Alden Bates' Weblog: Spam attack

Ads by Project Wonderful! Your ad here, right now: $0

Home : October 2005

« TSV 31 | Main | Spam attack (part 2) »

Spam attack

Filed in: Spam.

A particularly annoying comment spammer seems to have decided to target my site - the same one who's been spamming legitimate blog URLs. I blocked a bunch of open proxies in my .htaccess file last night, but still had some 74 comments get through overnight. Of those, 38 ended up in the junk folder, 35 were moderated, and 1 got through.

I'd added some phrases to SpamLookup last night as well, but I must have done them wrong, as SpamLookup didn't match them in the comments. I changed the phrases to regular expressions instead, and hopefully that should lower the number of comments that escape the junk folder. I've also added a bunch more open proxies to the .htaccess, and (temporarily) lowered the limits for moderating/junking comments based on number of URLs.

The spams typically start with a piece of generic praise, some random gibberish, then a raw URL, and a piece of random text linked to another URL. The URLs are usually entries from innocent blogs (either the spammers are intending to spam those entries at a later date, or perhaps they just want to muddy the waters of spam blacklists. Example comment openings are:

your site is exactly the kind of sites which make the net surfing so fun. keep scrolling down for pastry cream recconsequentlyipe:
Just letting you know - your site is fantastic! 1 small clove garlic:
your site is a very nice source of info. extensive methods for this:
brilliant site! happy to be here. about a year ago i started:
Reading your content just made my day. Keep the good work. quilt Your fabric yoyo:

The text before the ':' seems to be used a lot, so adding those to blacklists should help. There's also a wee discussion going on in the comments of the spammed entries on Andrew's Blog.

Posted October 9, 2005 10:50 AM

Trackback Pings

Listed below are links to weblogs that reference Spam attack:

Spam Attack (The Return) from Alden Bates' Weblog
Yes, they're back, only they're no longer spamming the URLs of blogs. They appear to be spamming the URLs of lighthouse and quotation sites. Quite what the connection is here, I don't know, though I did spot at least one... [Read More]
Tracked on November 20, 2005 9:23 PM

Comments

1 small clove garlic...deep, man...

Posted by: Bash Hardcastle | October 10, 2005 4:38 AM

Have just installed 'Spam Karma' on my blog to see if that won't stem the tide of the spam flood.

Currently averaging 20+ inane spam comments like the one below.

Hi! I just found your site, it's very cool.. My father didn't tell me about it.... 12 monkeys dancing..

JAIL SPAMMERS!!

Cheers,
Andrew

Posted by: The Real Andrew | November 18, 2005 3:59 AM

I got rid of them in the end by slowly banning all the IP addresses they were using. Once they started getting mostly 403 errors, they gave up. >:)

Posted by: Alden Bates | November 18, 2005 8:44 AM

Alden Bates' Weblog

Feigning normality since 1973

Spam attack

Trackback Pings

Comments

Post a comment


	Home : October 2005 Alden Bates' Weblog Feigning normality since 1973 « TSV 31 \| Main \| Spam attack (part 2) » Spam attack Filed in: Spam. A particularly annoying comment spammer seems to have decided to target my site - the same one who's been spamming legitimate blog URLs. I blocked a bunch of open proxies in my .htaccess file last night, but still had some 74 comments get through overnight. Of those, 38 ended up in the junk folder, 35 were moderated, and 1 got through. I'd added some phrases to SpamLookup last night as well, but I must have done them wrong, as SpamLookup didn't match them in the comments. I changed the phrases to regular expressions instead, and hopefully that should lower the number of comments that escape the junk folder. I've also added a bunch more open proxies to the .htaccess, and (temporarily) lowered the limits for moderating/junking comments based on number of URLs. The spams typically start with a piece of generic praise, some random gibberish, then a raw URL, and a piece of random text linked to another URL. The URLs are usually entries from innocent blogs (either the spammers are intending to spam those entries at a later date, or perhaps they just want to muddy the waters of spam blacklists. Example comment openings are: your site is exactly the kind of sites which make the net surfing so fun. keep scrolling down for pastry cream recconsequentlyipe: Just letting you know - your site is fantastic! 1 small clove garlic: your site is a very nice source of info. extensive methods for this: brilliant site! happy to be here. about a year ago i started: Reading your content just made my day. Keep the good work. quilt Your fabric yoyo: The text before the ':' seems to be used a lot, so adding those to blacklists should help. There's also a wee discussion going on in the comments of the spammed entries on Andrew's Blog. Posted October 9, 2005 10:50 AM Trackback Pings Listed below are links to weblogs that reference Spam attack: Spam Attack (The Return) from Alden Bates' Weblog Yes, they're back, only they're no longer spamming the URLs of blogs. They appear to be spamming the URLs of lighthouse and quotation sites. Quite what the connection is here, I don't know, though I did spot at least one... [Read More] Tracked on November 20, 2005 9:23 PM Comments 1 small clove garlic...deep, man... Posted by: Bash Hardcastle \| October 10, 2005 4:38 AM Have just installed 'Spam Karma' on my blog to see if that won't stem the tide of the spam flood. Currently averaging 20+ inane spam comments like the one below. Hi! I just found your site, it's very cool.. My father didn't tell me about it.... 12 monkeys dancing.. JAIL SPAMMERS!! Cheers, Andrew Posted by: The Real Andrew \| November 18, 2005 3:59 AM I got rid of them in the end by slowly banning all the IP addresses they were using. Once they started getting mostly 403 errors, they gave up. >:) Posted by: Alden Bates \| November 18, 2005 8:44 AM Post a comment Name: Email Address: URL: Remember personal info? Comments: (you may use HTML tags for style)
Tetrap.com Site Map