Since 1997, you’ve been coming to BarnesandNoble.com to discuss everything from Stephen King to writing to Harry Potter. You’ve made our site more than a place to discover your next book: you’ve made it a community. But like all things internet, BN.com is growing and changing. We've said goodbye to our community message boards—but that doesn’t mean we won’t still be a place for adventurous readers to connect and discover.

Now, you can explore the most exciting new titles (and remember the classics) at the Barnes & Noble Book Blog. Check out conversations with authors like Jeff VanderMeer and Gary Shteyngart at the B&N Review, and browse write-ups of the best in literary fiction. Come to our Facebook page to weigh in on what it means to be a book nerd. Browse digital deals on the NOOK blog, tweet about books with us,or self-publish your latest novella with NOOK Press. And for those of you looking for support for your NOOK, the NOOK Support Forums will still be here.

We will continue to provide you with books that make you turn pages well past midnight, discover new worlds, and reunite with old friends. And we hope that you’ll continue to tell us how you’re doing, what you’re reading, and what books mean to you.

Reply
DeanGibson
Posts: 2,186
Topics: 92
Kudos: 2,247
Solutions: 18
Registered: ‎04-12-2011

What "comment spam" is

I've posted this here, rather than in one of the numerous "comment spam" threads, because B&N rightfully "deletes" (hides) those.

 

The objective is to have the "spam" message visible when Google and other search engines walk the B&N site, thus showing numerous links to the site and thus raising the search rank of the site.

 

It's a new kind of "spam", in a sense.  It's called "comment spam" (see http://en.wikipedia.org/wiki/Spam_in_blogs ). I have a phpBB message board for amateur radio operators, and I get several "join" requests a week.  Since the user "name" is randomly generated by the spammer, so is the callsign, which immediately reveals that the "join" request is bogus.  Since I verify all "join" requests, I never honor thebogus ones, and so the spam is never posted.

 

When I get the bogus request, I also block the entire network class B IP address space of the requestor.  However, there are so many hacked machines around the world, that it's going to take a while to block them all.

2 Nook HD/8GB + 2 Nook HD+/16GB: B&N 2.2.0 rooted
2 Nook Touch (one Ltd. Ed.): B&N 1.2.1 rooted; Dell Venue 8 Pro: Windows 8.1
Nook 1stEd/3G: B&N 1.7.0 rooted.; Acer Iconia A500: Android 4.0.3 rooted;
Nook Color: B&N 1.4.3 rooted; Samsung Galaxy Tab2 (7.0"): Android 4.2.2 rooted
Customer loyalty is earned, not commanded or deserved, and easily lost.
Never suspect intent where incompetence will do.
Distinguished Bibliophile
bobstro
Posts: 3,758
Registered: ‎01-01-2012
0 Kudos

Re: What "comment spam" is

A Class B /16 block is pretty coarse resolution. That'll stop the spammer for a time, but isn't there a risk of blocking new and even existing users if you block 64K of addresses at a time? Couldn't you do it by ISP based on reverse DNS lookup?
DeanGibson
Posts: 2,186
Topics: 92
Kudos: 2,247
Solutions: 18
Registered: ‎04-12-2011

Re: What "comment spam" is


bobstro wrote:
A Class B /16 block is pretty coarse resolution. That'll stop the spammer for a time, but isn't there a risk of blocking new and even existing users if you block 64K of addresses at a time? Couldn't you do it by ISP based on reverse DNS lookup?
  1. The reverse DNS domains are as diverse as the IP addresses.
  2. Most of the IP addresses are in Europe.  My sites (with one exception) serve USA-based licensees.  I don't give a hoot about non-USA visitors.

Before I had an effective eMail spam-blocking configuration, I used to block class A addresses from Asia, Europe, and South America.  If I get too many comment spam IP addresses in the same class A block, I'll do the same for web acccess.  I'm not the only person that does this.  If the rest of the world can't control their criminal element, let them sit on the outside of much of the Internet looking in.

2 Nook HD/8GB + 2 Nook HD+/16GB: B&N 2.2.0 rooted
2 Nook Touch (one Ltd. Ed.): B&N 1.2.1 rooted; Dell Venue 8 Pro: Windows 8.1
Nook 1stEd/3G: B&N 1.7.0 rooted.; Acer Iconia A500: Android 4.0.3 rooted;
Nook Color: B&N 1.4.3 rooted; Samsung Galaxy Tab2 (7.0"): Android 4.2.2 rooted
Customer loyalty is earned, not commanded or deserved, and easily lost.
Never suspect intent where incompetence will do.
Distinguished Bibliophile
keriflur
Posts: 6,606
Registered: ‎01-05-2010
0 Kudos

Re: What "comment spam" is

The question I'd like to see answered isn't what comment spam is, it's why isn't B&N doing anything about it?

Inspired Bibliophile
deesy58
Posts: 2,486
Registered: ‎01-22-2012
0 Kudos

Re: What "comment spam" is


keriflur wrote:

The question I'd like to see answered isn't what comment spam is, it's why isn't B&N doing anything about it?


How do you know B&N is not trying to do something about it?  Lithium provides for IP address blocking, but Dean and bobstro just described some of the inherent problems with using it.  One issue is that innocent visitors can become blocked when IP address blocking is implemented.  For example, if an abuser makes posts from his/her workplace, all users on the same Local Area Network (LAN) can become blocked because the address that is blocked is the address of the router.  Is that correct?

Distinguished Bibliophile
keriflur
Posts: 6,606
Registered: ‎01-05-2010
0 Kudos

Re: What "comment spam" is

[ Edited ]

deesy58 wrote:
How do you know B&N is not trying to do something about it?

If you used just a tiny bit of logic, I'm sure you could figure out how I know B&N isn't doing anything about it.

Inspired Bibliophile
deesy58
Posts: 2,486
Registered: ‎01-22-2012
0 Kudos

Re: What "comment spam" is


keriflur wrote:

deesy58 wrote:
How do you know B&N is not trying to do something about it?

If you used just a tiny bit of logic, I'm sure you could figure out how I know B&N isn't doing anything about it.


Well, if you used the same logic, you would know that the B&N Book Clubs Administrator might very well be employing IP address blocking against the spammers, and you would have no way of knowing it.  In addition, the spammers could easily, as described by Dean, circumvent low-level blocking.  In places like China, how do we know what kinds of controls over IP addresses are applied by authorities? 

DeanGibson
Posts: 2,186
Topics: 92
Kudos: 2,247
Solutions: 18
Registered: ‎04-12-2011

OT: How to deal with "comment spam"

[ Edited ]

deesy58 wrote:

... In places like China, how do we know what kinds of controls over IP addresses are applied by authorities? 

 

Well, I was going to post a flippant link about how China deals with crime once they get serious about an issue, like Somali sea pirates and fake baby milk formulas, but in my search on the Internet, I found this absolutely fascinating article:

 

http://www.economist.com/news/china/21582557-most-worlds-sharp-decline-executions-can-be-credited-ch...

 

Note that I support the death penalty.  I say this to show that my motives for posting the above link are not to argue against the death penalty, so please everyone don't take the discussion in that direction.  I just find the article an intriguing look at how China is changing.

2 Nook HD/8GB + 2 Nook HD+/16GB: B&N 2.2.0 rooted
2 Nook Touch (one Ltd. Ed.): B&N 1.2.1 rooted; Dell Venue 8 Pro: Windows 8.1
Nook 1stEd/3G: B&N 1.7.0 rooted.; Acer Iconia A500: Android 4.0.3 rooted;
Nook Color: B&N 1.4.3 rooted; Samsung Galaxy Tab2 (7.0"): Android 4.2.2 rooted
Customer loyalty is earned, not commanded or deserved, and easily lost.
Never suspect intent where incompetence will do.
Doug_Pardee
Posts: 5,521
Kudos: 4,013
Registered: ‎03-09-2010

Blocking spammers

I run a forum which does cater internationally. We currently have over 3500 users signed up. In over 1-1/2 years of operation, only five spam messages have gotten through, and none in the past year or so. And we don't rely on mass blockage.

 

First, the user has to get past ZB Block. This software compares a number of features of the HTML request against various black-lists. When someone is rejected three times, their IP address goes onto a local blacklist (this is mainly a performance feature). Certain triggers cause IP-banning on the first attempt.

 

Next, we have email verification. Almost every half-way competent web site now uses this for sign-ups. You have to give a working address, and click a link on the email that comes in. Somewhere around 95% of our spammers give us unworking email addresses, or don't bother to click the link.

 

"Throwaway" email domains aren't accepted. Alas, GMail can't reasonably be blocked.

 

Certain toxic words (mostly brand names) in the username and email address will cause rejection.

 

Various anti-spam plug-ins provide traps for the bots and the brainless out there.

 

Finally, new registrants can't post until one of the admins has personally approved them.

 

I'd love to have a feature where new registrants can post, but can't post URLs, but I haven't found a plug-in for that.

 

Distinguished Bibliophile
patgolfneb
Posts: 1,758
Registered: ‎09-10-2011

Re: OT: How to deal with "comment spam"

From my perspective as a foreigner, what affects me, China is perfectly willing to accept corruption when it benefits.  Cyber crime, patent and trademark abuses, currency manipulation, child labor, workplace safety and labor reform etc.  China gets more credit than it deserves, it is still an authoritarian rouge country we refuse to oppose because we want their cheap products.