wrote:

> >* Anonymous posters are only allowed a small number of posts per time unit
> > per IP address before they have to prove that they're human through
> > captchas (see http://www.captcha.net/). Registered accounts are allowed
> > a higher rate of posting before they have to prove their human.

> I'm on another list, frequented by a variety of users of older systems.
> One such user is blind, and has frequently lamented about the lack of
> usability imposed by such schemes. Section 508 for government agencies
> in the US and other similar policy require(s|d) that such mechanisms
> make adequate accomodation.

There's the option to listen to a garbled audio recording, and type up what it
says. Of course, that still leaves users who are blind *and* deaf out to
dry, but nothing perfect.

> >* When journal owners delete a comment from their journal, they now have
> > the option to mark the comment as spam. Comments so marked can be
> > reviewed by humans, who will delete the posting account if it really was
> > spam.

> Are the journal owners not human?

Yes, but they journal owners might be mistaken, or might maliciously mark
non-spam as spam in an effort to get someone else kicked off.

> Spammers seem to thrive (under whatever rocks they live under) by
> pumping out volume. It sounds to me like it would be better to
> block/verify on sign-up -- even if verifying "human-ness" -- to avoid
> automated blast tools.

This is already done, but once you sing up, you can automatically put
comments/posts in journal/communities.

> I'm not sure if you're looking for suggestions, or making them!

Just making note of how spam is being fought in a different medium than email.

--
Give a man a match, and he'll be warm for a minute, but set him on
fire, and he'll be warm for the rest of his life.

Advanced SPAM filtering software: http://spamassassin.org
Re: OT: blog/forum spamming [ In reply to ]
mailings02 at ttlexceeded
Mar 9, 2004, 8:13 PM
Post #3 of 4 (319 views)
Permalink
Matthew Cline wrote:

>LiveJournal, a combination of blog (web log) and web forum, has recently
>gotten spammers, who leave comments saying "Take a look at this link". The
>LiveJournal admins have anticipated this, and just recently put into play
>some anti-spam techniques:
>
>* Anonymous posters are only allowed a small number of posts per time unit per
> IP address before they have to prove that they're human through captchas
> (see http://www.captcha.net/). Registered accounts are allowed a higher
> rate of posting before they have to prove their human.
>
>
I'm on another list, frequented by a variety of users of older systems.
One such user is blind, and has frequently lamented about the lack of
usability imposed by such schemes. Section 508 for government agencies
in the US and other similar policy require(s|d) that such mechanisms
make adequate accomodation.

>* When journal owners delete a comment from their journal, they now have the
> option to mark the comment as spam. Comments so marked can be reviewed by
> humans, who will delete the posting account if it really was spam.
>
>
Are the journal owners not human?

>* If someone posts a burst of comments to many different journals, as opposed
> to the same journal (where a burst of comments would just be someone
> participating in a discussion), this will be brought to the attention of
> humans, who can determine if it's spam, and delete the responsible accounts
> of it is spam.
>
>
This sounds very labor intensive on a busy system!

>See
>
>* http://www.livejournal.com/community/lj_biz/219024.html
>* http://www.livejournal.com/community/lj_biz/219332.html
>
>
Sounds almost like... nah. :)

Spammers seem to thrive (under whatever rocks they live under) by
pumping out volume. It sounds to me like it would be better to
block/verify on sign-up -- even if verifying "human-ness" -- to avoid
automated blast tools. After all, a spammer will have no qualms about
posting ONE message to a bunch of lists, then leaving.

If nothing else, at least most mailing lists require a verified sender
address. Not perfect (and not foolproof) and perhaps not as open as many
would like.

I'm not sure if you're looking for suggestions, or making them!

- Bob
Re: OT: blog/forum spamming [ In reply to ]
jon at tgpsolutions
Mar 10, 2004, 12:14 AM
Post #4 of 4 (321 views)
Permalink
On Tue, 2004-03-09 at 11:33, Matthew Cline wrote:
> On Wednesday 10 March 2004 03:13 am, Bob George wrote:
> > Matthew Cline wrote:
>
> > >* Anonymous posters are only allowed a small number of posts per time unit
> > > per IP address before they have to prove that they're human through
> > > captchas (see http://www.captcha.net/). Registered accounts are allowed
> > > a higher rate of posting before they have to prove their human.
>
> > I'm on another list, frequented by a variety of users of older systems.
> > One such user is blind, and has frequently lamented about the lack of
> > usability imposed by such schemes. Section 508 for government agencies
> > in the US and other similar policy require(s|d) that such mechanisms
> > make adequate accomodation.
>
> There's the option to listen to a garbled audio recording, and type up what it
> says. Of course, that still leaves users who are blind *and* deaf out to
> dry, but nothing perfect.

Actually, I've heard stories of spammers breaking captchas by setting up
fake free-access porn sites. To sign up for an account, you have to
pass a captcha - which the spammer sets up to link to the one they're
trying to break. So even Turing tests can be bypassed. (as if spammers
hijacking machines with viruses isn't enough... thev've come up with
ways to hijack the users themselves)

- Jon

--
jon@tgpsolutions.com

Administrator, tgpsolutions
http://www.tgpsolutions.com

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal