Blog Archives

Wishing For Spam Free Hosting

Are You Wishing For Spam Free Secure Hosting

Do you wish you could host your WordPress blog (self-hosted) where spam wasn’t a problem, where hackers couldn’t damage your site, where your host took effective steps to keep spammers and hackers away from your blog?

Are you fed-up with all the spam and hacker attacks from China, the former Soviet states and other notorious regions, the sharply rising level of cyber-attacks from the middle east and northern Africa?

Are all the hacking attacks and login attacks from hacked web sites and bad-host web-servers giving you grey hairs?

Read the rest of this entry

Advertisements

Ban Web Server Traffic

Web Server Traffic Should be Banned

Opinions will differ about putting a ban on web server traffic. There are those who want their blogs and websites free from malicious activity, safe and secure for genuine valuable visitors. Then there are those who think there should be no restrictions on web traffic and activity (some even think spam is not bad).

Let’s clarify the web traffic we’re talking about. We’re not talking of banning referer traffic i.e. traffic from good back-links from websites resulting in genuine visitors.

Read the rest of this entry

Extreme Spam Control

Taking Spam Control to an Extreme Level

extreme spam control thumbnailWe took spam control to a ridiculous level. As an exercise in discovering just how effectively spam can be blocked with WordPress it’s been an interesting exercise. We looked at the 4 main types of spam one is likely to see on their blog; comment spam and trackback spam, spam registrations and finally e-mail spam from contact forms.

The site chosen was our WordPress information site. A few months back a plugin support forum was added to the site, and public registrations allowed. Almost immediately there was a spate of spam registrations – “visitors” registering an account. Most were bots. How do we know? Well, the only link to the registration form is from forum pages, and only a few registration attempts came from one of these referrer pages – the others all arrived at the form directly, without visiting the site at all.

Read the rest of this entry

Bork-Edition User Agent

Opera User Agent “Bork-Edition”

bork-edition spam bot iconHave you seen Bork-edition user agent strings? Wondered what browser uses this string? Maybe noticed nearly all traffic to your site with Bork edition in the user agent string is spam and hacking attempts. User agents with Bork-edition are considered by at least one writer among the top 10 spam bots that must be blocked.

There’s several user agents which on first glance look harmless e.g. user agent string Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]

Read the rest of this entry

WordPress Spam Registrations

A Bunch of Spam Registrations

I’m getting a lot of spam registrations for a WordPress site. Interesting thing is; I’ve only allowed user registrations for about 5 days, but have had subscribe to new posts forms all over the site for ages.

A normal person would think anyone wanting to subscribe to post/page updates would use one of the convenient subscription forms. But no, it seems they want to register accounts 🙂

The other interesting thing is, the only links to the registration/login forms are from a very small forum section, literally less than a handful of pages. So how are these users finding the form?

Read the rest of this entry

Trackback Settings Allow Spambots

Spam Comments Even When Comments Off

Spambots are able to bypass WordPress.com comment settings for individual posts and pages, and submit comments even when comments are off for the page. That’s what it looks like, on first impression anyway.

The spam looks like it’s a comment submission, the spammers name, and of course the outgoing link fields are filled in. The content is typical spam rubbish. These spam submissions certainly look like the spammer has bypassed the comment settings, and submitted a comment using wp-comments-post.php.

Looking closer, we see most of the time these spam comments are actually posted using WordPress trackbacks (pings).

Read the rest of this entry

Weird Spam by E-Mail

Nonsense Spam

Just when I thought I’d seen it all, I get some really weird spam e-mail from a webform response. Every possible field filed in with a website URL, or nonsense text. And there are lot’s of fields. Stranger still, the mail form responds to a promotion that ended in October last 2011…

Email: wxgokb@ hswhrm.com

First Name: zmcpff
Last Name: zmcpff
Company: zmcpff

Bus Tel: 5283678809
Cell: 2194836070

Post Address L2: http: //thumekeyzrdi.com/
Suburb: http: //thumekeyzrdi.com/
City: New York
Code: 9804

Street Address: http: //thumekeyzrdi.com/
Street Address L2: http: //thumekeyzrdi.com/
Suburb: http: //thumekeyzrdi.com/
City: New York
Code: 9804

Ownership Type:  Self Employed (Sole Trader)
Business Sector:  Clothing/Textile

Employees: 1-3

Description of Business: Gog0rh <a href=”http: //geqsrfadufdz.com/”>geqsrfadufdz</a>http: //chxxwqcqcloy.com/]chxxwqcqcloy, http: //zadxoljxogol.com/zadxoljxogol, http: //xynmrvbkogwj.com/

Read the rest of this entry

Botnet Attacks WordPress Website

Apparent Botnet Attacked My WordPress Website

graphic image of botnet attackerWhat appeared to be a botnet attacked one of my sites (tech.graphicline.co.za) this morning in a brute-force wp-login attempt from multiple IP addresses. This was the most coordinated attack against any of my sites I’ve experienced. Usually the hacker bots I see use up to 6 IP’s in these attacks – 146 IPs is serious stuff…

146 IP’s Used in Simultaneous Attack

The IP’s listed below are the guilty parties to this brute-force login attack on the site. The main attack started at 05h09 GMT this morning (November 25, 2012) and continued until 05h15 GMT. A second but less intense attacked followed; starting from 05h16 GMT tailing off until ending at 05h43 GMT

Read the rest of this entry

Banned IPs

Banning the Bad Hosts

banning bad ips bad boy iconI’m a no-compromise banner. It doesn’t take much effort to get an IP banned from my websites. A single bad event will normally be enough to block access to my sites from an IP address. Several attempts from a range of IP’s with a common service provider will get the entire IP range banned, the hostname or domain banned.

Currently there are about 700 entries in the banned list – representing millions of IPs, and the list gets longer daily. I cannot recall a day this year when at least one new bad IP was not added to the list.

Sharing the Bad IP Info

Mostly these IP’s were simply denied access, and no record was kept about the reason for the ban. At one time I started keeping a record, then lost interest and lacked time to continue. So I decided to start again, this time publishing the info where I can get to it, and other bloggers can also find the details. So now it’s published as a page on this blog…

button link to list of banned ips

Read the rest of this entry

2753 Spam Comments in Two Weeks

The Heavily Spammed Article

spambot graphic imageThree spambots tried to leave 2753 spam comments on a single article in two weeks. I’m pleased to say none were succesful – all blocked by Drupal CAPTCHA. The article receiving this unwanted attention is about the use of website backlinks “Backlinks for Results“. I would take an educated guess at the subject matter of these spammers’ efforts – Black Hat SEO services!

That adds to the tally of around fifty other spam comments blocked most days of the week… I for one am very thankful for CAPTCHA challenges. These annoying, much hated image and text field challenges save a lot of time, and time is money…

Spambots are an evil of the net today, there’s no getting away from them, and the better a site performs in Google SERP, and the more visitors a site gets, the more spammers, both bots and human, will try to leave backlinks in rubbish comments hoping for that elusive “followed” backlink or just the traffic from readers clicks.

Read the rest of this entry