Speaking of Attacks

Jan 30, 2004

Warning: Lots of geekiness below. Hold on to your hats, or fedoras, if you have them.

This week my blog came under attack and it was a nasty one. The attack was spam related which is no surprise; my blog is frequently home to comments featuring diatribes of penis size and mortgage purchases. What was a surprise was the scale of the attack. This wasn’t just one comment about love in all the hard places. It was more than 150 of them.

In fact, it was one comment for every single blog entry on the site. It wasn’t creative but it definitely was a pain in my ass. The most scraping hemorrhoid was that Movable Type, my blog tool of choice, has no efficient interface for deleting multiple comments across blog entries. I’d have to do this one by one. It could take a while — a long while.

I turned to a friend for assistance while I downloaded the newest version of Movable Type. See, Movable Type isn’t blind to the problem and I’m not the first person to be annoyed. The kind folks who write MT are working on the problem. They are just a little behind the spammers at this point.

One useful weapon already included with MT is IP blocking. Basically, I can stop someone from a specific IP address from posting comments. I’ve already added the IP address of my aggressor. This, however, is far from comprehesive. IP addresses are often handed out dynamically. That is, you get a new one every time you hop onto the internet. Worse, some spammers are already working around this, manually switching IP addresses every time they add another advertisement-laced comment. It’s really only one way to slow down the flood.

Mt-Blacklist is another weapon in the fight and was a lifesaver in light of my problems. It checks each comment in your blog against a large set of expressions that are normally included in spam. From my tests, it seems to do a good job. Even better, it provides an interface to delete the guilty parties all at once. One click and my trash went away. In the future, a tool like this or a bayesian equivalent will almost be required to keep the mosquito-like spammers away.

I’m not as excited about a coming feature of Movable Type that would surely deal with the problem of spam much more efficiently: comment registration. The basic idea is that a blog author could force commenters to register with their site, providing a user name and password of some sort. This provides the ability to screen prospective commenters and provides an extra barrier to the scripts that take advantage of blogging’s open architecture. What doesn’t thrill me is that barriers are placed not just between myself and the spammers; they are placed between my blog and any potential reader with something to say. I get few enough comments as it is. Add a registration progress and my site statistics may be the only way I can tell that anyone at all is even stopping by (you can never be sure that anyone actually reads anything).

It is nice, however, to see the MT’s authors attempting to tackle the problem. In the coming years, the problem of spam must be addressed directly by the tool, not just by an optional plug-in.

Speaking of attacks, I’ve acquired an almost flu like symtom in the last week in the form of a tiny penguin. I’ve suddenly acquired the Linux bug. This isn’t the first time. This seems to happen in regular intervals of about 6 to 9 months. I wake up one day and have a strong desire to acquire the latest distribution. There no warning and, generally, no real reason behind my want. My inner geek must supply my computer with an entirely new system of operation.

So I installed the newest version of Fedora this week. That install was fairly painless but things didn’t work on my first, or second, attempt. I first thought I’d try out Suse Linux. A friend of mine seemed to like it and I’m always up for a new flavor of lollipop – God knows there are nearly the same number of flavors of Linux. It wasn’t happening. Suse doesn’t want to hand you the keys. They want you to download them during installation. This, in my mind, is fine. Every distribution involves some amount of downloading. What isn’t fine is when the base install can’t seem to find the proper drivers for my network card. The math was simple: No network card == no operating system.

My next attempt involved Mandrake 9.2. This would be an upgrade for my second computer. Again, I ran into troubles and, again, it was hardware related. Mandrake 8.0 didn’t like my Logitech MouseMan+. Neither did its younger brother. Some not-so-quality time with XFree86Config convinced me to go another direction.

So, Fedora, Red Hat’s free little cousin is now safely installed. I have to say I’m impressed. Linux makes neat leaps and bounds every time I spend my time away from it. Driver support improves and every new version sports a fancy feature, or fancy widget, I’m glad to see included. It’s almost like watching someone you know lose weight. If you saw them every day, you’d hardly notice. Introduce time and distance and the changes are readily apparent. I now have a new sandbox and I must play.

And play I have. Between the time it took to secure my blog and my new operating system installations, I’ve spent a lot of time in front of the computer fiddling with switches. That’s not surprising in my household but it’s certainly different than doing something more my style, like playing Diablo II.

by | Categories: technology |

Share with others

No Responses so far | Have Your Say!

Leave a Feedback

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>