According to the maintainer of Spam Karma in his latest blog entry, a new breed of spam bot has emerged and has been released in the last few days. This new spam bot uses somewhat more intelligent behavior and can get past Spam Karma 2 sometimes. Bad Behavior, the spam protection that I use, isn’t very effective against these bots, which I can attest to since I had swarms of spasm lining up for moderation beginning last Friday.

It seems that there is an update coming to Bad Behavior which may end up stopping these new bots, but it won’t come until Bad Behavior 2 come out sometime this year. Michael Hampton, Bad Behavior’s coder has released an alpha but it will be some time before a final release will arrive If you wish to speed the release of Bad Behavior 2 please donate to his paypal account, his laptop died on the third of January and he doesn’t have the cash to repair/replace it.

As for my spam buddy, Mr. 195.225.177.80, from Europe managed to either get past my .htaccess block, or Stat Traq tracks all http requests, even 403s. Hopefully it’s the latter rather then the former. Otherwise my site has been hacked and I’ll have to do another password rotation, which is a pain.

Here is the link: Michael Hampton’s Blog

Here is the link: Dr Dave: The State of Spam [Karma]

-John Havlik

[end of transmission, stay tuned]

Watching a spamming attempt unfold before my very eyes, I have become furious to the point of almost writing a Word Press plug-in. In stead I’m going to share an idea. So a certain Internet Exploder (Explorer) user from Europe, whom is using the IP address 195.225.177.80 and is ‘pimping’ a fraudulent online pharmacy, decided to crawl my site a few months ago. Plotting its attack, it waited, and waited. Avoiding Bad Behavior was necessary, but the simple Word Press moderation blocks kept his spam from getting through. He should have seen a 412: Precondition Failed, but somehow didn’t. The first attack lasted only 8 posts but they never caught on. The next day 12 spam posts came, and then that night 48 posts came through. This really pissed me off. I uploaded a nicely modified .htaccess file that blocked his IP address, now he sees a nice 403: Forbidden.

Instead of taking such a harsh approach on spammers I’ve though of something: how about using a black list, such as Bad Behavior’s central one, and when a spammer tries to post a comment with under 10 words and has a hyperlink, or supplies one to the “website” field, log the message as spam, the IP address, and the site url in a sql database entry and then forward the robot to the site that they tried to “promote”. That way legitimate the users of the IP address can get make quality responses, while the spammer bots will waste bandwidth of the site that they are “promoting”.

-John Havlik

[end of transmission, stay tuned]