Tracking Blog Spam

Bill McGonigle — Fri, 30 Mar 2007 03:19:00 -0400

My blog is getting killed with spam, greater than 300 per day. Does anybody know how to implement CAPTCHA in typo? Or make Akismet do a better job of ranking?

In the meantime I’ve taken to blocking IP addresses. Here’s a handy little script I worked up (regex from the Perl regex FAQ) to take a block of arbitrary text (copy ‘n paste from my typo admin console’s log of comments) and spit back iptables blockrules for any IP addresses found in the text:

#!/usr/bin/perl -w
use strict;
use warnings FATAL=>'all';

my (@addresses);
while (<>) {
    my $str = $_;
    if ($str =~ /\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}/)
    {  #{1,3} says find at least 1 and no more than 3 of \d.
        # we must escape the dots . which are normally wild cards
        # to make them match dots.
        # you might have notice already that $& contains the last match
        my $remoteHost = $&;
        push(@addresses,$remoteHost);
    }
}

foreach my $address (@addresses) {
    if ($address ne '127.0.0.1') {
        print "-A RH-Lokkit-0-50-INPUT -s $address -j DROP\n";
    }
}

Now, this isn’t the best strategy as of 789 spams, there were 189 unique hosts, so it’s more distributed than I’d like. Perhaps it’s a start, though.

Update: I installed Typo 4.1 which has a feature called ‘Enable Spam Protection’, which looks at blacklists.

The BFC Computing Weblog: Tracking Blog Spam

Tracking Blog Spam