Tag Archives: spam

Spam Avalanche

Posted on by

I am not sure if it was a special event, but for some reason on 04 Feb 2009, this blog was innundated with spam comments.

Now, as any blogger will know blogs get spam comments. We get a fair few of which most (99.85% if you believe Akismet Stats) get caught by the anti-spam. It is, rightly or wrongly, one of the prices you pay for having a blog. It is slightly amusing that around a third of the spam comments are advertising spam-commenting systems but most are tediously repetetive. Every now and then Heather gets it into her head to read, and subsequently rant about, some of them but generally we are happy to ignore them.

However, on Wednesday we were flooded with spam comments. According to Akismet stats (which broadly mirror my recollections), we had 3.5 times as many spam comments as the previous peak (09 Jan 09) and a massive 16 times as many as the average spam comments. We had more spam in that 24 hour period than we’d had in the whole of August and September last year. Fortunately Akismet caught the lot, but it was bizarre. In the time it took to click on “delete all spam now” another 50-odd messages arrived. Equally odd, few were “normal” spam in which something was advertised, most were just strings of random letters and urls pointing to random letter domains. I really have no idea what the spammers hoped to achieve, unless it was an attempt to overwhelm Akismet worldwide…

Anyway, the main point is that the volume of spam meant there was no way we were going to read through it and see if any legit messages had been trapped. In the massively unlikely event that you had a message deleted, this is why.

If anyone knows why 4 Feb was World Spam Day please let me know.

Flatterspam and anti-spam spam

Posted on by

OK, I’m a sucker for flattery. I even admit to keeping a constantly-updated and re-ranked mental roll call of compliments that strangers pay me in the street. (The more ludicrously undeserved the better, of course. I am talking about flattery, here, not objective observation. )

But, hey, I’m not totally stupid. Accepting flattery from comment-spam is a step too far even for me. In the past few days there’s been a surge in “comments” like these:

Hello webmaster. Great job!

(Well, thanks.)

http://www.whydontyou.org.uk – great domain name for blog like this!

(We like to think so, but to be honest it doesn’t hold a candle to a lot of domain names.)

You are a very smart person!

(They know me so well.)

I loved Why Dont You Blog?!

(I am so pleased that you liked it.)

Hi. Why Dont You Blog? was very well written.

(Where are the bloody exclamation marks? I think you may be almost damning the blog with faint praise, if you can’t even come up with a few exclamation marks.)

Why Dont You Blog? was a perfect blog in the world of insurance agents las vegas

(Bah, you had me right up until the “insurance agents las vegas” thing.)

Step one in successfully getting what you want through flattery is surely to at least pretend to be sincere. So, a bit of a FAIL there for mr colondetox (although your site name is probably a good indication of the quality of its content) and your many brothers-in-spam.

In fact we generously even let through the spams that seem to have come from a factory full of impoverished urchins doomed to write contextually apposite comments for dollars. At least they’ve made the effort to write about the post. (Though the links get stripped……)

But the “You’re on our spammers list but we’ll take you off if you just respond by clicking on this link” approach is really cunning.

It’ has a long list of apparent spamblogs and it says:

Are you moderator of this site? Please send email to *****.com with your site name and we remove it from our base;)

I’ll take that as “All your bases..” (I do like the wink. It’s as if they are undercutting the absurdity of the whole idea that you could respond to spam in order to get rid of it.)

Blogspam that’s not funny

Posted on by

Idly deleting the blogspam in Akismet I see that this blog appears to have got spam from… itself.

admin | info@www.whydontyou.org.uk | whydontyou.org.uk | IP: 85.153.7.194
Your investigation have been helpfull for me. I wish everybody writes article as this.

WTF? Well, I suppose it’s always possible that I am suffering from a brain disease that makes me both send out spam at random and forget that I’ve sent it.

Plus removes any native-speaking familiarity with the English langauge.

Not to mention that it seems that I’ve been absent-mindedly visiting Turkey without realising it. Because this host is what that IP resolves to (assuming, for no good reason, that the originating IP isn’t spoofed)

Turkey
City: Istanbul
Latitude: 41.0186 Longitude: 28.9647
Host: barbaros.turkbilnet.com
IP: 85.153.7.194

This really pisses me off. If the spammers are so prolific that they’ve spammed the blog they were using as a pretend source, how many other blogs have got spams that seem to originate from here?

Does anyone have any suggestions about what to do about this?

Wittering on about blog spam again

Posted on by

This blog feels slightly shortchanged in the weird searches department. For example, if you look at HjHop’s site, he gets searches that are bizarre enough for him to make a funny feature of them.

Search engine choices that bring unsuspecting people here are generally just odd. Not entertaining, just odd. Normally, there are between 5 and 15 for Schwarzenegger (?) and similar numbers for pictures of guns. (??????) Sometimes, castles come top, usually Bodium castle – but there were only 7 searches for this today. Today’s search referrals also included Rorschach (?7) art and fine art, (?6) and (?5). 5 Fruit and veg is normally a front runner but came nowhere today. I defy anyone to make a readable post out of that lot.

I suspect noone has ever been directed by a search engine to what we fondly believe is the normal content of our posts.

But this blog could acquit itself well, if it ever gets in a competitive event relating to volumes of blogspam. According to WordPress stats for this blog, there have been 2,624 approved comments but

Akismet has protected your site from 13,409 spam comments already

Akismet doesn’t even cover the whole life span of the blog and it’s probably been reinstalled a couple of times – hence, reset to 0 – but even on these figures, that’s a good few times as many spam comments as there were legit ones.

There are clearly spam fashions. I quite admire the craftsmanship involved in the ones that have generic phrases designed to flatter you into allowing the comment through the filter:

Love your blog. I’ll bookmark it and return later.

or the old favourite from last year, with words to the effect that:

I didn’t quite understand what you said on [insert name of blog] but I’m interested to know more.

However, it’s as if the heart has gone out of the spammers. This week’s “new black” for spam seems to involve sending some random syllables, occasionally with a load of links:

qkncihdf tjnprcd mitqlanp oznqx eaqrpzu imfwatulo sjmxrqgh

for example. Or, what about this, where even the links don’t make an effort to disguise their innate spammishness, let alone entice the unwary with promises of free meds or unfeasible bodily expansion?

biprong unbrimming martinetism bosn amative biota spongida expectingly
ziafm wnwwqwuy
http://jdskmnffl.com
ktuhbdk info
http://jlvxkeva.com
uosgu wcmqjs
http://sgqwajre.com
kxrrd qzfkagqn

What’s going on? There are eleven of these in the Akismet spam queue today. Not one has an English word in it.

The Register had a long security post about blogspam, on Friday. The article was about a malware scam that claims to take the user to various legit sounding places.

Over the next several weeks I noticed a lot more of these, not only pointing to Google but also to Yahoo and MSN. The servers they pointed to all had the same basic structure, such as google-homepage.google-us.info, msn-us.info, yahoo-us.info, etc. Every one resolves to the same IP address: 124.217.253.8. That IP address is registered to Piradius.net in Singapore. The server appears to be hosted out of Kuala Lumpur. The domains, however, are registered in Ukraine:

(They’ve all moved since the article was written, of course.)

The rest of the article is fascinating. Click on one of these imaginary images and they run an executable. The article shows a series of legit looking screendumps, with the alerts very well designed. They put the fear of malware into you and offer you apparently Microsoft-approved solutions. There’s even a blag Microsoft Security Centre. The only intrinsic design flaw was that it said XP Security Centre, which was immediately suspicious to someone running Vista.

I’m as much of a mug as anyone. I just hope I haven’t fallen for any of these…….

One thing I’m pretty sure this blog been subject to (thanks to Firestats’ fund of fascinating information on referrers) is a hack of restricted WordPress content using the Google cache. It just involves asking for things from the cache by modifying the url request string. (I’ve done that by accident I suspect)

That password-protected site of yours – it ain’t
It’s one of the simplest hacks we’ve seen in a long time, and the more elite computer users have known about it for a while, but it’s still kinda cool and just a little bit unnerving: A hacker has revealed a way to use Google and other search engines to gain unauthorized access to password-protected content on a dizzying number of websites.

We don’t have any restricted or pay-per-view content,so no loss as far as this blog is concerned. But, it’s sort of blog-validating to be in there in a “dizzying number.” ๐Ÿ™‚

Deutsche malware

Posted on by

A Nelson-esque “Ha Ha” if you thought that other EC countries might be havens where the seemingly outdated Euro-values (justice, tolerance, protection under the law, presumption of innocence, free speech) are still observed.

The government of Germany (that’s the combined former East & West Germanies. Remember East Germany? That’s the one with the Stasi and a population that was so avid for freedom 20 years ago) has approved what the Register calls a Plod-spyware law.

This handy law will give the German government the “anti-terror” powers to monitor private homes, phones and computers. Don’t you just love the TWAT? Any government in the world can now take any powers they fancy just by invoking its name.

Instead of tapping phones, they would be able to use video surveillance and even spy software to collect evidence. Physically tampering with suspects’ computers would still not be allowed, but police could send anonymous e-mails containing trojans and hope the suspects infect their own computers (from the Register story)

Wow, government spam that carries malware! Did I put enough exclamation marks there? Here are more!!!!!!!

These powers will only be used in exceptional cases, yada, yada, usw. Oh yeah?

There have been already been several recent scandals about over-the-top surveillance in Germany (Lidl, Deutsche Telecom, usw) Although, unlike the UK, at least the Germans don’t yet seem to lose personal data on a biblical scale. But, if the Lidl surveillance is any guide, they see information on the dates of surveillees’ menstruation as worth gathering

XanderG made a beautifully phrased comment on a WgyDontYou post a couple of weeks ago.

Iโ€™ve never understood how weโ€™re supposed to find a needle in a haystack, by chucking in more hay. So many of these measures simply add dead-ends and wild goose chases to an already massive monitoring system. How are we going to catch anybody with real malicious plans? (XanderG)

If a government REALLY cares about preventing terrorism, it is blatantly illogical to collect massive amounts of information on the general public. It’s well nigh inconceivable how much information is flying around in a noughts-and-ones format.

For instance, almost every person I passed in a half-hour walk was having a mobile phone conversation – including three dog-walkers and two cyclists. (Cycling, in traffic, ffs. Unselfish people, trying to cull themselves for the good of the gene pool) Pretty well every house in my low-income street has a relatively-fast broadband connection. There are enough traffic cameras and public CCTV installations in a 500 yard radius to provide a year’s 24-hour broadcast reality tv on every known channel.

Scale this level of data traffic up to the population of the UK and Germany. Unless half the population is engaged in monitoring this hurricane of electronic noise – using the most advanced pattern recognition and cryptographic algorithms known to science – anyone who is gathering this data might as well not bother.

Well not if they care about detecting real social threats anyway. It might come in very handy for finding people who are spoofing their address to get their kid into a school slightly out of their area. Or it might catch someone who hasn’t paid their car tax or is claiming invalidity benefit while working (as the threatening TV and billboard ads keep telling us).

It might not seem to make sense but I have finally figured it out, with the help of the Matrix and the Church of Scientology.

Clearly, the earth is threatened by a monstrous alien intelligence that eats human data. It can only be kept at bay by feeding it gargantuan stores of bytes. Earth rulers are doing us a favour by collecting all our data and recycling it as xenofood to stuff in the gaping maw of the evil extraterrestrial overlord Zarg. They can’t tell us the truth because there would be a global panic.

A question for the lawyers out there – Sending malware in spam may not be a crime if the German police are doing it. But would installing this malware become a crime if the recipient of a German-police email were to forward the spam to, say, a member of the German government? The government of another country? A major corporation? At what point?

Comment spam up by 76% percent

Posted on by

I made up the number. Spurious statistics are so convincing.

Spam is definitely up though, as you know very well if you have a blog. If it weren’t for Akismet, this blog would be buried under the weight of it. A year or so ago, a few comment spams would be waiting in the Delete queue every couple of days. Now there are about 60 a day. And the buggers are growing in length. There are single spams with lists of keywords and links long enough to fill a few sides of A4. (Letter for those used to US paper sizes.)

Calculated across the whole lifetime of this blog, there have been 9 comment spams to every post. (That’s a real statistic. I didn’t just make it up, honest. I even used Calculator.) Given that Akismet wasn’t installed for a many months and that most of these spams have arrived in the past few months, the ratio of spam to post is currently very much higher.

My plan was to list the most ludicrous. But they aren’t even funny. They offer porn, online medicines, cars, loans, yada yada, yada. I imagine that even someone who is desperate to buy any of these would think twice about clicking on a link on a spam comment. In fact, is it even remotely possible that someone without an attested mental illness has ever clicked on one of these links in blogspam?

More sophisticated spams aim to pass a cursory blog-entry Turing test by using stock human phrases. Ofteb in a mechanical “translated-from-the-Finnish-using-Babelfish” way. E.g. two of this evening’s crop are “very true statement, we have gotten in much trouble on that notion historically.” and “Hi! Without taking into account the issue of establishing a stone by God, which he wonโ€™t be able to pick up, how do you think, may be something in this world, what can God never see?”

What? The characters come from the Western European standard characterset; the words are in an English dictionary; the sentences have nouns and verbs and punctuation – generally including a liberal use of the exclamation mark!!! But the phrases might as well be in a management report for all the sense they convey.

Some comments fake having read a blog post, with generic comments that could apply to any post – “Interesting post on *name of blog* today” – or claims that they haven’t quite understood what you were saying but want to know more. Well, they’re bots, ffs. Of course they haven’t understood your post. You were addressing a mammalian readership.

Others shamelessly flatter your writing style or your blog in general. (“Good portal!” “I like this work!”) The idea must be that the recipient is so blinded by recognition of their innate genius that they fail to notice it’s a spam and let the comment through. My head is at least as easily turned by dumb admiration as anyone’s, but even I have to pass this unsolicited admiration through reality filters.

In fact, these spams really annoy me because sometimes I do just want to comment on someone’s blog to say “Good post.” I’ve got nothing witty or pertinent to contribute. I just want to let the writer know I enjoyed it. But, the fact that it makes me seem like a comment spammer puts a stop to that.

A major irritation caused by spams is that we often accidentally delete real comments that have ended up in the spam pile. If you are commenting from an academic IP, it’s pretty certain that your institution’s email has been used to pour out spam, so Akismet is likely to block you. For a blogger, s it’s sometimes too much effort to pore through 40 comments on the offchance that one is a real person. So, real comments get thrown out, in a baby and bathwater scenario.

Comment spam costs pretty well nothing to create, so whatever the producers charge their customers must be pure profit. Bah. Some bugger is making money while you’re wasting your precious life-force deleting the latest missive from “daniel@msn.com” (a regular spam commenter whom we’ll probably all recognise).

Akismet does a fair job of dealing with it. I don’t know what other solution there is – or if it even matters as more than a stupid waste of bandwidth.

I obsessively look up the IPs and locations of the worst ones. Toutatis only knows why. (Most of the IPs will be spoofed anyway.) But I can glare at Riga or direct withering scorn at Hong Kong on Google Earth and feel that “I’ve got your number”. That must count for something…

Misuse of email? Maybe

Posted on by

I am not fully sure yet, but it looks like ClassicFM needs to be added to my personal list of “Bad Organisations” which sell on your email address to spam houses.

I have mentioned this in the past, but basically when I sign up for various things online I use a Gishpuppy email address. Ok, it is an ugly website but the service is really useful. With Gishpuppy you can create an email account tailored for a specific use which re-directs your email to any account you want.

To this end, when I registered for a special offer at ClassicFM.com a while ago I used the email address classicfm.zqa at gishpuppy.com. This is the only place I have ever used the email address and the only time I used it.

While I was on holiday (and all day today), I have had in the region of 8 – 10 spam mails sent to that email address. Not a massive amount, but annoying – especially when I have only used the email in a single place. For completeness, the header information reads: (I have removed my real email address and munged the gishpuppy one)

Return-Path: <Pace2Calderon@comptia.com>
X-Original-To: [REAL EMAIL REMOVED]
X-Envelope-To: [REAL EMAIL REMOVED]
Delivered-To: [REAL EMAIL REMOVED]
Received: from minuteman.ai.net (minuteman.ai.net [205.134.188.6])
by robin.systems.pipex.net (Postfix) with ESMTP id 6EEA4E0000EB
for [REAL EMAIL REMOVED]; Sat, 7 Jul 2007 18:34:00 +0100 (BST)
Received: by minuteman.ai.net (Postfix, from userid 1002)
id E73849A3; Sat, 7 Jul 2007 13:30:11 -0400 (EDT)
Received: from 1D597C28 (84.127.79.26.dyn.user.ono.com [84.127.79.26])
by minuteman.ai.net (Postfix) with SMTP id 60F0A9A3
for <classicfm.zqa @ gishpuppy.com>; Sat, 7 Jul 2007 13:30:10 -0400 (EDT)
Received: by event.comptime.net (Chostfix, from userid 322)
id 22DCE52121; Sat, 07 Jul 2007 12:33:17 -0800
X-Original-To: rat-07@guide.comptime.net
Delivered-To: industry-07@advertisement.comptime.net
Date: Sat, 07 Jul 2007 12:33:17 -0800
From: “Clarke, Consuelo” <Pace2Calderon@comptia.com>
To: classicfm.zqa @ gishpuppy.com
Subject: Recruiting [GishPuppy]
Sender: Pace2Calderon@comptia.com
Precedence: bulk
Reply-To: Pace2Calderon@comptia.com
Message-Id: <20070707173010.60F0A9A3@minuteman.ai.net>
X-Antivirus: AVG for E-mail 7.5.476 [269.10.2/890]
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain

All of them were pretty much the same as this (with different return addresses and paths) and I am sure people who know much more about the subject than I do can make more sense of it.

It is possible that Gishpuppy is the weak link and sold my email address on (or had it stolen) but as I have dozens upon dozens of Gishpuppy addresses, I am not sure how likely that is.

At the moment, I can only assume that ClassicFM have either deliberately allowed my address to be used or are just inept at securing my details.

Shame on them.

[tags]Bad Shops, Spam, Classic FM,Gishpuppy[/tags]

Rant about spam

Posted on by

It seems a hostage to fortune to say I don’t really care about spam coming to my inbox to advertise shares or pharmaceuticals or just spill out gibberish concrete poetry. One sort of spam that makes me really angry is the “System Admin” stuff that says it’s been returned from email address x@blah.com because there was an undeliverable message from my email account.

It is impossible to know which of these are spoofed from start to finish. Most, I am told. However, some could be legitimate in the sense of actually recording an attempted spam going somehere – in which case my email account has been used to spam other people. Which is obviously much worse than just getting spam yourself because it destroys your credibility.

A man I know had an AOL account that banned him three times because his address was being used as a spam source. He was mortified and out of his depth on each occasion – he had chosen AOL as his service provider, for a start, so, almost by definition, he knew virtually nothing about the Internet.

(On another occasion, this rant will expand into the area of spam comments and how it means that we have to use Akismet, which occasionally deletes real ones as it goes into a destroying frenzy, losing good comments. as well as making us look churlish.

Not that this blog can claim to be innocent of general churlishness, but the comment-deleting churlishness isn’t our fault. The ongoing looney debate shows us bending over backwards – to the point of tying ourselves in infinite knots – to avoid being churlish to soemone who is a looney fundamentalist, by his own admission.)

Rules are meant to be broken

Posted on by

Spam us and you won’t usually get read, let alone answered.

In fact, a good few legitimate emails get thrown out accidentally in the rsi-inducing marathon of spam deletion that follows opening the email client. (Sorry to everyone whose mails get flushed)

All the same, this blog link, which came from a promotional semi-spam to the blog is actually very interesting. The blog name and blurb are:

Off the Page – Current Affairs Books, Comment & Debate
Source of content and opinion from some of the UK’s best published writers on a range of diverse topics, from the war on terror to the trouble with Tesco

We are of course holding you to ransom for a reciprocal link, seeing as you are such fans of the blog, as you mention in your email :-p ….

(Don’t take this a cue to comment-spam or spam us, though, all you cialis vendors and Nigerians who have unaccountably discovered how trustworthy we are and want to give us free dollars, you know who you are. This blog’s comments are protected by the magical shield of Akismet, not to mention the Power of Greyskull.)

Misuse of Email Addresses

Posted on by

Quite some time ago, thanks to the wonder of Magazine Cover Disks, I installed Concept Draw MINDMAP personal edition 4. If you need to make mind maps and the like, this is reasonably good software and certainly worth the price (i.e. free). Part of the installation process required me to register with concept draw, and provide them with an email address.

Being a naturally paranoid fool, who always assumes the worst, I used the services of Gishpuppy to create a one-off email address for this registration, which automatically forwarded emails to my main account. If you haven’t already done so, I cant suggest strongly enough the advantages of going to the site, registering and getting the plugin (if you use FF / IE) to allow you to “Gish It” every time you are asked for an email address.

Basically what happens, is you give gishpuppy some keywords and a domain which you want to use the email address on, then it creates the address for you. As an example, if your key words were whydontyou it may create the email address whydontyou.4ry@gishpuppy.com. You give out this email address and when anything is sent to it, it gets forwarded to your real account. It is a great way of testing the water with some services.

Anyway, as I said I created the GishPuppy address and registered. Everything was fine for a few months, but for the last five or six weeks, I am getting a deluge of spam emails to that address. Now, I know I have never used this address anywhere other than the ConceptDraw registration. Today I got an email from a site admin saying that there had been a massive amount of spam from my email address (the Gish one) and suggesting I check the firewall to see if I have been hacked.

Now, as I see it, one of two things has happened. Gishpuppy has compromised my email address to spammers, or Concept Draw have. If it had been Gishpuppy, why would they only give up one email address? I have dozens registered with Gish (I use them every time I have to register somewhere so I can filter the return emails), and none of the others get spam emails.

Sadly, I can only draw one conclusion from this and it certainly ensures I wont buy anything from Concept Draw in the future. To give them the benefit of the doubt, I have tried email Concept Draw to explain I felt emails were being misused but, oddly, I have had no response.

Microsoft Live-writer spam now gone

Posted on by

If you click on the link in the post about Microsoft Live-writer’s comments being pure spam, this morning, you might wonder what I was going on about. The page now has normal-looking comments.

(I still have the page open as it was last night though so I made a screenshot – well 2 screenshots, as the page is huge and I could have made about four, but I stoppped when I got the first three spam lists.)

Without being interested enough to go through pages of comments I can’t really say if they were genuinely deleted or just fell off the front pages because of the volume of comment that Microsoft page would generate.

However, WhyDontYou blog felt slightly smug when FireStats showed that almost the first reader of that comment came from an IP address in Redmond Virginia………. Please don’t destroy the illusion that Microsoft jumps to our tune.

Microsoft Live-writer page comically spammed

Posted on by

๐Ÿ˜€ This is too good to pass up. There is loads of pornspam disguised as Comments on Microsoft’s Livewriter page that announces the “New Release! Windows Live Writer 1.0 (Beta) Update with Windows Live Gallery”

Come on Microsoft. Everybody else has to deal with it. You may be too proud to use Akismet but there are other ways to stop getting rubbish comments on your blog page. You are supposed to have programmers working there. ๐Ÿ˜€

Gmail now widely available

Posted on by

Pointless but confusing news item – Google has now made its gmail/googlemail services open to anyone. Previously you had to have an invitation from someone who had a gmail account.(One implication could be that spammers start using gmail more.)

This is just here because, as far as I’m concerned, it’s a wierd “news” item, as I thought they had opened up gmail to anyone shortly after it was set up.

Gmail is quite good. It’s probably useful if you want an extra account to sign up for things without getting your real email buried in an avalanche of incomprehensible spam. You just have to remember the user name and password, (which is why that anti-spam tactic always works poorly for me.)

Googlemail offers a huge amount of storage space. The user interface is a bit jerky and unpredictable but that’s a feature of all webmail. It also lets you use Google talk, which is a lot like MSN Messenger in terms of its facilities – voice and so on. Last time i used it – which is about a year ago -Google talk lacked some of the Messenger additions – not necessarily a bad thing, IMHO in that it didn’t stick ads in your face, Nor did it give emoticons, unlike Messenger which offers loads, ranging from the unspeakably vile to the generally useful. These aspects may have changed. Now I think about it, maybe I’ll give it another try.

When it was first announced, Google talk was supposed to be about to offer free calls to phones. Hmm. I suspect that never took off, but it would be worth me investigating.