Today I was fortunate to have another couple of test cases for my Spammer Hammer. I should put “fortunate” in quotes, as it really means that I’ve been hit by two more spam-bot attacks. Of course these new spam-bots are using throw-away domains like dwhg0284gerr.org and dw0gh824g24g.org. In other words, completely bogus domains set up just for the sake of answering an activation email. The first one of those was created on Feb 8, 2007. The second was created on the same day, and by the same person.

So I have a new idea. During registrations, what if I do a “whois” lookup on the domains, and automatically reject any registration from domains that are less than two months old? or two weeks?

I can create an override list based on domains that I currently trust. Those might be based on known active users in the phpbb_users table, or on something else. I don’t know yet what that would be. That way I would not incur the overhead of doing the “whois” lookup for email addresses from hotmail, yahoo, gmail, and so on. I know those might still be spammers, but I also know the domain wasn’t created yesterday.

During my investigation into this idea, I found that someone has already written a php class that contains whois functions. I’m going to be checking it out, and see what I can do with this.

Related Links

• Sourceforge download php class for whois queries
• php Whois home page