funsec mailing list archives
Re: Comment Spam: new trends, failing counter-measures and why it's a big deal
From: Gadi Evron <ge () linuxbox org>
Date: Tue, 14 Feb 2006 01:34:10 +0200
Stephen J. Smoogen wrote:
On 2/12/06, Gadi Evron <ge () linuxbox org> wrote:Recently, new bots rendered current anti spam techniques for blogs almost useless. Here is a short write-up on the subject of comment spam, referrer spam and what's currently happening in that area.Nice summary of what is going on with blog attacks. I havent done much with blogs due to job reasons.. so hadnt really kept up with what the latest attacks were. They seem to be parallels with website defacement for profit, SMTP spam, and other crimes. I was wondering about that smart "bot".. at what point does it become cheaper to "employ" 1,000 phillipine children with English skills and have them run through a bot-net to hide their origins.. than develop an auto-bot that posts spam for you. Doing automated searches through whois for obviously fake entries and going from there to search and verify messages to confirming that email addresses are correct. Greylisting/whitelisting software might also have some affect (if one can legally share that data). Say in this way: Being goes to blog. Being decides to post to blog. Being is given a EULA which basically says "Here are our posting guidelines. You give up your right to anonymity if you wish to post here." Being is sent a cookie with certain data in it, and is put in greylist. Server stores data on IP address, post data, and IP addresses in post. Greylisted items are posted on delayed time (or after moderation). Server sends greylisted aggregated data to central server (for pattern matching AI that hey this same URL/IP address block was embedded into 200 blogs today). Posting X amount of times moves one up/down from greylist to whitelist blacklist using a bayesian scoring technique based partially on keywords, and partially on non-whitelisted URLs. Client servers poll central server regularly for data to be added to black/grey/white keyword-URL lists. The central server is mainly to help multiple private blogs clear out bad nets in a short order.. it would not be needed on a large central blog aggregator that could act as the central server itself.
I believe you have the right of it. Still, there is no "magic bullet" with spam or pretty much anything else in this world.
:/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Comment Spam: new trends, failing counter-measures and why it's a big deal Gadi Evron (Feb 12)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Dude VanWinkle (Feb 13)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Gadi Evron (Feb 13)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal James Kehl (Feb 14)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Dude VanWinkle (Feb 14)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Gadi Evron (Feb 13)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Dude VanWinkle (Feb 13)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Stephen J. Smoogen (Feb 13)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Dude VanWinkle (Feb 13)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Valdis . Kletnieks (Feb 13)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Gadi Evron (Feb 13)
- Re: Comment Spam: new trends, failing counter-measures and why it's a big deal Dude VanWinkle (Feb 13)