Back to previous post: More porn spam

Go to Making Light's front page.

Forward to next post: Fallen

Subscribe (via RSS) to this post's comment thread. (What does this mean? Here's a quick introduction.)

October 13, 2003

“—but that would be wrong (click!)
Posted by Teresa at 12:07 AM *

In the comment thread of the previous post about comment spammers, Mean Dean says:

Sometimes I wish I weren’t so straight-laced. Otherwise I might consider a solution I learned on slashdot recently.
The slashdot discussion in question is interspersed with remarks like “But that would be wrong,” and “BTW, responsible people do not do: …” [followed bya line of code, then] “And very responsible people don’t even think about raising that 100 in an order of magnitude.” Furthermore:
You may also not want to recommend people use a web server benchmarking tool (such as Apache Benchmark, which comes on Mac OS X and most Linux distros, probably available for Windows): ab -c 60 -n 50000 http://www.thebulkclub.com/benefits.asp Running this will send 60 requests at a time for 50000 times. Since the benchmarking tool is used for testing the performance of web servers, it really taxes them. Doing this can really slow down a web server, so I wouldn’t recommend doing it. I also wouldn’t recommend making either of those numbers larger.
I myself am protected from this near occasion of sin by being unable to make out what they’re saying; but I doubt that what they’re doing would grieve me even a little bit.

Comments on "--but that would be wrong (click!)":
#1 ::: Claude Muncey ::: (view all by) ::: October 13, 2003, 12:50 AM:

Ah, but as you know already, Teresa, this is not objectively sinful -- what would matter is the intent with which the act is carried out. If you were to use one of the methods on slashdot with the sole intent of exhausting their monthly bandwith quota in 3.5 seconds and reducing their server to glowing slag, well that would be wrong.

But if you concluded sincerely that, due to this persons obvious ignorance of Internet ethics that thier web server must also be badly tuned, it would be an act of charity to carry out careful and scientific stress testing. Once that was completed, it would be perfectly appropriate to communicate the results by email, phone or both, as often as necessary to make sure the message gets through.

All in a spirit of helpfulness, of course.

(He walks off muttering, "I'll go to confesssion . . . afterwards . . .")

#2 ::: Claude Muncey ::: (view all by) ::: October 13, 2003, 12:53 AM:

General discussion question (for those better familiar with this): Which circle of Hell would Dante have placed the perpetrator of this particular outrage?

#3 ::: Claude Muncey ::: (view all by) ::: October 13, 2003, 12:55 AM:

Oh, damm, it is late. Into which circle of Hell would Dante have placed the perpetrator of this particular outrage?

#4 ::: Bruce Baugh ::: (view all by) ::: October 13, 2003, 01:11 AM:

I think it would be fine for doing by anyone prepared to give up condemning vigilante justice on any point of principle. "But we're right" is one of those things seldom susceptible to proof - though I'd withdraw the objection in the face of a URL where I could order a Truthometer or Rectitudoscope. (And given the link fu around here, I can't be too confident someone won't...)

#5 ::: John M. Ford ::: (view all by) ::: October 13, 2003, 01:57 AM:

Claude -- a couple infernal schemes come to mind:

1. The perpetrator is immured face-upward at the threshhold of the demons' break-room, so that every time one of the staff goes for a Twinkie and a double latte with cheap bourbon, he steps thereupon.

2. The perpetrator is placed at the bottom of a slope down which tumble an unending sheet of [insert nasty object, and be creative]. For defense he is given a very small fireplace shovel and a whiskbroom.

3. The perpetrator is constantly subjected to a constant flow of -- oh, come now, you can be meaner than that -- which can be paused for a few seconds by locating a particular line in a large message base and entering it (manually -- cutting and pasting are two circles upstairs). Naturally, there is, shall we say, other traffic on the system.

I know, not very imaginative, but this is only my part-time job.

#6 ::: wink ::: (view all by) ::: October 13, 2003, 02:10 AM:

Erik Olson's method of renaming mt-comments.cgi sounds good (as detailed in teh comments of the previous post), but if you are worried about breaking links, and if you are adventurous in changing your MT templates, there are more advanced methods for you to try.

For example...http://weblog.burningbird.net/fires/000638.htm.

(I've seen other methods too. There are a variety of ways to fool the bots.)

As far as I can tell, methods like this should work far better than the blacklists until the bots get considerably more sophisticated.

I haven't tried it on my blog yet, but then the need on my end has not been nearly so dire.

#7 ::: Michael Heraghty ::: (view all by) ::: October 13, 2003, 08:49 AM:

Thanks for your vigilant tracking of this issue. I notice that the Lolita bot's target sites are now showing up highly in aggregators such as Popdex (groan).

I've been advocating a visual authentication feature for comments, like the one used by PayPal for example. What do others think of this idea?

#8 ::: Stephanie ::: (view all by) ::: October 13, 2003, 09:23 AM:

If by "visual authentication feature" you mean one of those images with slightly jumbled numbers that you have to type in order to post, you'd be putting up a roadblock for the visually impaired.

#9 ::: Mean Dean ::: (view all by) ::: October 13, 2003, 09:32 AM:

First, let me apologize for leaving a similar message so many times on your blog. Cheeze-wiz, the day we all get hammered with comment spam, I decide to get excessive. Massive mea culprits.

On a technical note, and this is not to temp anyone, what they are doing is similar to someone in the Windows world installing wGet ( http://www.gnu.org/software/wget/wget.html ) ... or even the GNU Utilities for Win32 ( http://unxutils.sourceforge.net/ ) which includes wGet ... then writing a simple MS-DOS/Batch routine that would run something like ...

top:
wget -r -nd --cache=on/off --cookies=off --proxy=on/off --delete-after --user-agent=SPAMNOMORE http://
goto top

And then everyone running multiple instances of this on the same day at the same time. Which has the sum effect of being a distributed denial of service attack ... something that is illegal, which is why I am tempted, but would never do this.

#10 ::: James D. Macdonald ::: (view all by) ::: October 13, 2003, 10:19 AM:

What do others think of this idea?

I think we're fighting a rear-guard action. I think we're going to lose.

It's been nice seeing you all.

#11 ::: Mean Dean ::: (view all by) ::: October 13, 2003, 11:03 AM:

James, you may be right ...

... and I also noticed a coupla syntax errors in my example:

wget -r -nd --cache=off --cookies=off --proxy=off --delete-after --user-agent=BYTEME http://<SPAMURL>

As for me ... I'm resisting this tempation, and am instead implementing a solution based upon that suggested in an earlier comment at ... http://weblog.burningbird.net/fires/000638.htm

I'm adding a few tags and hacked my .../mt/lib/MT/Apps/comments.pm to keep a simple list of domains posting ... more than "x" amount in "n" minutes will block the post ... and I'm debating the automagic update of my .htaccess file.

All stuff I'll probably toss in favor of Jay Allen's eventual approach.

Though expect me to post an article on my own blog next week on the simple use of regular expressions to block blog posts that include 'certain words and key phrases.'

#12 ::: colin roald ::: (view all by) ::: October 13, 2003, 11:18 AM:

James D. Macdonald:
I think we're fighting a rear-guard action. I think we're going to lose.

I think it's possible that a sufficiently-sophisticated bot could succeed in working almost any anonymous locking scheme we can come up with. But I think we can make 'sufficiently-sophisticated' a very high, almost-AI bar without too much difficulty. (Consider a comment form that requires the answer to a trivia question: "What is the title of Teresa's essay collection?" This could easily be different for every blog. It doesn't have to change per page load -- it only has to be different for different blogs.) And we can write better admin tools that allows one-click mass-delete-and-ban actions easily enough, too. The question then become one of motivation: how much is it really worth to a spammer to abuse MT comments? There are other ways to bomb google.

If it's still really worth it, we shift to comment systems that strip out any URLs and/or label the content "this is an anonymous comment" so google can ignore it. Or we go to non-anonymous comments.

#13 ::: colin roald ::: (view all by) ::: October 13, 2003, 11:21 AM:

Consider a comment form that requires the answer to a trivia question: "What is the title of Teresa's essay collection?"

Make that, "What is the title of Teresa's essay collection? The answer is on the main page."

#14 ::: Mac Thomason ::: (view all by) ::: October 13, 2003, 12:31 PM:

I get up this morning and check, I've got at least 50-60 of them. Oddly, I didn't get "Lolita" but did get "Preteen" and "Underage". I hate people sometimes.

#15 ::: James D. Macdonald ::: (view all by) ::: October 13, 2003, 12:35 PM:

If you want proof of the doctrine of Original Sin, I suspect that spam and viruses come close.

#16 ::: Claude Muncey ::: (view all by) ::: October 13, 2003, 04:43 PM:

John:

Nice start. Remind me to be a much better boy if you get hired to create punishments full time . . .

James:

Don't give up yet. This kind of behavior largely killed off the USENET culture, which seems to have moved in part to blogs. But it did not kill of maillists, and has not killed email, though a lot of damage is being caused. The culture that built USENET (and I remember it well) did not choose to build safeguards into the technology for a variety of reasons -- most of them very good reasons. Safeguards that reduce the profitability of such activities are quite possible, if there is the will to create them, and the proper parties are willing to do something this time.

#17 ::: James D. Macdonald ::: (view all by) ::: October 13, 2003, 04:56 PM:

The spammers have far more time, more equipment, more money, more motivation, and more patience than any of us.

The Balkanization of the Net will continue.

Before long friendly strangers will no longer be welcome at our campfires.

#18 ::: Anne ::: (view all by) ::: October 13, 2003, 05:13 PM:

James, that's true. On the other hand, we can always require formal introductions.

#19 ::: Erik V. Olson ::: (view all by) ::: October 13, 2003, 05:28 PM:

Jim, you seem to be implying that the net was an open common at one time that worked.

It never was. When the net was young, it wasn't an ungoverned anarchist paradise. It was ruled by oligarchs.

The rule was simple. Screw around, get caught, get banned. It worked when the net was young, because all the oligarchs -- the sysadmins and site admins -- knew each other. You pulled something like this on my site, I called your sysadmin, and you were off the net before I finshed the call.

It was that simple. It was the commericalization of the net -- and the consequent dilution of the near autocratic authority that the BOFHs had, that led to this. It worked when there were a hundred or so sysadmins, now that there are millions, it doesn't. The net eventually became an open commons -- and just like every other commons, it was trashed.

The early net seemed anarchistic -- but there were very clearly defined rules, and the punishment was swift and sure. Now, there may be rules, but there's no punishment for violating them.

And the litter only gets deeper, and the waters more dank. It will get worse. I doubt it'll get better afterwards.

#20 ::: Teresa Nielsen Hayden ::: (view all by) ::: October 13, 2003, 07:48 PM:

Claude, I think spammers would have to be fairly far down. Theft is their least sin, and fraud the next most serious. There should be an additional charge for oppressing those least able to fight back; i.e., non-techies, people with narrow bandwidth and high connection charges, et cetera. However, I think the main charge on which they get nailed ois something like "making money by taking advantage of, lessening, and impeding trust and communication" -- call it informational usura. It's a sin against human ties, and may qualify as a variety of betrayal. I'd guess they wind up in some diverticulum of Malebolge.

It amuses me to imagine that they're given dim vision but acute hearing, and are isolated and tormented by a constant cacophony of meaningless noise poured into their ears.

On the other hand, there's Mike Ford's idea of having them immured face-up on the threshold of the demons' break room, so that all the back-and-forth traffic treads on their faces. I like that one.

Michael Heraghty, I like visual authentication, but aside from the focal-length problems of middle age, I have very good vision. I don't know how burdensome it is for people who don't have good vision. I know it's going to nail people who use text-based browsers.

Any authentication system's going to be hard on someone.

Wink, thanks for the suggestion. I've posted it up front.

Mean Dean, please don't apologize. This has been a spell of bad weather for everyone, especially for all the webloggers who aren't technically sophisticated, and patches, fixes, and suggestions are much appreciated.

Jim, I know we're fighting a rearguard action, but we're not dead yet, and they haven't won yet. This weekend has raised my appreciation of people like you, Erik, Jade, and all the other Rangers who help maintain the peaceful life of the Shire.

And I have to disagree with your perception that "Before long friendly strangers will no longer be welcome at our campfires." I have no trouble with friendly strangers. I know them by ear before I know them by name. It's not that they'll be unwelcome; it's that they'll be unable to get past the barriers we erect to keep out malfeasants.

Colin, there are people out there who feel a strong commitment to maintaining anonymous comments, as a mechanism for letting things get said without fear of retribution. They're a bit more idealistic about that than I am. I don't see microweenie freepers having any trouble getting themselves Hotmail or Yahoo nonce-accounts when they want to misbehave anonymously.

Mac Thomason, this morning I didn't have any new Lolita or Preteen or Underage spams. Neither did Patrick. Looks like our IP banning held this time. What address did they use to hit you with the Underage spams?

Jim: Original sin. Spam and viruses. Check.

Some years back I got to hear a Tappan King theory about how human fallibility (or whatever phrase he used in place of "original sin") can be seen whenever someone in an office brings in their own carton of milk for their coffee, and leaves it in the fridge. The milk goes away. People who might feel guilty about taking the whole carton of milk don't feel nearly as guilty about taking some of the milk for their coffee.

Erik, I wasn't on usenet back in the really strict days, but when I did get on there were still some remnants of the old order, and it was easy to infer how the earlier system had worked.

I doubt Jim ever thought it was an ungoverned open common. He may not be a BOFH, but he's been a sysop for a long time, and has seen this and that bit of the world.

I am as you know me, and I'd never believe in an ungoverned open common. If everyone on the planet miraculously decided to never again use force against their fellow beings, we'd all have a lovely week. The real trouble would start on the following Monday, when surveyors and a bulldozer showed up in a popular picnic area in your city park, and started building a large private home with walled and gated grounds.

Common sense, nonviolent resistance, and encouraging good community values are all very good things, but as everyday regulatory mechanisms they leave a lot to be desired. What I want are more powerful and discriminating tools for blocking out the bad guys, and faster and easier ways to delete their spam.

This is reminding me of the graffiti discussion. I'll applaud when someone comes in and creates lively, original, appealing art in a formerly dull space -- say, the truly weird series of reviews of a "Family Circle" collection that got posted to Amazon some years back. But these guys that're mindlessly scrawling tags all over everything have got to go.

#21 ::: Samuel Kleiner ::: (view all by) ::: October 13, 2003, 08:37 PM:

>Michael Heraghty, I like visual authentication, but aside
>from the focal-length problems of middle age, I have very
>good vision. I don't know how burdensome it is for people
>who don't have good vision. I know it's going to nail
>people who use text-based browsers.

Ascii art visual authentication. You render an image to ascii art using aalib, with a slight random offset.

#22 ::: James D. Macdonald ::: (view all by) ::: October 13, 2003, 08:51 PM:

And I have to disagree with your perception that "Before long friendly strangers will no longer be welcome at our campfires." I have no trouble with friendly strangers. I know them by ear before I know them by name. It's not that they'll be unwelcome; it's that they'll be unable to get past the barriers we erect to keep out malfeasants.

When friendly strangers from IP addresses 209.210.176.64-255 come by, they won't be able to post.

This is because we shoot at noises in the dark beyond the campfire on the grounds that the noises could be a dumptruck backing up to slide thirty cubic yards of turds onto us. We do this because the last ninty-nine times it _was_ a dumptruck.

The walls go up, we huddle closer.

#23 ::: Mitch Wagner ::: (view all by) ::: October 13, 2003, 09:01 PM:

James D. Macdonald - "If you want proof of the doctrine of Original Sin, I suspect that spam and viruses come close."

I think you're serious about this, and I think you're right.

What REALLY makes me angry about spam in general, and blog-comments spam in particular, is that it's so PETTY.

I mean, I accept I live in a world where genocide and famine exist, where our leaders are corruptible, where we have to lock our doors and women and children can't walk the streets at night safely. I hate it, but I accept it.

But spam is a new low. I mean, can't we even be allowed to set up a web page and post our thoughts to it, and have a few of our friends respond? Does EVERYTHING have to turn to piss?

A year or two ago, I thought it would be neat to distribute my individual weblog entries by e-mail. There wasn't much interest in it, and it was more work than I cared to invest, so I stopped the mailings -- but I kept the list live, and kept the three or four subscribers signed up, in case I thought of some way to make it work. (Yes, three or four subscribers - I told you there wasn't much interest.)

But I couldn't keep the list alive for long; the spammers started sending spam out to this harmless little list, so I eventually just shut it down.

May their testicles be covered with boils.

#24 ::: colin roald ::: (view all by) ::: October 13, 2003, 09:59 PM:

Teresa writes: Colin, there are people out there who feel a strong commitment to maintaining anonymous comments, as a mechanism for letting things get said without fear of retribution. They're a bit more idealistic about that than I am. I don't see microweenie freepers having any trouble getting themselves Hotmail or Yahoo nonce-accounts when they want to misbehave anonymously.

I'm not sure whether the point I was trying to make got across or not. In case it wasn't clear, I also think anonymous comments are a valuable thing that it would be unfortunate to lose. But if it came to a trade-off, there is big anti-spam artillery available when we start talking about poster authentication. It could go a lot farther than the mere "prove you have a working email address" authentication most commercial sites are satisfied with. The site admin can personally approve registrations, if he or she wants, or systems like LiveJournal can be set up where an existing member would have to vouch for a new one. There are many options -- the point is, we have much much more control over the rules of how and when we accept comment submissions than a mail transport agent has for e-mail.

Though the real solution may be in fact to enlist the aid of Google to take away the comment-spammer's incentive. It would be trivial to add anonymous-comment markers to a blog template, which Google could easily parse and make use of. And hey, if commment-spamming won't change your Google rank, why bother?

#25 ::: James D. Macdonald ::: (view all by) ::: October 13, 2003, 10:06 PM:

So... who's going to contact Google? Tonight wouldn't be too early.

#26 ::: --kip ::: (view all by) ::: October 13, 2003, 11:13 PM:

Justice, of a sort:

"Lolita's" website is down. A dozen noxious toadstools have erupted, I'm sure, in the time it took to type this up--but at least this particular toadstool was ground into an icky paste.

#27 ::: Avram ::: (view all by) ::: October 14, 2003, 12:06 AM:

I'd guess they wind up in some diverticulum of Malebolge.

I was thinking about this a few weeks back, idly knocking around story ideas for office meetings in Minos's Hall of Judgment, considering an argument the administrators of the various circles could have over who gets spammers.

I figured they might be grafters (Cirlce 8, Bolgia 5), or thieves for stealing bandwidth (Cir. 8, Bol. 7), or counterfeiters for forging headers (Cir. 8, Bol. 10), or they could wind up among the prodigal in Circle 4.

#28 ::: colin roald ::: (view all by) ::: October 14, 2003, 12:22 AM:

James D. Macdonald: So... who's going to contact Google?

Does anyone know anyone who works there? I suppose I can volunteer.

#29 ::: David Goldfarb ::: (view all by) ::: October 14, 2003, 05:04 AM:

Tom Galloway works for Google, doesn't he? I'm also acquainted with a fellow (through board-game playing) that I know works there. Surely there must be people reading here with even closer links.

#30 ::: Jean Lansford ::: (view all by) ::: October 14, 2003, 08:18 AM:

Michael Heraghty - One benefit of the Popdex ranking is that people who want to investigate this don't have to chase the spam through the blogs. Some of the bloggers hit had said the spammer was promoting kiddie porn, which would have gotten Florida's cyber-crime people involved.

After seeing the site before it went down, the verdict was "they look legal to me." I'm waiting to hear where the line between "annoying but legal" and "should be investigated" is for public advertising.

#31 ::: Mac Thomason ::: (view all by) ::: October 14, 2003, 11:07 AM:

The only IPs I noticed were 62.42.228. and 209.210.176. They were probably already there Sunday, I just hadn't done any checking that day. That's probably why he attacked on the weekend, hoping people wouldn't notice until Monday when it was too late.

#32 ::: colin roald ::: (view all by) ::: October 14, 2003, 03:17 PM:

I've sent this letter to suggestions@google.com:

http://www.gungeralv.org/notes/archives/000561.php

If anybody knows anybody at Google, please feel free to pass the letter along and/or let me know, so I can.

#33 ::: Skwid ::: (view all by) ::: October 14, 2003, 03:18 PM:

Slashdot now has a thread on the topic, but it doesn't seem to be attracting too much interest.

#34 ::: Nancy Lebovitz ::: (view all by) ::: October 17, 2003, 07:53 AM:

In re despairing of the human race: I am disgusted and horrified by the amount of damage spam causes, but I keep hearing that the vast majority of spam is done by less than two hundred people.

That's two hundred out of six billion, many of whom have sufficient knowledge to be spammers and more of whom are broke. It's a very bad thing that we even have two hundred such, but it's not a reflection on people generally.

#35 ::: Paula Lieberman ::: (view all by) ::: October 21, 2003, 01:31 AM:

"The culture that built USENET (and I remember it well) did not choose to build safeguards into the technology for a variety of reasons -- most of them very good reasons. Safeguards that reduce the profitability of such activities are quite possible, if there is the will to create them, and the proper parties are willing to do something this time."

The Internet is an escaped networking experiment/testbed. TCP/IP was an interesting experiment, those protocols were never designed for "robust" "endurant" "secure" etc. etc. etc. infrastructure communications. And everything built ontop of that structure, inherits the shortcomings of its underpinnings. I worked with networks what -were- designed to provide secure messaging with checking for message validity and error deterction and correction and security built in from the lowest level of the protocol stack. But that's not what spawned the Internet, it's rather like amoeboid scunge, and sometimes it turns into slime molds.... it wasn't designed with any provisions for -commercial- applications or dealing with capitalist greed, fraud, spoofing, and intentional malice.

#36 ::: Julia Jones spots still more comment spam ::: (view all by) ::: July 28, 2004, 10:18 AM:

Persistent, aren't they?

Choose:
Smaller type (our default)
Larger type
Even larger type, with serifs

Dire legal notice
Making Light copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 by Patrick & Teresa Nielsen Hayden. All rights reserved.