Weird Spam by E-Mail

Nonsense Spam

Just when I thought I’d seen it all, I get some really weird spam e-mail from a webform response. Every possible field filed in with a website URL, or nonsense text. And there are lot’s of fields. Stranger still, the mail form responds to a promotion that ended in October last 2011…

Email: wxgokb@ hswhrm.com

First Name: zmcpff
Last Name: zmcpff
Company: zmcpff

Bus Tel: 5283678809
Cell: 2194836070

Post Address L2: http: //thumekeyzrdi.com/
Suburb: http: //thumekeyzrdi.com/
City: New York
Code: 9804

Street Address: http: //thumekeyzrdi.com/
Street Address L2: http: //thumekeyzrdi.com/
Suburb: http: //thumekeyzrdi.com/
City: New York
Code: 9804

Ownership Type:  Self Employed (Sole Trader)
Business Sector:  Clothing/Textile

Employees: 1-3

Description of Business: Gog0rh <a href=”http: //geqsrfadufdz.com/”>geqsrfadufdz</a>http: //chxxwqcqcloy.com/]chxxwqcqcloy, http: //zadxoljxogol.com/zadxoljxogol, http: //xynmrvbkogwj.com/

Read the rest of this entry →

-26.109812 27.891908

Botnet Attacks WordPress Website

Apparent Botnet Attacked My WordPress Website

What appeared to be a botnet attacked one of my sites (tech.graphicline.co.za) this morning in a brute-force wp-login attempt from multiple IP addresses. This was the most coordinated attack against any of my sites I’ve experienced. Usually the hacker bots I see use up to 6 IP’s in these attacks – 146 IPs is serious stuff…

146 IP’s Used in Simultaneous Attack

The IP’s listed below are the guilty parties to this brute-force login attack on the site. The main attack started at 05h09 GMT this morning (November 25, 2012) and continued until 05h15 GMT. A second but less intense attacked followed; starting from 05h16 GMT tailing off until ending at 05h43 GMT

Read the rest of this entry →

-26.109812 27.891908

Banned IPs

Banning the Bad Hosts

I’m a no-compromise banner. It doesn’t take much effort to get an IP banned from my websites. A single bad event will normally be enough to block access to my sites from an IP address. Several attempts from a range of IP’s with a common service provider will get the entire IP range banned, the hostname or domain banned.

Currently there are about 700 entries in the banned list – representing millions of IPs, and the list gets longer daily. I cannot recall a day this year when at least one new bad IP was not added to the list.

Sharing the Bad IP Info

Mostly these IP’s were simply denied access, and no record was kept about the reason for the ban. At one time I started keeping a record, then lost interest and lacked time to continue. So I decided to start again, this time publishing the info where I can get to it, and other bloggers can also find the details. So now it’s published as a page on this blog…

Read the rest of this entry →

-26.109812 27.891908

2753 Spam Comments in Two Weeks

The Heavily Spammed Article

Three spambots tried to leave 2753 spam comments on a single article in two weeks. I’m pleased to say none were succesful – all blocked by Drupal CAPTCHA. The article receiving this unwanted attention is about the use of website backlinks “Backlinks for Results“. I would take an educated guess at the subject matter of these spammers’ efforts – Black Hat SEO services!

That adds to the tally of around fifty other spam comments blocked most days of the week… I for one am very thankful for CAPTCHA challenges. These annoying, much hated image and text field challenges save a lot of time, and time is money…

Spambots are an evil of the net today, there’s no getting away from them, and the better a site performs in Google SERP, and the more visitors a site gets, the more spammers, both bots and human, will try to leave backlinks in rubbish comments hoping for that elusive “followed” backlink or just the traffic from readers clicks.

Read the rest of this entry →

-26.109812 27.891908

What is Verify Compliance Page

verify-Compliance_Page | notified-Compliance_Page

I noticed a few 404 page not found errors in activity logs for several sites today using these strings; verify-Compliance_Page?aHR0cDovL3d3dy5ncmFwaGljbGluZS5jby56YS8= and notified-Compliance_Page with the same rubbish string on the end.  When I find odd GET requests I invariably try to find out more information about what the ‘visitor’ is trying to do. Are they trying to hack, access forbidden areas, upload malware or post spam…

As far as verify-Compliance_Page and notified-Compliance_Page are concerned, the amount of substantiated information is notable only in it’s scarcity. So for any webmaster who is also looking for this information about these odd GET requests, this is what I was able to establish.

Read the rest of this entry →

-26.109812 27.891908

Honeypot Your Blog

Honeypot Trap for WordPress.com and Blogger

Project Honeypot is a Spammer, Hacker and  Mail Harvester monitoring service intended to find and list IP addresses used by people with malicious intentions. Project Honeypot is free to join and provides bloggers with a means to identify these types of visitors.Use the database to check IP addresses for threat level and type of threat, join the movement by installing a honeypot trap on your own sites and blogs, report spambots and other ill-intentioned visitors…

Users of WordPress.com and Blogger.com cannot set-up a hosted honeypot trap as we don’t have access to the server, however we can use a quicklink to assist Project Honeypot in collecting data about spambots and automated dictionary attackers etc.

Using the honeypot trap will not interfere with your normal comment system, it is solely to catch the bots used by spammers. It will also not prevent bots spamming your own comment forms – that’s for Akismet or however else you choose to limit Spam.
Read the rest of this entry →

-26.109812 27.891908

Seriously Spam Comments

Spambot – Check the Names and Websites

Spambots getting better? This spammers auto spam-bot message is almost convincing. I had to stop for a moment and think; almost started moving the mouse to find the list of e-mail subscribers when I remembered something – the posted name and website link was not one of the available sign in services (WordPress, Facebook, Twitter), so how did this commenter manage to subscribe by e-mail when leaving  a comment.  SPAMBOT…

It nearly got published – It is still a bit early for me, I don’t function too well until I have seriously diluted the blood level in my caffeine stream, even the eyes don’t see too well until caffeine overtakes the red cell concentration, and almost missed the “great site dod” intro and the spam terms “cheap” and “viagra”.

Read the rest of this entry →

-26.109812 27.891908

No Link in Spam Comments

Where are the Spam Comment Links?

I have recently come across a trend that makes no sense whatsoever. Spam comments on WordPress.com with a non-existent backlink. We all know moronic spammers try to post comments on WordPress.com for backlinks to their trash websites, so why are they posting bad links?

Take a typical spam comment, a line or two of badly written English, an email address if required – useful to check if an apparent borderline comment is spam. At least one outgoing link, even if only in the ‘website’ field. It looks like spammers have finally realised many blog authors activate the “mark 2 or more links as spam” setting.

Checking another blog’s spam folder  today six of these were found (out of a total of 16 spam comments; a high percentage. I could see from site visits on the days the so-called comments were posted these were almost certainly spambot generated; comments on posts that had not been viewed for several days before and after. (more…)

-26.109812 27.891908

Fun with Spammers

Spammers are Losers

It has been a while since I mentioned spam commenters… This blog get’s very little these days since restricting commenting to logged-in visitors only. A vast improvement from the days of finding 50 or more spam-bot or manually generated nonsense in the spam folder.

However, some of the blogs I manage for others get these spam comments. The ones I mention are still small, written by occasional bloggers, and I just take care of formatting, graphics, proofreading and admin tasks on behalf of the authors.

Last week I was doing the rounds of these blogs, checking the comments, and found a number of comments which were complimentary, short remarks even relevant to the topic of the posts concerned, but with outgoing links all over the place. I decided to have a bit of fun with the spammers, and approved their comments – after editing!

The net result – the spammers are all-round losers.

Editing the Spam Comments

First off the links had to go… The rule is simple, links from spammers are bad news, even if “nofollowed” – who knows what dangerous malware is on the linked to page. I really do not want visitors to these blogs to click the link (or even copy and paste to their browser) and end up getting their computers infected with a trojan or virus. So the links were deleted entirely.

Read the rest of this entry →

-26.109812 27.891908

More on Spam Comments

Support for Spam Commenting

Some people actually defend spam commenting!

 Why would anyone support spam commenting. There are only two reasons I can think of.

1. The supporter is so desperate for attention they get a sense of satisfaction from receiving any comment, even if it is just pure spam. Possible I suppose.
2. More likely the supporter of spam comments is a spammer. Obviously someone who spends their time generating spam, possibly even creating spambots and botnets, is not going to oppose spam comments. They want bloggers and web site owners to allow spam comments. That’s where they derive their income from.

Stop Spam Commenting

This is my opinion. Stop spam by any technical means possible. If that means preventing public (unregistered) commenting, critical moderation of comments, using CAPTCHA tools, feel free to do it (unless of course one wants to publish irrelevant spam comments on their articles).

Personally, I have no objection to signing in to one of my accounts, either WordPress.com, Facebook, Twitter, OpenID, creating a new account with the site, or filling in a CAPTCHA challenge – if I have something I think may be worth saying in a comment.

In a similar vein, I have no objection allowing Twitter or Facebook to connect my accounts with WordPress.com – if I did not trust WordPress.com I would not blog on this platform. I have come across the objection from someone who doesn’t see why they should use their Twitter or Facebook account to login in order to comment and thereby ‘letting me post articles to their account’ This is pure nonsense. Connecting with WordPress.com does not connect my blog with their profile. A statement saying ‘I do not want Joe Soap to post in my name’ simply indicates the remark comes from someone with little real world understanding of web things, suffers paranoid delusions, or who has possible ulterior motives – Freedom to Spam perhaps?

I have allowed the connection with WordPress.com to my Twitter accounts and Facebook – and I am yet to see any post to my wall, or a tweet from someone other than myself appearing as ‘coming from me’ or indeed in the timeline from anyone I do not follow on Twitter or a friend on Facebook. Maybe I will one day…

The idea that commenting using WordPress.com, Facebook or Twitter automatically allows someone to post or tweet using their identity is utter nonsense – unless it’s a malware app, in which case there are ways to deal with it. Internet security is always a concern. Exactly why spam should be blocked.

Use of CAPTCHA challenges Read the rest of this entry →

-26.109812 27.891908