MT comment throttling circumvented

I've been hit yesterday by a comment-spammer who used a new tactic, at least new to me. 14 comment-spams were posted in 8 minutes using 12 different IP addresses assigned in 6 countries (US, Spain, Japan, Korea, Malaysia, China.) Clearly this defeats the comment throttling feature of Movable Type, since it relies only on the spammer using the same IP for subsequent comments. It also further confirms that screening spammers via IP addresses is not a viable method.

While I cannot and don't want to elaborate on that, there is one glimpse of hope that the upcoming MT 3 will reduce the annoyance from those villains (and, no, I'm not talking about TypeKey since it seems potentially useless as an anti-spam tool.)

I still don't understand why spammers continue to pollute weblogs that use the latest version of MT, since their links will have zero influence on their position in search engines and that people are unlikely to click on links from comments as stupid as "cool article!!!". Either they're stupid, or there is still something they can benefit from in doing that, which I'm missing. Any idea?

9 Comments

Well, the comments still have a link to a page that presents a "Click me" to their site, so... I guess it can still be marginally useful to their PageRank, can't it?

As I already commented elsewhere, I hate that redirect thing. I'd rather they had used Javascript to put in the URLs, for instance, or offered an option to disable URLs altogether.
When comment authors have unoriginal names (e.g., sign with their first name only), it's a common reflex to get the mouse pointer over the link and look at the URL in order to know who this is. I hope the redirection disappears with MT3.

> I guess it can still be marginally useful to their PageRank, can't it?

No, apparently the redirection that MT uses does not transfer any PageRank to the destination page. That's precisely what, I think, is key to stop comment spam. Let me insist on that leaving a link in a comment on this site will NOT improve your PageRank (unless I decide to hard code the link myself).

> When comment authors have unoriginal names (e.g., sign with their first name only)

Oops, may be I'll have to revisit my policy of not using my nickname on my own weblog ;-)

> it's a common reflex to get the mouse pointer over the link and look at the URL in order to know who this is.

I fully agree with you. It's the most annoying thing about this method. I'd love to have a feature that would remove the redirection in a single click when I know the commenter can be trusted (a moderation option of some sort).

> I hope the redirection disappears with MT3.

I'm afraid you'll be disappointed on this specific point.

"apparently the redirection that MT uses does not transfer any PageRank to the destination page"

Oh, right, the robots.txt file. I keep forgetting that.

Mmh, I don't think it has something to do with the robots.txt file, rather that it's a pretty unusual trick that Google algorithm does not consider as a redirection (Google is able to follow redirections only up to a certain limit).

It's not a real redirection: it's a page with some Javascript code and a "Click here" link JS-impaired browsers.
So, if the cgi-bin directory wasn't excluded by robots.txt, I'm pretty sure Google would open the redirection page and follow the "Click here" link.

> So, if the cgi-bin directory wasn't excluded by robots.txt, I'm pretty sure Google would open the redirection page and follow the "Click here" link.

No, because the header of that page has the following meta tag, which Google does honor (don't index, don't follow links):

And luckily so, as someone pointed on Simon Willison's site that Google does not honor the robots.txt file for redirects!

Both Yahoo and Google are working on following Javascript links: Yahoo I saw the job advertisement, Google I saw a Google employee saying they were. Odds are, PageRank (to the extent it's still useful) will follow. Even if it doesn't, it's still cheaper to spam you without looking at whether you redirect than it is to look and only spam unredirected blogs, just like it's cheaper to spam me with offers to enlarge my parts no matter what my gender (or to spam me at all, even though I make it fairly easy to determine it's unwelcome) than to only spam the few people who are so obviously stupid that they might respond to spam, and tailor the spam to a body part they possess.

The redirect thing only stops spam if every single blog with comments does it. They will not, so it will not work. You can feel happier about not transfering PR before you delete a comment, but it will not ever *stop* spam comments.

Using anonymous proxies to get around the IP throttle/ban isn't at all new, though I'm happy for you that you haven't faced it before. It was old long before MT 2.66 came out. The IP throttle wasn't a good idea, just the best that they could manage to do at the time. Stopping a few from the very stupidest spammers is slightly better than stopping none.

Hi Phil, it makes sense, and doesn't make me any more optimistic.

It might be easier to fix the ozone hole problem than to get rid of this particular pollution.

Thanks.

mensuelles Archives

Recent Entries

  • Steve Jobs

    "Remembering that I’ll be dead soon is the most important tool I’ve ever encountered to help me make the big choices in life. Because...

  • Your privacy on MOTOBLUR by Motorola

    After the Nokia Ovi Store carelessness, it's now Motorola who's allowing strangers to get access to your private information on their MOTOBLUR portal. Exactly like...

  • How to resume a broken ADC download

    (I'm documenting this trick for myself to remember, but it can be useful for others…) Apple, on its Apple Developer Connection site, has a bad...

  • WTF is this ‘myEventWatcherDiv’ doing in my web?

    All of a sudden I started to find the following line in most of the web pages I was browsing, including ones I made where...

  • Your privacy on Nokia Ovi Store

    My friend Adam Greenfield recently complained about the over-engineering culture at Nokia: I was given an NFC phone, and told to tap it against the...