Blogspam == DNS Attack

I’m starting to think blogspam is the equivalent of a DNS attack. Currently, I’m effectively shut down. I cannot blog, because if I post an entry, I cannot allow feedback. My comments, if opened, will be open to predations by hundreds of blog spam comments a day. I don’t have time to sort through and delete 300+ comments a day whilst ensuring the real comments stay in and get approved.

Now, this has been going on for the past 2 months. When I turned on MoveableType’s comment approval, it significantly helped my cleanup efforts because deleting un-approved comments was much faster than rebuilding the entry they had polluted, and no negative content was posted on the front of my site.

Things got so bad, my web hosting provider, Mediatemple, called my cellphone to inform me my site was consuming a lot of bandwidth because blogspammings were hitting my mt-comments.cgi during their weekely cron-job weekend forays. I’ve been imitating the admins behavior of renaming the file to mt-comments.cgi.removed when I needed a break, and back again to enable comments.

However, after my 2nd failed attempt to install a Captcha test, the best defense against scripts since scripts can’t “see” images, I had to re-install MoveableType since my pryings into Perl foobarred something. I chose to use the MySQL option instead of the Perl flat-file database since I know MySQL a little bit, and was pleased with the enormous speed improvements in site rebuilds. However, users started reporting they couldn’t comment. Whatever flag sets how many db connections at one time was being overwhelmed by the blogspam scripts.

Now, if you haven’t successfully obtained a single blogspam comment on my site in 3 months, why would you continue? Only 1 reason: To shut me down.

You want proof of their tenacity? Check the email address of this lastest blog spam comment (I renamed my mt-comments.cgi to mt-comments.cgi.remove):

Yep, blogspam; the poor man’s DNS attack.

I can’t blog without comments because that defeats the purpose of getting feedback, positive or negative. However, I want to continue blogging, and will do so once I find a solution.

A collegue and I are creating our own blogging solution with 2 goals being the driving forces behind it:
– easy to use. installation should be painless.
– built in blogspam protection

There are more, but those are the main 2 that are extremely important to me, and seriously lacking in MoveableType. MT Blacklist doesn’t work in newer versions of MT, and installing Captcha assumes you know and can debug Perl, which I can’t. This stuff should just work.

I’m tempted to download MT 2.66 and reinstall an older version of MT-Blacklist; when they actually worked. How can people screw up software this much?

Just to counter, unless you can provide me with a solution that does the following, I’m continuing on my own endeavor like Oscar Trelles, and building my own:
– allows comments anonymously
– supports blacklisting of urls
– supports captcha tests or other means of script prevention
– generates static content that is easily indexed by search engines
– is free, including the server-side portion that powers it

My apologies to those who have commented in the past 2 weeks only to end up with error pages. I’m defeated, for now. JesterXL always wins the game, and I’ll take this round as a defeat knowing I’ll dominate the next one. I realize I’m merely feeding the spammer by acknowledging his victory, but as a man of honor, I understand the game, and give credit were credit is due. Dude, this is war!

*** Update: I was told to go here, but my reservations are it is pretty much the same process that the Captcha test wants you to do with the same risk I’ll screw something up. Going to try to ease the pain…