Just noted some comment spam with this in the name field:
online poker
which displays as
online poker
Sneaky hey.
Category Archives: Email
Blog spam trackback attack
Hey that kinda rhymes.
Couple of my WordPress installations are under attack. Until I clean them up, you may see some offensive trackbacks/comments in some old blog posts.
Continue reading
Lycos vs spammers
Lycos, remember them? I think they might have been my search engine of choice around 1997, somewhere between Infoseek and AltaVista, way before young upstarts like LookSmart and Google arrived on the scene.
Well according to the Reg (via AndyN), Lycos are behind a new screensaver designed to launch DDOS attacks on spammers! Well okay, not to completely shut spam servers down, but to slow them down markedly.
Hmm. I hate spam as much as the next man, but I’m not sure about this. Could do nasty things to your local traffic (watch out if you pay by the Mb when you’re over your limit). You wouldn’t want to be trying to use bits of the Innanet close by to the spammers, and you sure as hell wouldn’t want to get yourself falsely identified as running a spam server. (Hey, if I can be identified as running a hacker/phreaking journal, anything can happen).
And of course, way for Lycos to come under fire by the spammers, who have apparently already hacked the page with a message saying “Yes, attacking spammers is wrong, you know this, you shouldn’t be doing it. Your ip address and request have been logged and will be reported to your ISP for further action.”
This could be war. (Lycos Europe deny their server was hacked, that the spammers rigged it so people get a different one.)
WTF bounce department
Weirdarse email bounce today…
Hi. This is the qmail-send program at byron.aussiehosts.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<gipbexd@yahoo.com>:
67.28.114.36 failed after I sent the message.
Remote host said: 554 delivery error: dd This user doesn't have a yahoo.com account (gipbexd@yahoo.com) [0] - mta193.mail.dcn.yahoo.com
<gipbexd@yahoo.com>:
64.156.215.8 failed after I sent the message.
Remote host said: 554 delivery error: dd This user doesn't have a yahoo.com account (gipbexd@yahoo.com) [0] - mta283.mail.scd.yahoo.com
<gipbexd@yahoo.com>:
64.157.4.78 failed after I sent the message.
Remote host said: 554 delivery error: dd This user doesn't have a yahoo.com account (gipbexd@yahoo.com) [0] - mta149.mail.sc5.yahoo.com
<gipbexd@yahoo.com>:
64.156.215.8 failed after I sent the message.
Remote host said: 554 delivery error: dd This user doesn't have a yahoo.com account (gipbexd@yahoo.com) [0] - mta314.mail.scd.yahoo.com
<gipbexd@yahoo.com>:
67.28.113.11 failed after I sent the message.
Remote host said: 554 delivery error: dd This user doesn't have a yahoo.com account (gipbexd@yahoo.com) [0] - mta190.mail.re2.yahoo.com
Why is this so weird? Well because neither myself nor the recipient are on yahoo.com, no way did I address the mail to “gipbexd”, and thirdly, the recipient told me she received four copies of the mail anyway.
I should add that this was sent via Squirrelmail webmail, so it’s not like my Outlook got a virus…
Wi-erd.
Dictionary ads
I find dictionary.com to be a very handy resource. But boy are their ads annoying. And it looks like they’ve gone that extra mile to get their popup ads to dodge around Firefox and IE+Google Toolbar’s popup defences. (At least I assume it’s them, not some other site with popups sitting in the background).
Not to mention the fact that the popup ads are the worst kind – the ones that look to people of limited computer-literacy like legitimate system messages, for instance:
Oh sure, they have “advertisement” written in tiny tiny greyed writing in the corner. That makes it all better, doesn’t it. I wonder if Cancel actually closes it? (I clicked the X in the corner.)
Here’s a hint, spammers
I am unlikely to think you’re a legitimate software distributor if you say you’re selling “Microshit” software.
Imp hates Firefox… or is it the other way around?
The webmail my ISP uses (a horde IMP, or somesuch opensource thingy) doesn’t play nicely with Firefox. It was broken in 0.9.2 and it’s broken in 1.0PR. Why does it stop in the middle, or miss the start, or something, of the HTML transfer?
The only things I keep IE around for now are Flash amusements and webmail.
I demand that someone who isn’t me fix this. It’s my right as a freeloader.
Blog spamming
At the time of writing, my main blog is under a sustained comment spamming attack. Over 50 spam comments today, all targeting the one old post, promoting a poker web site. At least one other WordPress-based blogger is getting them, so it’s not just me. And what’s interesting is they’re from a variety of different IP addresses, so assuming that’s not spoofed, it looks like the attack is coming from multiple zombies.
(Links in text deleted)
Author : poker (IP: 195.172.182.228 , 195.172.182.228)
E-mail : byob@y7263o.com
URL : http://www.poker-w.com
Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=195.172.182.228
Comment:
7263 JUST A FEW LINKSFOR YOU TO CHECK OU WHEN YOU GET A CHANCE
Online poker
texas holdem poker
texas hold em
When I first saw this type of comment spam, I thought huh? What’s the point? Who is going to see such comments and click on them? Particularly in this case, with dozens of the same spams hitting one particular post. But the point is getting links to your sites into the search engines, and up the rankings. Whether it works or not I don’t know.
WordPress has a fair bit of flexibility when it comes to catching comment spam. The most useful generic setting is number of links in a comment. A surprising number of comment spams have heaps of links. You can also nominate keywords (though in 1.2 there was a bug in that if the final keyword on the list had a CR after it, every comment got caught). Caught comments go to moderation, so the never see the light of day. Handy for comment spam and for moderating particular users/IP addresses too.
Comment spammers, like other spammers, are getting cleverer. Hopefully the blogging community (and in particular those who write and update blogging software) will stay one step ahead of them.
Update Friday 07:30: The attack appears to be widening to more blog posts, and branching out to Viagra and weight-loss, but is still showing signs of being from the same source. To counter it, I have shutdown comment posting on entries more than 60 days old using Scott Hanson’s Auto Shutoff Comments plugin.
Defined: Wikipedia on blog comment spam.
Possible solution for WP?: Modification to comments code that ensures it can only be called from the form, not remotely. I’ll try this when I get the chance.
Update Friday 13:00: The patch above doesn’t work for this particular attack. Looks like this one spoofs the referrer… which makes sense, any decent spammer would think of that.
New Gmail Features
Gmail, everybody’s favourite web mail, well except maybe for Charles Wright, has just updated with new features.
What’s New at the Gmail help centre tells us that now there is a Gmail notifier (a small windows app that lets you know when new mail has arrived along with its sender and subject), searching contacts has been made easier, you can forward mail to another account and you can save drafts.
Interestingly the mail forwarding feature is ‘free during the test’ which makes me wonder what other premium features are being planned for Gmail.
UPDATE
I’ve just installed Notifier and it has the option to set Gmail as the default sender of email for when you click on mailto: links. Pretty neat if you’re a heavy Gmail user.
Gmail and spam
Ooooooooooh. Seems Age IT writer Charles Wright isn’t too keen on people disagreeing with him. In today’s Age he writes about Hotmail’s cancellation of free WebDav (Outlook/Outlook Express) access (bastards!) and mentions in passing that Fastmail.fm is great (so I’ve heard) and that it’s better than GMail, which has “no spam protection to speak of.”
Oh. Coulda fooled me. So I left a comment on his blog, mentioning that actually GMail does have spam protection. He replied reckoning yeah but it only catches about 30%. I replied saying it was catching most of mine. This apparently inspired a followup blog entry making note of overzealous Google-lovers writing to him if he criticises the company.
Well, what can I say. I’ve been using GMail for some months now, and feeding it mail addressed to one of my oldest and most spammed email addresses (dbowen at custard dot net dot au, circa 1997). GMail catches most of them. I just logged in after being away for three and a half hours (gasp!) and it’s caught 18 spams — no false positives, none slipped through into my Inbox. It’s not always this good, but I have no major complaints.
Maybe he looked at GMail early on, when the filters weren’t as good. Or maybe he attracts a higher class of spammer than me. Dunno. But it works for me.
…
By the way, anybody want a GMail invitation? They keep giving me lots, and although I’ve tried giving some away via GMail swap sites, they keep on coming back. Leave a comment with your email address in the email field (it won’t display publicly, but I’ll see it).