Comments on: SpamLookup plugin for MovableType

By: Dr Dave’s Blog » Blog Archive » WordPress Upgrade!

Dr Dave’s Blog » Blog Archive » WordPress Upgrade! — Fri, 15 Apr 2005 12:01:55 +0000

[...] simple answer as to when exactly, and the fact that I read such highly infuriating post as this in the meantime: believe me, this is by far the most reasonable [...]

By: Spam Huntress » Blog Archive » Spamlookup

Spam Huntress » Blog Archive » Spamlookup — Thu, 14 Apr 2005 22:32:15 +0000

[...] « Spam script in tailspin Spamlookup Gunters has a good writeup on Spamlookup, a plugin with impressive fe [...]

By: Gea-Suan Lin’s BLOG » WordPress ä¸Šçš„ SpamLookup

Gea-Suan Lin’s BLOG » WordPress ä¸Šçš„ SpamLookup — Tue, 12 Apr 2005 04:08:00 +0000

[...] ng, Blog, Network, Software, Spam Matt åœ¨çœ‹åˆ° MT ä¸Šçš„ SpamLookup å¾Œï¼Œæ‰“ç®—æŠŠé€™äº›åŠŸèƒ½åœ¨ä¸‹å€‹ç‰ˆæœ¬ imple [...]

By: dr Dave

dr Dave — Tue, 12 Apr 2005 02:49:11 +0000

Dougal,

All the checks listed for the SpamLookup plugin, or at least all the ones that matter, have been in Spam Karma for months and are now in an even cleaner form in Spam Karma 2. In fact, I have good reasons to think that’s where some ideas come from (which is absolutely fine by me).

With SK2, I added the possibility to easily add more filters, while leveraging the power of the ones already installed. Basically defining an extra Plugin API layer, specifically for spam… I’d recommend you give it a look and tell me what you think: http://unknowngenius.com/blog/wordpress/spam-karma/dev/

SK2 has been near plubic-beta-ready for a long while now, unfortunately the lack of a stable WP release correctly supporting plugins have made me hold on it for a while. As soon as 1.5.1 comes out (soon I hope), I’ll put the finishing touch and release it. As it is, with only about 80% of its functionalities deployed (e.g. no default blacklist), it has stopped *all* spam but two or three out of thousands, over a period of 1 month. And *zero* false positive (not a single one). Same results for all testers. I’m pretty confident there won’t be a spam problem once I’m able to release it (without having to ask people to patch their WP install first, which is a recipe for disaster).

By: Dougal

Dougal — Tue, 12 Apr 2005 02:07:35 +0000

Brad, thanks for the clarification. It’s also interesting to learn that the Trackback IP checks are effective. I did’t have any guesses as to the chance of false-positives, I just knew of a couple of different ways that they could happen. One, as you mention, is with blogging client software which is capable of sending its own trackbacks. Another would be servers with IP-based virtual hosts. The IP number used for the web server could be different from the interface address used for outgoing traffic from that same server. In that case, it might be possible to reduce false-positives by validating against just the first three octets of the address, rather than the full host IP.

By: wirjo

wirjo — Tue, 12 Apr 2005 01:41:05 +0000

I haven’t got spammed in ages - Thanks to WP-Blacklist.

By: Elliott BÃ¤ck

Elliott BÃ¤ck — Mon, 11 Apr 2005 23:36:48 +0000

Just put mismatched IPs into moderation, use a dual-layer ip filter where you check all your whitelists first, making sure that sites like blogger and typepad are on those whitelists.

By: Brad Choate

Brad Choate — Mon, 11 Apr 2005 22:13:53 +0000

While SL doesn’t have a URL-whitelist configuration, it does let you choose to allow previously used URLs through (it’s strict about this though– it must match precisely with a previous comment’s “URL” value and no other URLs can be in the comment text). But, I have reservations about whitelisting in general– even if the whitelisted data isn’t published.

One of the default IP/domain blocklist services with SL is the relatively new Blog Spam Blocklist (bsb.empty.us) by Ask BjÃ¸rn Hansen. Since it targets weblog spam in particular, I have found it to be more effective than services that are primarily for email spam.

As for the TrackBack IP check option– yes I agree, there are valid pings being sent where the IP may not match the domain IP at all. I use ecto myself and it can send pings out instead of having MT do them. So, if that is a concern, then the choice would be to install the MT-Moderate plugin that lets you moderate TrackBack pings in MT and moderate pings where the IPs differ sufficiently. The number of valid pings sent where the IPs mismatch are far, far, FAR lower than the spam pings. It’s a very effective indicator.

By: Photo Matt » Default Spam Handling

Photo Matt » Default Spam Handling — Mon, 11 Apr 2005 21:27:47 +0000

[...] osave Default Spam Handling April 11th, 2005 1:27 pm File under: Asides Dougal takes a look at built-in spam measures in WP and SpamLookup, I [...]

By: Dougal

Dougal — Mon, 11 Apr 2005 18:57:30 +0000

On my blog, the spam attempts are in a lull at the moment. But I’ve had weeks where I’ve gotten hundreds of attempts per day, and I’d say that in some spam runs, well over 50% were via open proxies.