About Duffbert...

Duffbert's Random Musings is a blog where I talk about whatever happens to be running through my head at any given moment... I'm Thomas Duff, and you can find out more about me here...

Email Me!

Search This Site!

Custom Search

I'm published!

Co-author of the book IBM Lotus Sametime 8 Essentials: A User's Guide

Purchase on Amazon

Co-author of the book IBM Sametime 8.5.2 Administration Guide

Purchase on Amazon


Visitor Count...

View My Stats

« Sharing in the ProjectLounge | Main| Maybe Ballmer's the best thing to happen to IBM and Lotus... »

Another blog comment spam band-aid attempt...

Category Blogging
Since I don't have enough time right now to code some solution that addresses the root problem, I have another band-aid attempt for the symptom.  In the "Kill Orphaned Spam Comments" agent, there's a loop that I modified to do double-duty.  Right now it just removes comments that aren't tied to any particular story.  Now it also checks for a common string that's being used in all the entries.  Here's the code change:

        Do While Not(doc Is Nothing)
                If doc.GetItemValue("Form")(0) = "StoryResponse" Then
                        If doc.HasItem("$REF") = False Then
                                Set deldoc = doc
                        End If
                End If
                'Kill off some blog spam...
                If Instr(1, doc.Body(0), "TheStringGoesHere", 5) > 0 Then
                        Set deldoc = doc
                End If
                Call s.UpdateProcessedDoc(doc)
                Set doc = col.GetNextDocument(doc)
                If Not(deldoc Is Nothing) Then Call deldoc.Remove(True)

I think if you're getting hit with this, you can figure out the .com address string that shows up in all the entries.  I'm not going to highlight it here because I don't want any search hits on it.  If you want to know the string I used in place of "TheStringGoesHere", just email me...

Update:  A couple just came in without any URLs.  It may be a mistake, but it's still using the common set of two word starting phrases for the posts.  I've stretched out the agent to cover those strings too.  Again, email me for the actual code...


Gravatar Image1 - I only have one IP in my comment block list. I've got to presume that these comments are being blocked by some other blogsphere feature. All of the blocked comments I'm seeing are showing no IP address at all... so I presume that the blocking logic is kicking in before the IP is recorded.

Gravatar Image2 - Vince... I didn't dislike your solution for *any* reason. It's just that I was tired, didn't have a lot of time, and didn't quite follow what you did. Because I was not up to re-engaging my mind, I just took what I thought was an easy way out.

Seriously... I have no doubt that you're a far better developer than I am (witness the OpenNTF mail template)...

Gravatar Image3 - And it did... Now we wait to catch the wily spammer...

Gravatar Image4 - Keeping in mind the adage about not being able to prove a negative, I must say that so far all is quiet on the western front...

And Rich... No, BlogSphere was not blocking things for me. The only way I know of that sends the "Blocked" email is if you match the IP address being comment-blocked (I wrote that piece some time back). Since all my blog spam was coming from various IP addresses (zombie bot network?), I couldn't use the IP comment blocking.

Now, having said that... There may be some new feature in the upgraded BlogSphere that I'm still ignorant of...

Gravatar Image5 - This is another comment test based on a recommendation by Chris Byrne. I updated the formula in the SaveOption fields of the StoryResponse web form to be


The thought is that if the spammers are using an automated mechanism that doesn't tie to an actual story page hit, then the HTTP_Referer will be blank and the comment will never be saved...

Let's give it a try... This one should stay put.

Gravatar Image6 - Test to make sure this doesn't delete the comment. Not a perfect solution, but the band-aid looks like it deleted about 60+ comments just sitting out there... Cool!

Gravatar Image7 - Tom, I'm getting hit by lots of comment spam, but Blogsphere is blocking it. I'm not having to do anything. The posts are showing up in the comments view, but the notification emails are all showing "RESPONSE BLOCKED! - IP Address: ". Are you saying that Blogsphere is not blocking the spams for you?

Gravatar Image8 - Guys, I know some of you don't like my solution because it's a hack, but at least it works:

Post A Comment


Want to support this blog or just say thanks?

When you shop Amazon, start your shopping experience here.

When you do that, all your purchases during that session earn me an affiliate commission via the Amazon Affiliate program. You don't have to buy the book I linked you to (although I wouldn't complain!). Simply use that as your starting point.


Thomas "Duffbert" Duff

Ads of Relevance...

Monthly Archives