Arvind
November 19, 2005 12:43 PM [link]

In the hope of starting some conversation :) With the CPU load thing I find it a bit odd that you didn't experience the same with MT Blacklist. I think perhaps you never experienced as severe an attack as you are now because both MT Blacklist and SpamLookup are plugins hence any antispamming will consume CPU cycles (unlike mod_security). Also SpamLookup is far superior in terms of efficiency than MT Blacklist, I can't remember off the top of my head but I could swear MT Blacklist did something like check a comment/trackback against *every* entry on your blacklist which would obviously take up CPU cycles....

erin
November 19, 2005 4:38 PM [link]

Nereus,
I had been thinking about upgrading and I am actually kind of glad I didn't because when I saw that they were incorporating the spam thing into MT, I wondered if there were going to be glitches because in all honesty, Blacklist works, but in the same vein, I think we can all attest to it also having it's quirks as well. I am glad I saw this post because I was going to start emailing you re: switching over to the newer version but never got around to actually getting it done. For what it is worth though, I have been gettign hit pretty hard too and I think I am to like 4,000 entries for Blacklist.

Nereus
November 22, 2005 9:34 PM [link]

Great.. I no longer have trackbacks because of spam, and now I'm getting hammered with comment spam that, for the most part, is not getting junked but instead requires my approval, so I have to go through and select and delete every one of them a number of times every day, but make sure I don't accidentally junk the valid ones - so I have to fucking check each one!
The IP's are not blacklisted, they only put in one link, and the only reason they aren't published is that they are not TypeKey registered. I am now being forced to go to TypeKey registered comments only. With MT-Blacklist, my comments were completely open for anyone to post, and there was no registering and no 'wait for my approval' bullshit. How is SpamLookUp so much more superior than MT-Blacklist??? Hmmm???
Yes, I'm PISSED.

Nereus
November 23, 2005 2:08 PM [link]

Nods, I have SLU set to the defaults, and yes, it was working well for quite a while, which is why I had to eat the words I said in the beginning when it first came out ..but more recently there has been a steadily increasing amount of spam getting past most of the SLU blocks to the moderation point where I have to check them individually (don't get me wrong, there is still a heap getting blocked direct to the junk file).

Presumably spammers are working out ways to get around SLU, and it is solely the TypeKey rego that stops some of them getting to published status right now. I've started using the wordfilter more extensively to try and combat it, which should help. Ironic that I'm falling back to the very feature that made MTB so good in order to try and keep SLU more effective though.

If I'm getting a steady increase in spam getting past most of the SLU blocks, then others will start to notice it soon too I'd imagine. It's still a trickle at the moment, but enough to be annoying, and quite likely a precursor to a bigger spam flow getting past most of SLU's blocks.

Re 6A 'dropping' MTB, okay yeah, bad way to phrase it - as you said, it was never theirs - although 6A sure as hell endorsed it in a big way by awarding it the top plugin award in a high-profile (relative to MT) international competition (well deserved too imho).. regardless, you now work there, so I'm in no position to comment further.

Believe me Jay, if I had even half your skills, I would certainly be having a go at working on MTB, but alas I do not have those skills and am busy studying full time already, but not in comp sci.

As for assigning blame, of course the spammers are the ones at fault here. As I mentioned earlier in my comments, I was pissed when I wrote what I wrote in the first place, so of course there's going to be a certain amount of irrationality as a result. I'm frustrated having to compromise when having open commenting was something really important to me, which MTB worked well with compared to SLU, at least for me.

I dunno. I'm starting to wonder if it's even worth the frustration - there are more important things to be concerned about in life than a friggin weblog. Hmm.. I think that pretty much hits the nail on the head..

Nereus
November 29, 2005 7:36 PM [link]

I'm once again forced to limit commenting to TypeKey users only, and this is after releasing that restriction only yesterday so that non-registered commenters would be moderated rather than denied outright.. in just the small amount of time it took me to write the previous comment, I received fifteen more spam comments using the same tactic to bypass SLU, and they were only moderated because they were not TypeKey registered. I am sick and tired of having to manually check every single one of these moderated comments every frigging day. MT-Blacklist did not require anywhere near this much maintenance to keep the spammers out. This has become a time-consuming and frustrating chore, and I don't want to hear anyone tell me how much better and more effective SLU is any more, because it might have a bunch of different features and maybe the standard of coding is better (not my claim btw), but that fact is that when it comes to the crunch, SLU has created far more administrative work for me than MTB did. If I still had my weblog running with open commenting (TypeKey registration not required) like I did with MTB, this weblog would have thousands upon thousands of published spam comments by now.

If ANYONE has a copy of the last full master blacklist, please email it to me. I asked Jay for a copy but it never received a response.

If you're considering commenting here about the pros of SLU and cons of MTB, don't bother - I've most likely already heard it (and I've certainly experienced the difference) and I remain completely unconvinced.

Oh, and if you're thinking "what's so bad about typekey only commenting" then I will tell you: since switching to SLU (because it came bundled with MT3.2 and MTB was never upgraded fro MT3.2 - I never would have changed from MTB otherwise), valid comments to this website have dropped by about 90 to 95% because many people just can't be farked registering and signing in. Hell, I'm one of them! Unless I'm a regular visitor to a site, if I stumble into a site and decide to comment and find they have registered commenting only, then 9 times out of 10 forget it, I'm gone and I'm not coming back. Had I been able to comment without pissing around registering and logging in, I would've, and I would've most likely returned to see if anyone replied to my comment. WHY IS IT SO DAMN HARD FOR PEOPLE TO UNDERSTAND THAT THERE IS A HUGE HUGE AMOUNT OF WEBSURFERS OUT THERE THAT THINK EXACTLY THE SAME WAY I DO? Hell, I've proved it - my comments have died and my traffic has dropped by more than 50% since changing to MT3.2 and SLU, and I'm spending waaay more time having to clean up spam.. WTF? I guess my traffic is different from the traffic the developers get (I wonder if they researched it) - traffic here is much more the drive-by and perhaps return type, as opposed to a bunch of regulars. GRRRR.

In fact fark this.. I might just delete this weblog in the new year - it's not really enjoyable anymore. I don't write as often and don't write much of interest or post entries that are enjoyable to read anymore, basically because by the time I get through all the moderated spam I'm just not in the mood to write anything - I just want to logoff and get the hell away from this thing that's tied around my neck like a great big ungainly dead albatross. ACK!