1. 2010
    Mar
    10

    Catching spam comments

    Posted by David Zaslavsky on — Edited

    Here’s something worth sharing: I get a lot of comments on this blog. Well, not a lot really, but probably on the order of a hundred every week or so. All of them are spam. And they all have one really obvious thing in common: they’re all written in HTML. So they all start with <p>, which makes them really easy to identify. Now there’s something to put in my spam filter, whenever I get around to making a decent one.

    EDIT: now silly me… it’s my comment posting/formatting code that adds in the <p>, not the spambots. So that tactic goes out the window. But I’m still pretty sure I’ve never actually gotten a legitimate comment. (If you know otherwise… leave a comment? ;-)

  2. 2009
    Oct
    21

    What happened to the trackback spam?

    Posted by David Zaslavsky on

    In the current implementation of my blog software, when someone sends a trackback request, there’s no check to make sure that the remote page actually links to this site. So as you might imagine, I get quite a bit of trackback spam — bogus trackback requests that specify URLs for drug sites, porn sites, etc. It used to be something on the order of 20-30 per day, whereas by contrast, I’d only get one comment (spam of course) every few days. But when I just went to clear out the spam from my database, I saw about 40 spam comments compared to only 2 spam trackbacks. So I have to wonder, are spammers finding comments more profitable than trackbacks? Are they wising up to the fact that comments appear on this site automatically whereas trackbacks don’t? (Doubtful, since my site isn’t really worth that kind of attention)

  3. 2009
    Feb
    10

    Greylisting really works

    Posted by David Zaslavsky on

    There are a lot of programs and protocols out there devoted to stopping, or at least reducing, the flow of spam email around the internet. But one of the most effective is also one of the simplest: greylisting.

    In order to understand greylisting, you first need to know that a typical email message on its way through the internet travels through four computers (“nodes”):

    1. The origin client (often a personal computer running a MUA - mail user agent - like Thunderbird, Outlook, Evolution, etc.)
    2. The relaying server (this server would be named in the configuration of Thunderbird, Outlook, Evolution, etc. as the SMTP server)
    3. The destination server (for mail sent to user@example.com, this is the email server for example.com)
    4. The receiving client (often another personal computer running another MUA)

    Greylisting is actually a simple process: the first time node 2 tries to send the email to node 3, node 3 responds with an SMTP 450 error code, which basically means “try again later”. And a standards-compliant mail server will indeed try again later. But a spammer’s server usually won’t. Spammers typically operate their own mail servers which are specially designed to send out as many emails as …

  4. 2008
    Oct
    28

    Worst phishing ever

    Posted by David Zaslavsky on

    Okay, not the worst — there's plenty of room on the internet for any amount of incompetence you care to look for — but anyway: I just got this link in what looked like a rare well-crafted piece of spam. Now, for a while I've wanted to actually follow some of these spam links, see what the latest phishing tech looks like, and maybe if I'm feeling nice feed them some fake login information (like empty calories for websites, I suppose).

    Turns out, when these particular spammers created their mockup of the Enom web page, they completely neglected to change the links! So anyone who clicks anything on the page — even the "forgot password" link — gets redirected to the legitimate site. Way to completely defeat the point...

    Not to mention, the email they're sending talks about domain information in the WHOIS database, which is something that only a very small percentage of internet users would know/care about. Probably the same small percentage who know how to identify spam. And who know to actually look at the addresses of the websites they go to. All in all, I have to wonder whether this particular scheme is actually going to work on anyone …