nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Comment spammers chewing blogger bandwidth like crazy

From: Gadi Evron <ge () linuxbox org>
Date: Sun, 14 Jan 2007 19:01:02 -0600 (CST)

On Sun, 14 Jan 2007, William Warren wrote:


Heck feed it from spamkarma 2 or askimet. I use spamkarma 2 and it 
routinely nails tons of blog spammers..:)


SK2 and Akismet indeed do good work on WordPress, but are far from the
solution to the problem.

Things just get out of hand in the realm of comment spam as more and more
spammers invest resources there and overload web pages and services.

http://blogs.securiteam.com/index.php/archives/285
http://blogs.securiteam.com/index.php/archives/290
http://blogs.securiteam.com/index.php/archives/296
http://blogs.securiteam.com/index.php/archives/401
http://blogs.securiteam.com/index.php/archives/470
http://blogs.securiteam.com/index.php/archives/471
http://blogs.securiteam.com/index.php/archives/502
http://blogs.securiteam.com/index.php/archives/180




Alexander Harrowell wrote:

Gadi, if your HTTP spam DNSBL gets working, we would certainly be 
interested in feeding our spam filter from it. It is my experience so 
far that comments spam is not very "botnetty" but more "boxy" - the 
proportion of the total we get from any single IP address is relatively 
high.

Actually, to put that better, rather than being evenly distributed over 
many IPs, a core-group of the IPs spamming us at any one time account 
for the bulk of it. 80/20 rule again

On 1/14/07, *Gadi Evron* <ge () linuxbox org <mailto:ge () linuxbox org>> wrote:


    On Sun, 14 Jan 2007, Peter Corlett wrote:
     >
     > On 14 Jan 2007, at 13:27, Tony Finch wrote:
     > [Blog spammers]
     > > Most of the IP addresss you listed are are already on various DNS
     > > blacklists.
     >
     > Ooh, now that is interesting. I had assumed that the DNSBLs only
     > covered SMTP spam sources, but on reflection I suppose SMTP is a dead
     > protocol these days in the wider Internet.
     >
     > For the benefit of those of us who have been lucky to Recover from
     > ISP work and now herd blogs[0], would you be so kind as to share
     > which blacklists are worthwhile and worth consulting on this front?
     >
     > [0] Before you ask, no, it's no easier, in fact arguably harder work,
     > although the pay and hours are better. But yes, we're hiring.
     >

    Your assumption is incorrect. These DNSBLs cover spam sent in email,
    indeed. Thing is, spam is spam and spammers are spammers. Meaning, they
    spam in every way they can.

    In my experience 20-70 per cent would be flagged by email DNSBLs. Not
    accurate to filter out blog spam.

    As in, bots will be bots.

    I've been working on a new DNSBL for comment/etc. spam for a while,
    which
    will be reliable, generally, it doesn't exist yet for public
    consumption.

    There is such a black listing service already, but again,
    reliability is
    an issue.

            Gadi.




-- 
My "Foundation" verse:
Isa 54:17  No weapon that is formed against thee shall prosper; and 
every tongue that shall rise against thee in judgment thou shalt 
condemn. This is the heritage of the servants of the LORD, and their 
righteousness is of me, saith the LORD.

-- carpe ductum -- "Grab the tape"
CDTT (Certified Duct Tape Technician)

Linux user #322099
Machines:
206822
256638
276825
http://counter.li.org/
Previous By Date Next
Previous By Thread Next

Current thread: