Anyone want to bet how long it takes the automated posting bots to infect twitter?
June 23, 2009
April 15, 2009
Will the battle never end?
I have seen a new style of spam coming in on another blog that I have. Based on past experience, I normally expect the spam to include links to various sites that I have no interest in. These sites will normally promote things like products I don’t want (or need).
Lately, however, I have been getting spam comments that include links to “linked in” or other social networking sites. What’s the point of that? <sigh> The comments include anything along these lines (these are actual spam comments)
After reading through the article, I just feel that I really need more information on the topic. Can you suggest some resources ?
The style of writing is quite familiar . Have you written guest posts for other bloggers?
The topic is quite hot in the net right now. What do you pay the most attention to while choosing what to write about?
My friend on Facebook shared this link with me and Iâ€™m not dissapointed that I came here.
… and many more like this. The good news is that the comments were held in the moderation queue. The bad news is that these comments were all made on a blog that is protected by the checkbox challenge code that I use here. I have plans to go out and analyze the server logs to see if the comments were made by a human or a bot, based on time spent on the various pages.
December 13, 2008
A few weeks ago I posted about increasing the flood interval on my honey pot board. My theory was that since bots seem to have a fairly regular posting process I could cut down on the number of spam posts simply by changing the flood interval.
It didn’t seem to work.
November 25, 2008
Today I decided to check in on my “honey pot” board that I have running. I haven’t been there in a week or so but things were still humming along last time I looked. This time when I logged in I got a warning from my pop-up blocker. My initial reaction? I’ve been hacked.
It turned out that the real answer was much more benign… it was the notification of new private messages popping up. More…
November 18, 2008
Today I got my first spam that successfully navigated the Checkbox Challenge. It was caught by Akismet, which shows the power of a layered defense. On phpBB2 boards we have seen an increase in manual spam. Manual spam is really hard to defeat because it’s done by humans. On the other hand, it’s more expensive for the spammers too. I will be watching this closely to see how things trend over the next few months.
November 1, 2008
Google has a big challenge. Their blogger service is overrun with splogs. (And they don’t make it very easy to report them either.) Their web site search results have become polluted with people playing keyword and page rank games. And now their gmail service is being used to register spam accounts on phpBB boards. As of last month gmail is in second place for spammer registrations blocked by my Checkbox Challenge on one particular board. If I use only 2008 data gmail is essentially in a tie with mail.ru for most spam registration attempts.
October 31, 2008
In the first post in this series I showed some data from my phpbb2 honey pot board that has been collecting spammers for several months now. One of the most interesting observations (as far as I am concerned) is the posting frequency. The posting bot would log on, post, wait 25 seconds, post a second time, wait 25 seconds, post a third post, and then log off for several hours. This behavior would repeat throughout the day with the same user account coming in from different IP addresses around the Earth.
I suggested that this behavior was an indication of “zombie computers” and since today is Halloween it seems a good time to finish the topic.
October 29, 2008
I will start this post with a brief recap for new visitors or for those that have not been following my phpBB2 honey pot experiment. Several months ago (August) I set up an unprotected phpBB2 board. By “unprotected” I mean I did not install any MODs to keep spammers from registering or posting on the board. I did make a few code changes:
- Log IP address on registration
- Added “nofollow” to all links
- Created a cron (scheduled) job to move all posts into a hidden forum every ten minutes
Other than those changes, the board was completely unmodified. Note that the changes made were either to capture more information (IP address on registration) or protect my domain. I posted some statistics after about a month of activity and they weren’t pretty. I posted a few bits of information about patterns that I observed in the registration data a bit later.
Where am I going next? I am going to compare the IP addresses used to register with the IP addresses used to post. There are some interesting patterns that I can share, plus I will get to talk about zombies for a bit. That’s always fun.
October 9, 2008
I’ve been running a “honey pot” board for almost 60 days now. Tonight I took my first action against some of the spammers that are attacking. I used the
iptables command to revoke access to an entire range of IP addresses… from Panama.
This range of IP addresses is responsible for:
- 105 user registrations
- 10,312 posts
That’s almost 6% of my users, and over 55% of my posts. Where are these Panamanian spammers coming from? What sort of patterns (or “tells”) are they exhibiting? More…
September 23, 2008
I was over at the Google Adsense blog and forum earlier doing some research for one of my upcoming posts when I got a good laugh. Why?
A picture says it all…