<< Sticks And Stones | Me And The Queen, At The Movies >>
The yeti Lives

Well, you can't keep a good blog down -- or defective yeti either, apparently. Despite my attempts to put the site out to pasture for a week and save on bandwidth costs, the homepage kept lurching from the grave like a villain from an 80's era slasher film and reinstalling itself at /index.html, repeatedly clobbering the "Gone Fishing" message I had put there.

It took me the weekend to figure out how it was pulling off this Lazarus routine, but now I think it can be attributed to the same force that is responsible for, like, 94% of everything that happens on the Internet: spammers. Comment spammers, specifically.

Comment spammers don't visit blogs, click on the "comment" link, and then carefully type in their pitch for "Viagra, Cialis, Zyban, Prozac, Xenical, and many many more!" Instead, they have scripts that cycle through a database full of mt-comment.cgi URLs and pass the text of their spam directly to the script as the "text" parameter, thereby bypassing the webpage entirely*. So while I had dy shut down to real users, the comment spammers were still merrily pinging the mt-comment.cgi script on a regular basis -- and incidentally rebuilding index.html every time they did. Several times over the weekend I drifted over to defectiveyeti.com and saw that the homepage had once again broken out of the back yard and was running loose in the neighborhood.

Well, hell. I guess I could just disable the mt-comment.cgi script, but, seriously, at this point it's becoming more work to abandon the site than to maintain it. So I guess I'll just keep posting for the rest of the month, bandwidth bill be damned.

A big thanks to everyone who offered to chip in funds to cover costs. I really appreciate the offers, although I'm not prepared to go the PayPal route just yet. Taking people's money means that this blog becomes a job (at least in my mind), and I think we'll all be happier if I continue to approach it as a hobby. I like knowing that I can take a week off or blather on about my my personal obsessions without feeling like I'm letting down my stockholders. Besides, what if you kicked in $10 to keep dy up for the rest of March and then the next seven days worth of entries were lame? (Which, judging from my "yeti to-do" list, is going to be the case. Just you watch.)

Some good things came out of the shutdown, by the way. I found a slew of bandwidth thieves who had been hotlinking to jpgs in my images directory and shut them all down, so that should cut by throughput by a quarter right there. And I've arranged to have the site hosted elsewhere starting in April, so we shouldn't see this again.

For the remainder of this week I plan to keep my bandwidth overrun costs to a minimum by keeping the images shut off, limiting the homepage posts to five, and only writing dull and uninspired entires to ensure that no one links to them.

* It occurs to me that there may be an easy way to foil automated comment spammers, based on the fact that they don't actually go through an individual page to post. You could put a hidden field in you Movable Type template -- <input type="hidden" name="commentspammerssuck" value="1" />, say -- and then put a line in mt-comments.cgi that tells it to exit immediately if that parameter isn't present. Shit, that might actually work. I'll try it and report my findings.
Posted on March 28, 2005 to dy


Viagra, Cialis, Zyban, Prozac, Xenical, and many many more!

Haha. couldn't resist.

Posted by: Lost Poke on March 28, 2005 3:41 PM

I wondered what was up when I accidentally clicked on your bookmark and saw the real page again! Glad you're back, and I'll take it easy on the page views for the next week or so for ya ;)

Posted by: Amanda on March 28, 2005 3:52 PM

The timing of this is too strange. I can't help thinking that you might be the new Mesiah.

Posted by: isabella on March 28, 2005 4:03 PM

Just a question, are RSS aggregators hurting your bandwidth at all? I recently added your RSS Feed as a Live Bookmark to my Firefox browser. If these types of bookmarks are taking too much bandwidth, you might want to let people know.

Posted by: Twench on March 28, 2005 4:11 PM

The timing of this is too strange. I can't help thinking that you might be the new Mesiah.

Uhhhhhh .. you know, that never once occured to me ...

Posted by: Matthew on March 28, 2005 4:18 PM

That is probably because you take your medication.

Posted by: isabella on March 28, 2005 4:25 PM

Your idea is one of the suggestions on SixAparts list of ideas how to circumvent content spammers. Some of the software out there already can get around stuff like that...

The best defense is for everyone to customize their content script differently... that way, the spammers can't just create a program that automatically submits to a bunch of sites...

Posted by: cam c. on March 28, 2005 5:14 PM


Posted by: Mark on March 28, 2005 5:33 PM

Another route to go to foil comment spammers is just to have the script check the referrer. If the request doesn't refer from defectiveyeti.com, just have it redirect to an error, or the root of the site. I did it in PHP on my site, but I bet yours is in Perl so you're on your own. Also, you're probably pretty smart so I'm sure you could manage.

Posted by: Andy on March 28, 2005 6:28 PM

Andy, what if you're clicking in from kinja (like I just did)? would that mean I couldn't comment since the referrer would be my digest page?

Posted by: cee on March 28, 2005 6:56 PM

How did you track the bandwidth thieves? Any tips highly appreciated

Posted by: coskel on March 28, 2005 7:45 PM

exactly coskel. I can't figure out why my site is a bandwidth eating whore.

Also I have the same question about clicking in from kinja.

Posted by: MelissaS on March 28, 2005 7:55 PM

I was stunned to learn that those types of comments were spammers! I thought that they were simple, honest, salt-of-the earth people with a deep and profound dedication to ENLARGING UR PENIS 2-4 INCHES PERMANENTLY NO PRESCRIPTION.
What is this world coming to?

Posted by: sassycat on March 29, 2005 12:33 AM

You could also try some .htaccess bans. If you've got a problem with the Bulgarian spammer (probably the most prolific spammer on the net), it's easy to block him:

Posted by: Spamhuntress on March 29, 2005 2:48 AM

Blather about your personal obsessions? You're hilarious and all, but I mostly read this blog JUST for the great game reviews. By the way, I didn't care for Puerto Rico that much. Otherwise, you're awesome.

Posted by: EdgeWise on March 29, 2005 6:25 AM

Alternative method for raising cash:

Have occasional fundraising drives along the lines of 'Like what you read in the past month/3 months/etc.? Then how about contibuting to the running costs.' Set a target, show how it's going (thermometer-style graphic or somesuch) and when you've reached the target finish up 'til the next time.

You don't have to 'work' for the cash as contributions are based on what you've done in the previous time period.

Posted by: i_cola on March 29, 2005 7:22 AM

for the technology dumb.. i linked to your page from my blog.. does that do anything to you?

Posted by: shad on March 29, 2005 7:53 AM

I have pitched the following idea to several other popular bloggers who needed to raise money. It builds on the idea above by i_cola: Do a fundraising drive with a thermometer and everything, but make a promise on the order of "When the target is reached I will [insert stupid stunt] and take pictures" and make it available to readers for their amusement. Up to now, no one has wanted to degrade themselves that much, but you might be the one.

Posted by: Tim on March 29, 2005 9:41 AM

For those wondering if you'll be able to comment with the referrer restriction, a qualified no. But the programmer can set up a whitelist for known friendly sites, which would be easy.

Posted by: Andy on March 29, 2005 10:34 AM

Can we pay you to STOP writing?

Oh, stop, I'm just kidding. Seriously, though, I'd much rather be flipping the odd quarter into your tip jar than coming here to find the site's been pulled for a while. Plus, how often in life do you find people BEGGING to give you money? Dude, revel!

Posted by: Meg on March 29, 2005 4:28 PM

Maybe you should consider switching

a) putting an antispam plugin for mT (if they exist)

or b) switch to WP with its armada of succesful antispam plugins

Posted by: Somebaudy on March 30, 2005 3:25 AM

Most comment spam comes through open proxies, so if you just install MT-DSBL, that should cut through most of it right off the bat. Be sure to do what I call a lump examination every now and then.

Posted by: Paulo on March 30, 2005 6:57 AM

a plug for Bloglines: it reads each feed once for everyone who subscribes to the feed and distributes the results. easier on bandwidth.

Matt could very well be the Mesiah. but i'm confident he's not the Messiah ;-)

Posted by: Sean on March 30, 2005 7:03 AM

Take a look at Adsense. I was shocked by how much my blog has brought in. I am not only covering all hosting and bandwidth charges. I'm making money. I was one of the early blogs rejected by AdSense and only tried signing up again this year. It works. Well. And with the AdLinks program you can make it as low-profile as you want.

Posted by: Kenneth on March 30, 2005 7:05 AM

For a long time I had a set of radio buttons at the bottom of my guestbook entry page that said "Are you a robot? Yes or No." with 'Yes' as the default and a bug chunk 'o text that said "Change the value or go away". When I had that up I never got spam.

Then I changed hosts and the old scripts didn't work anymore. I haven't figured out how to screw around with the new scripts to add that in, so I get spam again.

Posted by: Abby on March 30, 2005 7:33 AM

Yay, comment spam -- it resurrected Defectiveyeti! Maybe it CAN increase my penis size!

Referers are easy to fake, but referer restriction does stop a lot of the automated tools out there right now.

Posted by: Buck on March 30, 2005 8:37 AM

referer is unreliable - quite a few "security" apps now block it, so a perfectly legit user wouldn't be able to comment. use the hidden "spammer" field you're thinking of.

Posted by: Scott on March 30, 2005 9:14 AM

I don't use MT, but I have seen others using this to block spammers:


maybe it would work for you.

Posted by: karrie on March 30, 2005 4:02 PM

It's an Easter Miracle!

Posted by: Duane on March 30, 2005 5:53 PM

I usually do an MD5 hash with the current date, some time interval and the "spammerssuckbigtime" or some other password that only I know. The combination seems to work very well at keeping people from being able to post at random or more often than my time interval.

Posted by: rob on March 30, 2005 6:02 PM

Besides adding in that hidden field, you can also rename your mt-comments.cgi to something else and make the appopriate changes in your mt config files (I don't know if this applies to MT 3.x but it works on my MT 2.6x).

That way, the comment spammers will get a 404 and maybe they'll just stop spamming the URL altogether because they'll think there's no blog here. (How sneaky.)

Posted by: Jack on March 30, 2005 7:49 PM

I installed James Seng's MT-SCODE last year. Along with some other harsh customizations against spammers, I now receive zero comment spam. It's not easy to install, but the hour I spent at it has been made back a hundred times over.
Check it out at: http://james.seng.cc/archives/000145.html

Posted by: Kayne McGladrey on March 30, 2005 8:59 PM

I didn't click here all week for fear of costing you money!

If you want to keep the site ad-free, I'm sure if you just made Amazon Associate links for all the books you mention, you would rake in some dough. Just from my purchases alone, you would rake in some dough. I bought nine books last month. And it's transparent (no ads taking up room on your site).

Posted by: Melissa on April 1, 2005 3:08 AM

It's not perfect (I'm still waiting to upgrade one of these days to MT 3), but I'm doing what Jack advocates above; renaming mt-comments.cgi every once in awhile. That plus MT-Blacklist has pretty much eliminated any problem for me. It's a bit of a pain, but just renaming any time you start to get a trickle of spams seems to do the trick. I've only had to rename twice in the last 6 months... not too shabby.

Posted by: Matt on April 5, 2005 11:01 AM