January 25, 2004


It’s almost funny, in a wierd twisted sort of way…

Recently the comment spam problem for MovableType users escelated when some script kiddies released an automated comment spammer. The site hails it as:

“the first integrated solution for testing Movable Type blogs for working anti-spamming features”

Six-Apart, the team behind MT released a modification to enable comment throttling–limit the number of comments allowed to be posted in any given period of time–which Jacques Distler improved upon with a further patch which enabled even tighter controls on commenting including IP banning based on comment frequency – they have all been installed here as well.

It seems now however that the poor loser is mad at Jacques for linking to the FloodMT web site. In the comments to Jacques post, One Down a “DV” complained that Jacques was linking to the site and threatened to redirect all visitors refered from Musings to “Goatse” or “Tubgirl” – the two most popular of a slew of disgusting/shocking images out there on the net.

So to spread the fun a little bit once again here is the crapflooders website, or at least the “tool” that he uses: FloodMT

If you are running MT and allow commenting or trackback pings I suggest very highly upgrading to MT 2.661, then applying the patches provided by Jacques to further tighten comment throttling and – to combat the latest annoyance, trackback spamming – trackback throttling.

If you’re a programmer also, you might want to keep an eye on the latest developments at FloodMT to keep abreast of their latest developments to stay, if not a step ahead, then at least only a half step behind their developments.

Edit: 23:55
More of the background from this spate of crapflooding and the history of Dv along with FloodMT and FloodMT.perl (along with a server that seems to be having uptime issues) is available on Phil Ringalda’s site in the post and comments for Throttling Down and Confidential to my crapflooder. Phil is how I found the music of Kris Delmhorst, which I have really been enjoying, so a big thanks for that one Phil.
Damn, now I’m 36.

Posted by Eric at January 25, 2004 01:22 AM | TrackBack
Comments & Trackbacks

Sure, Eric.

Send me the logs and I’ll add them to my collection.

They no longer bother trying to attack my site.

Posted by: Jacques Distler on January 25, 2004 08:51 AM | Reply to this

Re: Crapflooded...

So they have released a new script, and it seems they aren’t too happy about what I think of them. Or maybe it’s just that their server can’t hang with the visits it’s getting. (Seems it’s dropped out of the DNS system — had to relink to their actual IP now, and the redirect they have in place is taken care of — for now at least.)

They decided to leave me as the default site for attacks in their script. Except for any issues with MT rebuilding, it shouldn’t be a major problem. We’ll see.

Posted by: eric on January 28, 2004 03:57 PM | Reply to this