We all have agreed to comment spam - "In the legal correspondence of the last few days, the opposing lawyer even insisted that the consent of the two million bloggers is available". Well, if my blog is included, there is no declaration of consent. And given the number of blogs, I generally doubt this statement as well. Blog spammers are the lowest of the low.
spam
Spamhaus.org relativizes nic.at listing - I think I've said before that I don't think much of spam list operators, because they all go crazy sooner or later. Of course, Spamhaus is more important than laws ...
Man described as a top spammer arrested - and now please get the others too.
RFC against Spam - will it help? Maybe, because an RFC tends to be implemented in mail servers. On the other hand, will the mail servers also be updated to the new versions with the feature?
Thursday: Biggest. Anti-Spam. Lawsuit. Ever. - $1 billion in damages claimed. Lawsuit against several spammers who have recently collected email addresses, which is a violation of laws in the USA. Could be interesting.
Overzealous spam blacklist blocks Server4You addresses - SORBS again. Still incompetent, that place.
Stopping spam with the Anti-Spam-SMTP-Proxy (ASSP) - hmm. Transparent SMTP proxy. Unfortunately in Perl - my experiences in that direction were rather negative so far.
BMW kicked out of Google
Just freshly chased through the blogosphere, the pig, already caught German BMW Banned From Google. Well, if you engage in search engine spamming, you might get kicked out of Google. Some marketing guys probably wanted to be too clever again.
SIXTUS.NET - Blog | Dad, where do all these spam comments actually come from? Well, my child, they come from Lindlar, from Sebastian Foss - cute, when a supplier for spam software is then found to be based in Germany. However, this does not surprise me - we also have the dialer scammers.
akismet.py - Python interface for the (central) Akismet Spam Scanner.
Akismet - Centralized Anti-Spam Filter
Photomatt (from WordPress) has built a central anti-spam service called Akismet that can be used with WordPress via a plugin. Additionally, there is an API that allows other services to be integrated. Basically a good idea - even though I generally have an aversion to central services, unless I myself operate these central services.
What really bothers me, however, is this small excerpt from the FAQ:
Well without giving too much of the secret sauce away, we can safely say that it would be pretty difficult to poison Akismet.
So central service - okay. I don't like it, but it certainly makes sense for others who cannot or do not want to operate such a service themselves. But "secret sauce" - I should send my comments with the personal data of my commenters to a foreign system, where I can't even see the software running behind it? Sorry, no thanks.
Spam Block List Ran Amok
Guess who that was? Exactly - SORBS. My favorite collection of technical incompetence and social stupidity. Couldn't someone initiate a UDP against the pipes?
Even more media incompetence - this time CDU
Even the CDU is sending out spam:
Approximately 300,000 to 400,000 Germans are receiving an email from the contest provider "Play and Win" these days. They are advertising to vote for the CDU in the upcoming Bundestag election on Sunday. However, this is not entirely accurate: upon closer reading, it is simply election advertising by the Union.
Upon closer reading of the spammer's comment, it is simply spam. Scum.
Microsoft Loves Spyware
Anyway, Microsoft now classifies these differently:
According to this, since the update at the end of March, the program recommends ignoring various Claria products classified as moderately dangerous, as well as those from the spyware mills WhenU and 180solutions.
Sorry, but background programs that display news are fundamentally unacceptable, and I don't care in the slightest about the velvet-glove arguments the manufacturers of this junk come up with.
Sorry, but a manufacturer of operating system software that does not suggest uninstalling such trash in an anti-spyware check is simply not credible.
Webspammer with new tricks?
It seems like web spammers are learning a few new tricks. In any case, I stumbled upon links to myself that come from a WordPress blog consisting only of wild HTML snippets that seem to have been created due to searches for "house" - and then in the blogroll of the blog are various typical junk sites. So it could be that spammers are now building pseudo-sites with links and content that are supposed to flood the search indexes of systems like Technorati or the ping services.
Oh, and the Texas-Holdem guys have also learned a few new tricks - the URLs now have more changing server names and file names so that normal keyword filters no longer work quite as well and I am more often presented with spam for moderation - for a long time the stuff went directly into the trash because the guys were really too stupid ...
Annoying bunch.
Ann Elisabeth was diligent and identified the Bulgarian twin spammers - who are likely responsible for a large part of blog spam.
RBL operators are either sociopaths or incompetent
Or both. Sorry, but you can't categorize something like this any other way. If any providers now filter for rfc-ignorant.org, emails may be bounced or sent to the spam folder - just because the operator of rfc-ignorant.org doesn't like the whois from DeNIC. By the way, the mail RFCs do not contain any indication (and certainly no mandatory condition) that a whois service must exist for a domain. So much for the technical competence of the operator of this idiotic list ...
It's bad enough that as a mail admin you have to deal with spam, trojans, viruses and similar nonsense - and the gigantic mountains of traffic that result. More and more often you also have to deal with completely brainless block list operators and similarly stupid mail admins who implement these block lists (and possibly even bounce emails because of the listing!).
And when you point this nonsense out to them, the standard line is: "RBL filtering has almost eliminated all my spam". Great. The fact that the email medium is more damaged by such incompetent fools than by the spam itself is of no concern to them. Let's just break everything, every idiot can be a mail admin today. It's disgusting.
(Found via fh).
Should Spam be Punishable?
DIHK against penalty for spam senders - no wonder, as many spammers in Germany are members of the Chamber of Commerce ...
But what also doesn't really sit well with me about this story:
In the future, it is to be prohibited to conceal or withhold the true identity of the sender in the header of a commercial email.
This may be a justified demand for commercial communication, but as I assess Otto Orwell, this will soon be extended to all citizens. And if he doesn't do it, lawyers will do it with cease and desist letters when, for example, the web server sends automatic notifications under the name www-data ...
What I Find Perversion ...
... are dialer scammers who set up alleged drug info sites that only contain dialer links, of course do not contain any information about the prices (and are therefore not allowed in Germany) and then also advertise for this dialer crap with blog spam. On top of that, they hide behind an Austrian address - probably just a mailbox company.
Dialer scams make me sick. When they come together with blog spammers, I can't eat as much as I want to vomit.
This has also been noticed elsewhere a few days ago here.
Action Alliance Against Spam
Action Alliance against Spam. And involved are the eco Association (yes, exactly those with the great Whitelist Project that ensures that the advertising of their members also lands in your mailbox undisturbed by provider filters) and the WBZ (yes, exactly those who issued a warning to eleg.antville.org in 2003 due to missing imprint). Uh - hey, how about the job as a gardener?
Ok, maybe the Federal Association of Consumer Organizations has a positive influence in this story, but I can't imagine that anything really meaningful will come out of it ...
What you find in your comments ...
Comment spammers on the loose:
Hello dear community!
I am not a community. I may write in the pluralis majestatis, but we only do that by accident. Honestly.
I have been operating the BlahFasel auction platform BlahFasel.Blubb for a short time and am therefore addressing you, as I am interested in your opinion about my auction platform BlahFasel.Blubb. I look forward to your suggestions and hopefully constructive criticism.
Of course. You write a comment with a link and email address on an auction platform and include the name of that pile of junk X times - and all this just because you are interested in opinions. No, this is of course not supposed to be any advertising at all. How silly of us to feel that way ...
By the way, let me say this much, „BlahFasel.Blubb“ is an auction platform for BlahFasel and Blubb. However, I would like to emphasize that we do not think highly of „cheap BlahFasel“ and therefore the best Blubb does not automatically win at BlahFasel.Blubb. We are of the opinion that good BlahFasel has its price and therefore the seller (provider of the BlahFasel) determines the auction winner himself.
Huh? This is not an auction platform, this is a scam. An auction has a defined process - bids are placed and the best (depending on the orientation, the lowest or highest) bid wins. Anything else is not an auction platform - whether for BlahFasel or Blubb. At best, this could pass as a tender platform - but even there, there are formal rules that contain a bit more than "The seller determines the winner" ...
So that you can get an overview of BlahFasel.Blubb, you will find our press release in the "News" section on the right side of the page. Here, the functionality of BlahFasel.Blubb is described.
Of course, there - in press releases - everyone immediately expects the description of the functionality of the pile of junk. Completely logical. And under Imprint do you have cooking recipes?
I look forward to your opinion!!!
Opinion? Simple: lousy blog spammers (I found identical comments via search engine in other blogs), the posting that was commented on was chosen to be quite tasteless and, based on the description, I have filed the whole thing under "unsavory offers". Ergo? Plonk
Spammers are really quite stupid ...
... someone is struggling with my trackbacks right now. Every hour. Almost exactly at 25 minutes past the hour. With strongly varying IP addresses. The texts are also very different - and non-spammy. But what is the idiot doing? Trackbacking the same link every time. A link that I already put on the bad link list two weeks ago. Somehow not particularly smart, because everything ends up in the trash directly. Ok, otherwise everything would end up in the moderation queue, which wouldn't help him either.
Positivliste soll Marketing-Mails an Spam-Filtern vorbeischleusen - the whole thing is so absurd that I simply can't think of anything to write about it...
For a given reason ...
... I point out that I simply delete trackbacks from blogs if their sole purpose is to promote some obscure Amazon shops. Sorry, but just because advertising junk is stored in a weblog software doesn't mean I let every inappropriate trackback through. And no, just because a keyword from the post also appears in one of my posts doesn't make it an interesting trackback—it's just spam.
And log files again
Since I had an interesting study object, I wanted to see how much I could uncover in my logfiles with a bit of cluster analysis. So I created a matrix from referrers and accessing IP addresses and got an overview of typical user scenarios - how do normal users look in the log, how do referrer spammers look, and how does our friend look.
All three variants can be distinguished well, even though I'd currently rather shy away from capturing it algorithmically - all of it can be simulated quite well. Still, a few peculiarities are noticeable. First, a completely normal user:
aa.bb.cc.dd: 7 accesses, 2005-02-05 03:01:45.00 - 2005-02-04 16:18:09.00
0065*-
0001*http://www.tagesschau.de/aktuell/meldungen/0,1185,OID4031994 ...
0001*http://www.tagesschau.de/aktuell/meldungen/0,1185,OID4031612 ...
0001*http://mudbomb.com/archives/2005/02/02/wysiwyg-plugin-for-wo ...
0001*http://www.heise.de/newsticker/meldung/55992
0001*http://log.netbib.de/archives/2005/02/04/nzz-online-archiv-n ...
0001*http://www.heise.de/newsticker/meldung/56000
0001*http://a.wholelottanothing.org/2005/02/no_one_can_have.html
You can nicely see how this user clicked away from my weblog and came back - the referrers are by no means all links to me, but incorrect referrers that browsers send when switching from one site to another. Referrers are actually supposed to be sent only when a link is really clicked - hardly any browser does that correctly. The visit was on a defined day and they got in directly by entering the domain name (the "-" referrers are at the top and the earliest referrer that appears is at the top).
Or here's an access from me:
aa.bb.cc.dd: 6 accesses, 2005-02-04 01:11:56.00 - 2005-02-03 08:27:09.00
0045*-
0001*http://www.aylwardfamily.com/content/tbping.asp
0001*http://temboz.rfc1437.de/view
0001*http://web.morons.org/article.jsp?sectionid=1&id=5947
0001*http://www.tagesschau.de/aktuell/meldungen/0,1185,OID4029220 ...
0001*http://sport.ard.de/sp/fussball/news200502/03/bvb_verpfaende ...
0001*http://www.cadenhead.org/workbench/entry/2005/02/03.html
I recognize myself by the referrer with temboz.rfc1437.de - that's my online aggregator. Looks similar - a lot of incorrectly sent referrers. Another user:
aa.bb.cc.dd: 19 accesses, 2005-02-12 14:45:35.00 - 2005-01-31 14:17:07.00
0015*http://www.muensterland.org/system/weblogUpdates.py
0002*-
0001*http://www.google.com/search?q=cocoa+openmcl&ie=UTF-8&oe=UTF ...
0001*http://blog.schockwellenreiter.de/8136
0001*http://www.google.com/search?q=%22Rainer+Joswig%22&ie=UTF-8& ...
0001*http://www.google.com/search?q=IDEKit&hl=de&lr=&c2coff=1&sta ...
This one came more often (across multiple days) via my update page on muensterland.org and also searched for Lisp topics. And they came from the shock wave guy once. Absolutely typical behavior.
Now in comparison, a typical referrer spammer:
aa.bb.cc.dd 6 accesses, 2005-02-12 17:27:27.00 - 2005-02-02 09:25:22.00
0002*http://tramadol.freakycheats.com/
0001*http://diet-pills.ronnieazza.com/
0001*http://phentermine.psxtreme.com/
0001*http://free-online-poker.yelucie.com/
0001*http://poker-games.psxtreme.com/
All referrers are direct domain referrers. No "-" referrers - so no accesses without a referrer. No other accesses - if I analyzed it more precisely by page type, it would be noticeable that no images, etc. are accessed. Easy to recognize - just looks sparse. Typical is also that each URL is listed only once or twice.
Now our new friend:
aa.bb.cc.dd: 100 accesses, 2005-02-13 15:06:16.00 - 2005-02-11 07:07:55.00
0039*-
0030*http://irish.typepad.com
0015*http://www208.pair.com
0015*http://blogs.salon.com
0015*http://hfilesreviewer.f2o.org
0015*http://betas.intercom.net
0005*http://vowe.net
0005*http://spleenville.com
What stands out are the referrers without a trailing slash - atypical for referrer spam. Also, just normal sites. Also noticeable is that pages are accessed without a referrer - hidden behind these are the RSS feeds. This one is also easily distinguishable from users. Especially since there's a certain rhythm to it - apparently always 15 accesses with one referrer, then switch the referrer. Either the referrer list is quite small, or I was lucky that it tried the same one with me twice - one of them is there 30 times.
Normal bots don't need much comparison - few of them send referrers and are therefore completely uninteresting. I had one that caught my attention:
aa.bb.cc.dd: 5 accesses, 2005-02-13 15:21:26.00 - 2005-01-31 01:01:07.00
2612*-
0003*http://www.everyfeed.com/admin/new_site_validation.php?site= ...
0002*http://www.everyfeed.com/admin/new_site_validation.php?site= ...
A new search engine for feeds that I didn't know yet. Apparently the admin had just entered my address somewhere beforehand and then the bot started collecting pages. After that, he activated my newly found feeds in the admin interface. Seems to be a small system - the bot runs from the same IP as the admin interface. Most other bots come from entire bot farms, web spidering is an expensive affair after all ...
In summary, it can be concluded that the current generation of referrer spammer bots and other bad bots are still quite primitive in structure. They don't use botnets to use many different addresses and hide that way, they use pure server URLs instead of page URLs and have other quite typical characteristics such as certain rhythms. They also almost always come multiple times.
Unfortunately, these are not good features to capture algorithmically - unless you run your referrers into a SQL database and check each referrer with appropriate queries against the typical criteria. This way you could definitely catch the usual suspects and block them right on the server. Because normal user accesses look quite different.
However, new generations are already in the works - as my little friend shows, the one with the missing slash. And thanks to the stupid browsers with their incorrectly generated referrers (which say much more about the browser's history than about actual link following), you can't simply counter-check the referenced pages, since many referrers are pure blind referrers.
Apparently disguised bot in the logs
I just found some referrers in my logs that I absolutely couldn't find anything on that would point back to me. Nothing unusual so far - referrer spam would be the first suspicion. But the sites mentioned in the referrers are perfectly normal weblogs and other sites - no one who would have reason to spam their site (for example, a blog with about 1 post per month, or an Irish site and a few other strange referrers). The numbers are also different than with normal referrer spam: that usually comes either only 1-2 times or if so with many addresses and each one then about 100x or similar. This one comes about 15 times.
So I dug around in the logs a bit to see if I could find something. And sure enough, the referrers have unusual characteristics: they don't end with a /. Normally an address that doesn't end with / is automatically redirected to the /-variant. Referrers are thus normally /-terminated or direct HTML pages or something comparable. Pure site specifications without a / at the end are rather rare.
Something else also stands out: the pages were actually accessed - or at least downloaded. And the pages belonging to one referrer are quite randomly mixed - with normal users you'd actually expect some form of consistency in what comes through as a referrer. Above all, it's rare for 15 links to come to one page all at once...
And the essential criterion: the IP of the accessing computer is always the same across the different ones. An analysis then produced the following picture:
15 betas.intercom.net
15 blogs.salon.com
15 hfilesreviewer.f2o.org
30 irish.typepad.com
5 spleenville.com
5 vowe.net
15 www208.pair.com
All clearly fake referrers. Additionally, 34 accesses to my RSS feeds without a referrer. Accesses were only to direct posts and RSS feeds - not to overview pages or archive pages. It looks very much like the bot is proceeding as follows: search for RSS feeds, grab them, then search for permalinks to articles in them and download them to access comment forms, for example. The whole thing nicely disguised as supposed visitors, including forged referrers that seem unsuspicious. Also not too many accesses from one referrer, rather switch it up more often.
Actually nothing new - with email spam, forged real senders are quite common and usual to be harder to filter. But with scraper bots, I'm seeing this kind of mimicry live for the first time - I've only been observing these symptoms for about 1-2 weeks now.
For admins, this whole thing is quite annoying, since you can use referrer logs even less than you could before. Previous referrer spam was certainly a nuisance, but due to the pretty dumb names of the referrers it was easy to recognize. This form of log phenomenon also falsifies the referrers - but is much less noticeable. Could be interesting for weblogs that display their referrers directly in the post.
And of course the problem remains that I still don't know what the bot wants to do with the collected information. Although I'm strongly suspecting spam, but that's just a guess - could also be a bot searching for typical security holes. In any case it's a bot and in any case it has no good intentions - because otherwise it wouldn't need to hide.
Matching my previous, longer, text: Weblog Tools Collection suffers from Referer Spam DoS. Such birds - that is, referrer spammers going into the thousands in terms of accesses - have (yet?) not shown up in my log analysis.
Spammers in Preparation
For a good reason, here's some information and a warning: if you find comments in your blog right now with content like "I agree with you," you may be receiving a visit from a spammer. The spammers have figured out that in some blogs (especially newer WordPress versions) you need to have one approved comment before you can then use that address to post further comments—which of course are then just spam. So: even though it's nice when someone agrees with you, in this case you could be approving a Trojan horse comment.
Nuclear Elephant: DSPAM
Nuclear Elephant: DSPAM is a Bayesian spam filter. However, it's one that doesn't just run for a single user, but typically for an entire group of users. I have it running on simon.bofh.ms to scan all the mailboxes there - it integrates well and has a whole range of interesting features. On one hand, there's the web interface for managing the spam filter, and on the other hand, there's the quite pragmatic method for reporting false detections to the filter. Also nice is the quite broad support for databases (MySQL, PostgreSQL, SQLite, and several db* types). Overall, it makes a really well-rounded impression - the only downside is the lack of translation for the interface.
Whether it actually filters well, I of course can't say yet due to lack of volume - the emails first need to accumulate and be trained. User reports are, however - typical for Bayesian spam filters - quite positive.
Stupid Spambot at Work
Right now a pretty stupidly constructed spambot is hammering away at my comment function and clogging up my moderation queue - nothing gets through from it because it's so stupid that it posts everything in plain text, loads of links and typical spam words. So it gets caught by the most basic filters. Nonetheless, something like this can of course have fallout - namely comments from others that end up in moderation (e.g. because the number of links is too high) could be overlooked by me in the mess of hundreds of spam comments and accidentally deleted along with it. If that happens, it's not personal. I just don't feel like scrutinizing carefully when dealing with several hundred spam comments to make sure I'm really only deleting spam...
Update: After taking a closer look at it, I've put it in /dev/null for now - the moderation queue is no longer burdened by it and legitimate moderated comments won't accidentally get deleted. What struck me during the closer examination: a large number of very widely scattered IP addresses are being used. Sounds very much like a botnet, especially since the IP addresses, based on spot checks, appear to all be dynamic dialup addresses. So our friends with remotely controlled Windows machines are once again the horse that spam rides on here. Great. Thanks, Microsoft...
WP-Questionnaire Plugin
Ok, I've finished the plugin for Wordpress 1.5. Simple thing - a plugin and a small management page where you can set up various questions. To install you download the plugin and simply copy the files to the locations specified in the readme.txt and activate the plugin. Then you just add a few questions in the management section under Questionnaire and you're done. When commenting, a more or less silly question is asked, which should be satisfied with as short an answer as possible (we don't want to annoy the commenters too much). If the answer is correct, the comment - provided no other anti-spam methods kick in first - is released immediately. If the answer is wrong, the comment goes into moderation and must be approved by the admin.
You can of course also build a secret IQ test for your commenters with this and instead of simple questions put small riddles in there - only those who solve them are allowed to comment immediately.
I've activated the plugin on my site, let's see if it has any effects on the commenting behavior of people here. You can share your opinions here about what you think of such an anti-spam methodology.
A fairly interesting possible attack on any captcha solution can be found incidentally in the comments to Eric Meyer's WP-Gatekeeper: you can simply collect and save the comment forms. Additionally, you need a site where you can use these - for example, a site for free porn videos. There you present the captchas to the users of these sites and take their answers. You then send this answer to the saved form and the comment is done. Of course you can also take countermeasures against this - probably best would be an encoded timecode in the form and rejection of a timecode that's too old, since the answers from the porn viewers probably won't come immediately. Interesting approach, the whole thing.
Update: the plugin still has two bugs. For one, it also catches trackbacks (which of course never have the necessary variables) and it can currently still be circumvented pretty easily if you know what to look for in the form - you just need to solve one captcha and then you can spam other comments by changing the comment ID. The latter is actually a bug in many captcha solutions - you fall for it too easily, forgetting to bind the captchas to some form of serial number or similar so that a form can only be used once in that form...
So I'll be making an update to the plugin in the near future.
Update 2: the problem with trackbacks and pingbacks should now be solved. The problem with replay is still in there. I still need to think about that a bit. My previous solution approaches don't really appeal to me for that.
Update 3: I've now switched it off here again. I haven't gotten any comment spam so far and without a compelling reason, even a simple question to answer is pretty annoying...
Eric's Archived Thoughts: WP-Gatekeeper
Eric's Archived Thoughts: WP-Gatekeeper is a very interesting approach to comment spam: it simply asks one of many pre-configured questions that a human can answer very easily, but a spam bot cannot. Similar forms are already being used in various blogs, but here it's nicely worked out (although in my view it could also be completely realized as a plugin). The basic idea is essentially that of a CAPTCHA - but a textual CAPTCHA. A human can easily answer the question what is 1+1 - a spam bot won't get anywhere with that. Sure, spammers can create databases of questions and answers. But if everyone sets up their own collection of questions, it won't get them far. For comment spam, it should be a very usable solution.
Unfortunately, there's no such simple solution for trackbacks...
Update: since I find the idea somewhat amusing, I'm currently writing a corresponding plugin. So it's possible that my comments might behave a bit strangely tonight.
MT-Blacklist -> Hijacked comments.cgi
MT-Blacklist -> Hijacked comments.cgi - anyone using Moveable Type should disable the comment script. The email verification that checks whether the sender address input doesn't contain junk is broken - which allows you to sneak in additional recipient addresses by separating them from the actual sender address with a line feed. And with that you can happily use MT to spam other people.
A real beginner mistake - the email validation is done with a regex that doesn't match the end of the string and uses dotall - so it only goes up to a possible line feed and ignores everything after it. Really stupid.
WordPress : Tackling Comment Spam is a fairly comprehensive compilation of various approaches to combat comment spam and trackback spam in WordPress.
Got New Spam Tactic Figured
Asymptomatic » Got New Spam Tactic Figured reports on a new tactic used by blog spammers. Relatively harmless comments appear on blogs that don't contain a single link. When spammers find these comments again via Google, they know they can likely post further comments there—bypassing the filters that automatically approve comments from visitors who have previously had a comment approved under their email address. So it could be that after a "Hey, I think your site is great" comment, a flood of blog spam suddenly appears...
SURBL -- Spam URI Realtime Blocklists - Real-time blocking list that can check hostnames from URLs.
kasia in a nutshell: Spam breeds more spam
Kasia is conducting a fascinating experiment: she simply leaves two comment spam entries standing and waits for Google to index them. Less than 24 hours later, this entry was bombarded with spam - several hundred pieces.
One can therefore conclude that the spambots work at least partially in two stages and that it really is about Google ranking. The first entry is, so to speak, a test entry. If it remains standing so that it can be found again via Google, it is an entry where one can spam well - it is unattended and is indexed quickly by Google. Ideal fodder for spammers.
Google is thus an integral tool and target simultaneously for the spammers. One can certainly reduce the wind from the spammers' sails through technical separation of one's own comments (as my old blog had, where the comments were not only on a separate page behind a popup link, but additionally also on a completely different web server) and through indexing prohibition for these comment addresses. You would still be caught by the test samples, but the gigantic momentum afterward should be absent.
This could possibly also explain the Schockwellenreiter's problems: due to its exposed position, Google should visit it very frequently and if a spam comment once remains standing longer and could be indexed (it could also only happen by the spammer's luck if they spam just before Google's visit) the spammer has entered the server into spam lists. In principle, he only needs to have found the Schockwellenreiter once via Google regarding his test spams.
Now I just need to come up with a good idea how to implement the whole thing for WordPress. Popup comments already exist, but I would also have to place it on a different virtual address and exclude search engines there via robots.txt.
RBL Test Pages for Multiple RBLs at Once
For those like me who don't have time to chase after thousands of RBLs (lists of possible or alleged spam relays) to check whether someone has mistakenly listed their own server there again, these two links offer good services: they check a large set of RBLs all at once. The first link is the faster one:
The Daily Whim: MT Plus Comment Spam Equals Dead Site
An interesting article about the impact of blog spam, especially on Moveable Type hosters. Gigantic server load just because the comment forms of Moveable Type are most frequently attacked by spambots and because the anti-spam plugins for MT are anything but optimal for server load.
heise online - IETF's anti-spam working group MARID strikes its sails
Since there is no prospect of consensus and achieving the stated goal -- a standard proposal by August 2004 -- he and the MARID chiefs decided to close the group. - yes, sorry, but if it's not until the end of September that one realizes the deadline in August can no longer be met, then perhaps one should put a calendar on the desk.
Otherwise, the whole procedure is an absolute debacle. I agree with the voices that the prevention of discussion about patent problems is a reason for the debacle. Patent claims on IETF algorithms should be cleared up early - because especially with such important infrastructure decisions, one must not hand over the reins to corporations that can then exploit it. And anyone who believes that Microsoft wouldn't have used such leverage to hinder the GPL is someone who puts on their pants with pliers...
And yes, it is a serious problem that there will now be no IETF proposal for the foreseeable future. Because this opens the door wide for Microsoft's unilateral action. Let's hope that spam prevention doesn't become the crowbar with which Microsoft cracks open the server market on the Internet.
Microsoft: No License - No Patches
Great. Millions of pirated Windows junk systems will soon become even more junky. And the garbage heap won't be cleaned up. Sure, Microsoft is annoyed by the pirated copies - but do we really have to suffer on the entire net because Microsoft can't produce decent software and then also refuses to repair the damage? Honestly, I don't care whether someone paid for their Windows, I only care whether the computer is yet another virus and spam launcher, or whether it at least gets supplied with the necessary patches. Not that those help much ...
At das Netzbuch you can find the original article.
Microsoft's Patent Still Threatens Potential Anti-Spam Standard
That's cool. Software patents are rubbish.
At heise online news there's the original article.
::jamesoff:: » Check RBL for WordPress 0.1 - Check comment accesses against RBLs - possibly interesting to filter spam access from the start?
Dispute over Microsoft's patent claims shakes anti-spam standard
I hope this Microsoft proposal will be firmly rejected. This is absolute nonsense, what Microsoft is imagining here - an anti-spam technology that is patented by Microsoft (or any other company - only Microsoft is particularly suspicious due to its embrace-and-extend practices) simply must not be accepted as an IETF standard.
At heise online news there's the original article.
Geoffrey's Clamp Monkey
The at sign. An essential component of email communication. No wonder I get so much spam. It's certainly produced by lots of at signs searching for Shakespeare ...
Re: Sender-ID and free software
A comment by Richard Stallman on the anti-spam solution proposed by Microsoft, which is license-technically incompatible with free software. And a comment on the solution itself, which you can only understand after lengthy abbreviation studies.
Summary: Microsoft's license is crap and Microsoft's technical model is crap. Did anyone expect something different?
I usually ignore spammers ...
... but when a spammer from Germany sends me unsolicited advertising and then writes in this unsolicited spam that the content of this advertising garbage is protected by copyright, then I have to smile a bit. Note: the article was modified by me upon request.
Rent A Coder - Automated Form Filler
If you're wondering where the spam comments are being produced: not by the dummy who's looking for a programmer on rentacoder to write him such a spam bot
Agreement on Spam under the Auspices of the ITU?
And now the covetousness begins: The ITU, being the only standards organization that practically brings together all international governments and private entities at one table, would be very well suited for this. Sorry, Mr. Hill, that's wrong. Private at the ITU is equivalent to large corporations. But quite amusing: At the protocol level, a solution would basically be needed that lies between the X.400 standard, which failed in the IP world, and SMTP, Hill said. Ouch. No. Nobody wants anything that even remotely lies on or in the direction of X400. That's one of the stillbirths of the ITU's design-by-committee philosophy. A pile of garbage. Mountains of paper. Far too complicated.
At heise online news there's the original article.