| View previous topic :: View next topic |
| Author |
Message |
John
the uncertain
Joined: 22 Jun 2004
Posts: 2147
  
votes: 27
|
 Posted: Mon Jul 03, 2006 0:01 Post subject: Gibberish Spam |
 |
|
I have suddenly been hit by a new spam thats sole purpose seems to be to fill any Blacklist with crap.... they come in three's
Example 1.
| Code: |
Author: tvbdmy rasujelpt (IP: 59.5.209.63, 59.5.209.63)
Email: ceqdis@mail.com
Url: http://www.google.com
Comment:
xngi azjq csnpgkeht duyltis ukfyisg odztubv ylxbnwoch http://www.yavsdxp.etrabmiwo.com |
Example 2.
| Code: |
Author: ejadc wirxsa (IP: 85.42.90.154, host154-90-static.42-85-b.business.telecomitalia.it)
Email: brjw@mail.com
Url: http://www.irljqz.xibzwtnv.com
Comment:
falrqdmnw tlyf vbnpyxl zxmyijw xszqo ckovgx mzoqjr |
They use Google as a url in one of the three each time.
All I've been able to do is DELETE them as there is no point adding them to the Blacklist.
I have closed the Comment form via main.php "$disp_comment_form = 0;" which seems to have stemmed the tide.
It seems a shame to have to close the comments. Is there anything else I could do .
I'm using Sparkle.
Cheers
John
Is there anything else that can be done
_________________
See the Sites in in Venice |
|
| Back to top |
|
 |
JosephDP
New Poster
Joined: 02 May 2004
Posts: 29
|
|
| Back to top |
|
|
Nando
Hooked :)
Joined: 27 Mar 2005
Posts: 141
|
| Posted: Mon Jul 03, 2006 6:26 Post subject: |
|
|
Yeah, I've been hit by them too. Got over 100 spams last night. Deleted all of them manually  |
|
| Back to top |
|
|
DelMarSurf
New Poster
Joined: 06 Dec 2005
Posts: 25
|
| Posted: Mon Jul 03, 2006 7:27 Post subject: |
|
|
| This is the exact problem I am having. I thought it might be another webmaster trying to get me to block google.com locally. Goodby comments! |
|
| Back to top |
|
|
rossputin
Seasoned Poster
Joined: 14 Feb 2005
Posts: 96
|
| Posted: Mon Jul 03, 2006 8:17 Post subject: gibberish comment spam |
|
|
I'm also getting hit with massive numbers of these things. For the ones where they enter a URL of google.com, it's easy to delete them as a group using the anti-spam tool (but I have to make sure not to blacklist google as a referrer). But for the random URLs, it's much harder.
So, to repeat someone else's question, is there a way to blacklist comments which put mail.com in the email field?
And then, I have another question/suggestion: Could someone provide code (which I presume would be fairly easy to write for someone good at such things) to add a "delete" link next to the "edit" link when displaying the list of most recent comments? At least if I could just go down the page hitting delete, that would make this process faster.
Thanks!
ross
www.rossputin.com |
|
| Back to top |
|
|
rossputin
Seasoned Poster
Joined: 14 Feb 2005
Posts: 96
|
| Posted: Mon Jul 03, 2006 8:18 Post subject: one more idea on comment spam |
|
|
| I had one other idea....how hard would it be to automate closing comments after a posting is more than X days old? |
|
| Back to top |
|
|
BaileyWTNH
Hooked :)
Joined: 02 Feb 2006
Posts: 119
votes: 3
|
| Posted: Mon Jul 03, 2006 8:32 Post subject: |
|
|
I too got a lot of what I call grafitti spam, since it seems designed to do nothing else but deface the comments on a blog.
After deleting a hundred or so yesterday, I just got done deleting another hundred or so this morning. But first, I did a WHOIS on a most of them:
58.224.0.0 - 58.239.255.255 // Hanaro Telecom, Inc., Korea
59.0.0.0 - 59.31.255.255 // Korea Telecom
61.78.0.0 - 61.85.255.255 // Korea Telecom
61.96.0.0 - 61.111.255.255 // Korea Network Information Center
124.48.0.0 - 124.63.255.255 // Powercomm, Korea
220.116.0.0 - 220.127.255.255 // Korea Telcom
218.232.0.0 - 218.233.255.255 // Hanaro Telecom Co, Korea
61.129.102.0 - 61.129.102.255 // Shanghai Global Network Co., Ltd.
61.189.128.0 - 61.189.255.255 // Chinanet Guizhou province network
61.238.244.84 - 61.238.244.87 // Sinotech Resources Ltd - Nan Fung Ctr, China
219.223.122.0 - 219.223.123.255 // China
Looks like it may be time to find Whoo's post about using .htaccess to block IP blocks.
_________________
Jeff Bailey
Currently using:
connpolitics.tv -- 3.3.3
wtnh.tv/blogs -- 3.3.3
baileysgurl.com -- 3.3.3
"I'm impatient with stupidity."
twitter: baileywtnh |
|
| Back to top |
|
|
EdB
/bb|[^b]{2}/
Joined: 05 Jan 2004
Posts: 7123
votes: 90
|
| Posted: Mon Jul 03, 2006 9:20 Post subject: |
|
|
I know of no way to screen/block comments by email addy. It shouldn't be too hard, but so what: it shouldn't be too hard to have a million dollars and a pair of hot blonds...
Closing comments after X amount of time has been done. See This Thread for a link to my blog post about it and some feedback and such about it.
IP blocking might be the most effective method, but that's outside the scope of b2evolution EVEN THOUGH it will help b2evo users. I personally use a utility my host provides, so I know nothing of writing it on my own.
I wonder if y'all are seeing this crap on a particular post in your blog. If so simply close comments on that post and be happy. I know when I get assaulted by referer spam it focuses on one post. I've no idea why they like that post, but the spammers that feel the need to hit me 100 times in one night *always* use the same post. |
|
| Back to top |
|
|
John
the uncertain
Joined: 22 Jun 2004
Posts: 2147
votes: 27
|
| Posted: Mon Jul 03, 2006 9:36 Post subject: |
|
|
@EdB
the spam is aimed at old posts but not a single old post
Mine ranged across 4 or 5 posts which I closed but to no effect. They just found another old post.
This is a new method, designed to screw the effectiveness of blacklists and is a concerted flood.
I can't be bothered deleting 100's a day and it's pointless to blacklist them.
I'll restore my comments tomorrow and see what happens, but I'm pretty sure they will just scream through the open door again.
_________________
See the Sites in in Venice |
|
| Back to top |
|
|
JosephDP
New Poster
Joined: 02 May 2004
Posts: 29
|
| Posted: Mon Jul 03, 2006 11:16 Post subject: |
|
|
EdB, to answer your question
| Quote: |
I wonder if y'all are seeing this crap on a particular post in your blog.
|
Unfortunately, as this attack progressed, that wasn't the case. We received approximately 100 of these spams per hour, across all four of our public blogs, and their associated linkblogs, where we had forgotten to disable comments, and against a wide variety of posts, not just three or four, including our newest posts. It did die down early Monday morning.
To answer your other question
| Quote: |
It shouldn't be too hard, but so what: it shouldn't be too hard to have a million dollars and a pair of hot blonds...
|
I hear that getting the million isn't tough at all, but... A million isn't enough any more. 
_________________
Best Regards,
Live the TeleInterActive Lifestyle ™
InterActive Systems & Consulting, Inc.
http://www.iasc.com/; http://www.teleinteractive.net/
http://press.teleinteractive.net/tia_life; http://press.teleinteractive.net/cynasuralog |
|
| Back to top |
|
|
¥åßßå
Blonde Bimbo
Joined: 07 Jan 2005
Posts: 6579
votes: 115
|
| Posted: Mon Jul 03, 2006 11:41 Post subject: Re: Giberish Spam all with email random at mail.com |
|
|
| JosephDP wrote: |
We've been getting hit by this as well, at the rate of approximately 100 per hour. The only commonality is that the author email address are all randomJunk@mail.com.
Does anyone know of a way to block comments based on author's email address being *@mail.com? |
htsrv/comment_post.php :-
| PHP: |
<?php
if(strpos( $_POST, '@mail.com') )
exit; // why waste resources?
/**
* This file posts a comment!
*
* b2evolution - {@link http://b2evolution.net/}
* Released under GNU GPL License - {@link http://b2evolution.net/about/license.html}
* @copyright (c)2003-2005 by Francois PLANQUE - {@link http://fplanque.net/}
*
* @package htsrv
*/
|
¥
_________________
I may have opened the door but you entered of your own free will
| normal life wrote: |
yabba_hh: I think, I type, I read what I type, I think "fuck, what was I thinking when I typed that?!"
tuxnus: that's two more thoughts than I give you credit for |
|
|
| Back to top |
|
|
JosephDP
New Poster
Joined: 02 May 2004
Posts: 29
|
|
| Back to top |
|
|
BaileyWTNH
Hooked :)
Joined: 02 Feb 2006
Posts: 119
votes: 3
|
| Posted: Mon Jul 03, 2006 12:42 Post subject: |
|
|
EdB asked:
| Quote: |
| I wonder if y'all are seeing this crap on a particular post in your blog. |
Mine was across the board. 10-12-16 different topics on four blogs, some new and some topics a few months old.
_________________
Jeff Bailey
Currently using:
connpolitics.tv -- 3.3.3
wtnh.tv/blogs -- 3.3.3
baileysgurl.com -- 3.3.3
"I'm impatient with stupidity."
twitter: baileywtnh |
|
| Back to top |
|
|
Nando
Hooked :)
Joined: 27 Mar 2005
Posts: 141
|
| Posted: Mon Jul 03, 2006 12:46 Post subject: Re: Giberish Spam all with email random at mail.com |
|
|
| ¥åßßå wrote: |
| JosephDP wrote: |
We've been getting hit by this as well, at the rate of approximately 100 per hour. The only commonality is that the author email address are all randomJunk@mail.com.
Does anyone know of a way to block comments based on author's email address being *@mail.com? |
htsrv/comment_post.php :-
| PHP: |
<?php
if(strpos( $_POST, '@mail.com') )
exit; // why waste resources?
/**
* This file posts a comment!
*
* b2evolution - {@link http://b2evolution.net/}
* Released under GNU GPL License - {@link http://b2evolution.net/about/license.html}
* @copyright (c)2003-2005 by Francois PLANQUE - {@link http://fplanque.net/}
*
* @package htsrv
*/
|
¥ |
It didn't work for me, I suppose... |
|
| Back to top |
|
|
¥åßßå
Blonde Bimbo
Joined: 07 Jan 2005
Posts: 6579
votes: 115
|
| Posted: Mon Jul 03, 2006 13:03 Post subject: |
|
|
Change it to $_POST['email'] and it should work
¥
_________________
I may have opened the door but you entered of your own free will
| normal life wrote: |
yabba_hh: I think, I type, I read what I type, I think "fuck, what was I thinking when I typed that?!"
tuxnus: that's two more thoughts than I give you credit for |
|
|
| Back to top |
|
|
|
Home
Search
Usergroups
Register
Log in
