Six Apart late Monday planned to release an update to its Movable Type Weblogging software to combat a recent surge of blog comment spam.
Movable Type bloggers began informing the company early last week that comment spam had reached levels that were knocking out servers at Web hosting companies and wreaking havoc on affected bloggers.
Comment spam, which Six Apart officials said first appeared in fall 2003, occurs when spammers attempt to dump Web site links into the comment sections of blogs.
The spammers often use automated bots with the goal of trying to game search engines such as Google by increasing their link popularity, said Anil Dash, vice president of Six Aparts professional network.
Comment spam came to a head for Six Apart because of a bug in Movable Type 3.1, which led spam comments to still cause a load on Web servers and databases even when the comments were blocked from appearing on blogs, Dash said.
Since Version 3.0, released earlier this year, Movable Type had included additional tools for moderating comments and authenticating comments using its TypeKey service.
But the bug came to light following an upswing in comment spam and the ferocity of the attacks over the past few weeks, he said. The blogs targeted most often were the ones with high rankings on Google.
“Spammers have massively increased the volume of attacks, the number of comments in an attack and the frequency of the comments,” Dash said. “In combination with that, there was a bug in Movable Type.”
Six Apart rushed to offer details about the bug and fix it last week, sending out a test version to developers by the end of the week.
Movable Type 3.14, which includes a patch, was expected to be available by the end of Monday as a free download for users of Movable Type 3.0 or later, Dash said. The company is advising users of pre-3.0 releases to upgrade.
Web-hosting companies reported servers becoming unresponsive under the load of the comment-spam traffic, leading some to cut off all comments on Movable Type blogs.
One such company was TextDrive Inc., of La Jolla, Calif. The company hosts blogs across multiple platforms, from Movable Type to the open-source Word Press blog tool.
The volume of comment spam to Movable Type blogs clogged one of its servers, leading it to shut down comments across Movable Type blogs for about four days, said TextDrive president Jason Hoffman. TextDrive posted a notice on its user forums about the issue and also worked with Six Apart to resolve it.
“What was happening was that [spam] got to a certain point that the Movable Type comment script itself would never let go of the database and would look like it was constantly rebuilding,” he said.
About 10 percent of 2,000-some Movable Type blogs hosted by TextDrive were hit with the comment-spam rush, Hoffman said.
Next Page: Creating a blacklist of sites.
Blacklist
TextDrive took other steps besides blocking comments. Hoffman had noticed that the bulk of comment spam was coming from .info domains, so TextDrive for a short time blocked all referrals to .info. Later, it created its own blacklist of .info sites to ban from sending comments to blogs.
Before discovering the code bug, Six Apart officials initially thought the rash of comment spam was hitting users of older versions of Movable Type. While that turned out not to be the case, Hoffman said he noticed a pattern among those Movable Type blogs hit at TextDrive.
The blogs tended to use templates where the link for commenting was easy to find from the front page, a typical design for blogs built on earlier Movable Type versions. By making the comment-script link so visible, the blogs also made it simpler for automated bots to deluge the blogs with comments.
Hoffman said the blog industry needs to focus on solving comment spam broadly by focusing not only on the blog tools but also on the measures hosting companies can take. Still, bloggers themselves must play an active role.
“I dont think that link spam or comment spam necessarily kills blogs or kills content producers, but I think that the idea of having a site that you dont necessarily have to curate is gone,” Hoffman said.
“If you produce content and produce comments, then you have to read comments and moderate comments. You have to treat a Weblog like youd treat a good garden.”
Six Apart also has begun talking with others in the industry about common solutions, Dash said. The company runs TypePad, a popular hosted blog service. Six Apart actively blocks comment spam in the service and has gleaned trends and developed blacklists that Dash expects will be incorporated in future Movable Type releases.
While comment spam shares characteristics with the scourge of unsolicited e-mail in users in-boxes, it typically serves a different purpose, Dash said.
“One of the fundamental differences with comment spam is that spammers are not doing it to advertise their services on a site, but theyre doing it to increase their page rank on Google,” Dash said.
While search engines could do more to advance their algorithms to not consider links from blog-comment spam, Dash said such steps alone wont solve the problem.
“The reality is, even if they do tweak the search engines to not favor comments and to properly understand when a comment is spam or not, the spammer behavior is not going to change that quickly,” he said. “This is going to be an ongoing issue.”