North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Comment spammers chewing blogger bandwidth like crazy

  • From: Gadi Evron
  • Date: Sun Jan 14 20:08:13 2007

On Sun, 14 Jan 2007, William Warren wrote:
> 
> Heck feed it from spamkarma 2 or askimet. I use spamkarma 2 and it 
> routinely nails tons of blog spammers..:)

SK2 and Akismet indeed do good work on WordPress, but are far from the
solution to the problem.

Things just get out of hand in the realm of comment spam as more and more
spammers invest resources there and overload web pages and services.

http://blogs.securiteam.com/index.php/archives/285
http://blogs.securiteam.com/index.php/archives/290
http://blogs.securiteam.com/index.php/archives/296
http://blogs.securiteam.com/index.php/archives/401
http://blogs.securiteam.com/index.php/archives/470
http://blogs.securiteam.com/index.php/archives/471
http://blogs.securiteam.com/index.php/archives/502
http://blogs.securiteam.com/index.php/archives/180


> 
> Alexander Harrowell wrote:
> > Gadi, if your HTTP spam DNSBL gets working, we would certainly be 
> > interested in feeding our spam filter from it. It is my experience so 
> > far that comments spam is not very "botnetty" but more "boxy" - the 
> > proportion of the total we get from any single IP address is relatively 
> > high.
> > 
> > Actually, to put that better, rather than being evenly distributed over 
> > many IPs, a core-group of the IPs spamming us at any one time account 
> > for the bulk of it. 80/20 rule again
> > 
> > On 1/14/07, *Gadi Evron* <[email protected] <mailto:[email protected]>> wrote:
> > 
> > 
> >     On Sun, 14 Jan 2007, Peter Corlett wrote:
> >      >
> >      > On 14 Jan 2007, at 13:27, Tony Finch wrote:
> >      > [Blog spammers]
> >      > > Most of the IP addresss you listed are are already on various DNS
> >      > > blacklists.
> >      >
> >      > Ooh, now that is interesting. I had assumed that the DNSBLs only
> >      > covered SMTP spam sources, but on reflection I suppose SMTP is a dead
> >      > protocol these days in the wider Internet.
> >      >
> >      > For the benefit of those of us who have been lucky to Recover from
> >      > ISP work and now herd blogs[0], would you be so kind as to share
> >      > which blacklists are worthwhile and worth consulting on this front?
> >      >
> >      > [0] Before you ask, no, it's no easier, in fact arguably harder work,
> >      > although the pay and hours are better. But yes, we're hiring.
> >      >
> > 
> >     Your assumption is incorrect. These DNSBLs cover spam sent in email,
> >     indeed. Thing is, spam is spam and spammers are spammers. Meaning, they
> >     spam in every way they can.
> > 
> >     In my experience 20-70 per cent would be flagged by email DNSBLs. Not
> >     accurate to filter out blog spam.
> > 
> >     As in, bots will be bots.
> > 
> >     I've been working on a new DNSBL for comment/etc. spam for a while,
> >     which
> >     will be reliable, generally, it doesn't exist yet for public
> >     consumption.
> > 
> >     There is such a black listing service already, but again,
> >     reliability is
> >     an issue.
> > 
> >             Gadi.
> > 
> > 
> 
> -- 
> My "Foundation" verse:
> Isa 54:17  No weapon that is formed against thee shall prosper; and 
> every tongue that shall rise against thee in judgment thou shalt 
> condemn. This is the heritage of the servants of the LORD, and their 
> righteousness is of me, saith the LORD.
> 
> -- carpe ductum -- "Grab the tape"
> CDTT (Certified Duct Tape Technician)
> 
> Linux user #322099
> Machines:
> 206822
> 256638
> 276825
> http://counter.li.org/
>