Tag Archives: akismet

Spam Avalanche

Posted on by

I am not sure if it was a special event, but for some reason on 04 Feb 2009, this blog was innundated with spam comments.

Now, as any blogger will know blogs get spam comments. We get a fair few of which most (99.85% if you believe Akismet Stats) get caught by the anti-spam. It is, rightly or wrongly, one of the prices you pay for having a blog. It is slightly amusing that around a third of the spam comments are advertising spam-commenting systems but most are tediously repetetive. Every now and then Heather gets it into her head to read, and subsequently rant about, some of them but generally we are happy to ignore them.

However, on Wednesday we were flooded with spam comments. According to Akismet stats (which broadly mirror my recollections), we had 3.5 times as many spam comments as the previous peak (09 Jan 09) and a massive 16 times as many as the average spam comments. We had more spam in that 24 hour period than we’d had in the whole of August and September last year. Fortunately Akismet caught the lot, but it was bizarre. In the time it took to click on “delete all spam now” another 50-odd messages arrived. Equally odd, few were “normal” spam in which something was advertised, most were just strings of random letters and urls pointing to random letter domains. I really have no idea what the spammers hoped to achieve, unless it was an attempt to overwhelm Akismet worldwide…

Anyway, the main point is that the volume of spam meant there was no way we were going to read through it and see if any legit messages had been trapped. In the massively unlikely event that you had a message deleted, this is why.

If anyone knows why 4 Feb was World Spam Day please let me know.

Blogspam that’s not funny

Posted on by

Idly deleting the blogspam in Akismet I see that this blog appears to have got spam from… itself.

admin | info@www.whydontyou.org.uk | whydontyou.org.uk | IP: 85.153.7.194
Your investigation have been helpfull for me. I wish everybody writes article as this.

WTF? Well, I suppose it’s always possible that I am suffering from a brain disease that makes me both send out spam at random and forget that I’ve sent it.

Plus removes any native-speaking familiarity with the English langauge.

Not to mention that it seems that I’ve been absent-mindedly visiting Turkey without realising it. Because this host is what that IP resolves to (assuming, for no good reason, that the originating IP isn’t spoofed)

Turkey
City: Istanbul
Latitude: 41.0186 Longitude: 28.9647
Host: barbaros.turkbilnet.com
IP: 85.153.7.194

This really pisses me off. If the spammers are so prolific that they’ve spammed the blog they were using as a pretend source, how many other blogs have got spams that seem to originate from here?

Does anyone have any suggestions about what to do about this?

Wittering on about blog spam again

Posted on by

This blog feels slightly shortchanged in the weird searches department. For example, if you look at HjHop’s site, he gets searches that are bizarre enough for him to make a funny feature of them.

Search engine choices that bring unsuspecting people here are generally just odd. Not entertaining, just odd. Normally, there are between 5 and 15 for Schwarzenegger (?) and similar numbers for pictures of guns. (??????) Sometimes, castles come top, usually Bodium castle – but there were only 7 searches for this today. Today’s search referrals also included Rorschach (?7) art and fine art, (?6) and (?5). 5 Fruit and veg is normally a front runner but came nowhere today. I defy anyone to make a readable post out of that lot.

I suspect noone has ever been directed by a search engine to what we fondly believe is the normal content of our posts.

But this blog could acquit itself well, if it ever gets in a competitive event relating to volumes of blogspam. According to WordPress stats for this blog, there have been 2,624 approved comments but

Akismet has protected your site from 13,409 spam comments already

Akismet doesn’t even cover the whole life span of the blog and it’s probably been reinstalled a couple of times – hence, reset to 0 – but even on these figures, that’s a good few times as many spam comments as there were legit ones.

There are clearly spam fashions. I quite admire the craftsmanship involved in the ones that have generic phrases designed to flatter you into allowing the comment through the filter:

Love your blog. I’ll bookmark it and return later.

or the old favourite from last year, with words to the effect that:

I didn’t quite understand what you said on [insert name of blog] but I’m interested to know more.

However, it’s as if the heart has gone out of the spammers. This week’s “new black” for spam seems to involve sending some random syllables, occasionally with a load of links:

qkncihdf tjnprcd mitqlanp oznqx eaqrpzu imfwatulo sjmxrqgh

for example. Or, what about this, where even the links don’t make an effort to disguise their innate spammishness, let alone entice the unwary with promises of free meds or unfeasible bodily expansion?

biprong unbrimming martinetism bosn amative biota spongida expectingly
ziafm wnwwqwuy
http://jdskmnffl.com
ktuhbdk info
http://jlvxkeva.com
uosgu wcmqjs
http://sgqwajre.com
kxrrd qzfkagqn

What’s going on? There are eleven of these in the Akismet spam queue today. Not one has an English word in it.

The Register had a long security post about blogspam, on Friday. The article was about a malware scam that claims to take the user to various legit sounding places.

Over the next several weeks I noticed a lot more of these, not only pointing to Google but also to Yahoo and MSN. The servers they pointed to all had the same basic structure, such as google-homepage.google-us.info, msn-us.info, yahoo-us.info, etc. Every one resolves to the same IP address: 124.217.253.8. That IP address is registered to Piradius.net in Singapore. The server appears to be hosted out of Kuala Lumpur. The domains, however, are registered in Ukraine:

(They’ve all moved since the article was written, of course.)

The rest of the article is fascinating. Click on one of these imaginary images and they run an executable. The article shows a series of legit looking screendumps, with the alerts very well designed. They put the fear of malware into you and offer you apparently Microsoft-approved solutions. There’s even a blag Microsoft Security Centre. The only intrinsic design flaw was that it said XP Security Centre, which was immediately suspicious to someone running Vista.

I’m as much of a mug as anyone. I just hope I haven’t fallen for any of these…….

One thing I’m pretty sure this blog been subject to (thanks to Firestats’ fund of fascinating information on referrers) is a hack of restricted WordPress content using the Google cache. It just involves asking for things from the cache by modifying the url request string. (I’ve done that by accident I suspect)

That password-protected site of yours – it ain’t
It’s one of the simplest hacks we’ve seen in a long time, and the more elite computer users have known about it for a while, but it’s still kinda cool and just a little bit unnerving: A hacker has revealed a way to use Google and other search engines to gain unauthorized access to password-protected content on a dizzying number of websites.

We don’t have any restricted or pay-per-view content,so no loss as far as this blog is concerned. But, it’s sort of blog-validating to be in there in a “dizzying number.” 🙂