Comments on: Revenge referrer run?

By: Ivaylo

Ivaylo — Mon, 13 Mar 2006 19:46:13 +0000

I casually found, for now 100% successful anti-spammer solution for wordpress. As benefit I keep track of all “sodomized” spamers in bbclone.
This is my code at the beginning of wp-comments-post.php:

if (strstr($_SERVER['HTTP_REFERER'],’www.urlto.site:80/’) != FALSE)
{
echo “Please sodomize yourself!\n”;
define(”_BBC_PAGE_NAME”, ‘Sodomized by ref’);
define(”_BBCLONE_DIR”, “/full/path/to/bbclone/”);
define(”COUNTER”, _BBCLONE_DIR.”mark_page.php”);
if (is_readable(COUNTER)) include_once(COUNTER);
exit();
}

I keep for later reference all headers and post vars also in text file.

By: Administrator

Administrator — Sun, 02 Oct 2005 14:54:12 +0000

My bandwidth isn’t a concern right now. But when I issue warnings, I put myself in other people’s place, and think about how other people may get in trouble because of particularly insistent spammers.

I guess what I’m trying to say is: Buzz off.

Spam combat software is a good idea. That I choose not to run any is my decision. It’s not something my readers should copy from me, of course. It’s a personal decision on my part.

By: dr Dave

dr Dave — Sun, 02 Oct 2005 14:37:40 +0000

Ever heard of honeytraps?

Very much so. But:

1) Hardly any need to use your main blog as honeytrap. It works all the same with any random test blog, properly publicized.

2) Any decent spam filter will keep logs of what it does and let you dissect spams all the same.

3) It may be me, but it sounded like, in certain parts of your blog, you were complaining of the damages caused to your bandwidth or the time it’d take you to deal with such or such attack.

4) Doing the “block this IP”, “ban this domain” etc. on a case by case basis, is quite a waste of time.

By: Administrator

Administrator — Sun, 02 Oct 2005 08:10:20 +0000

Now why would I be using spam filters, except for making sure spam isn’t visible? I report on spam. I need access to spammed blogs.

Ever heard of honeytraps?

By: dr Dave

dr Dave — Sun, 02 Oct 2005 05:17:44 +0000

Forgive me for stepping in without having necessarily full knowledge of the situation, but from reading this entry and a few other related: wouldn’t it be about time that you install a decent referrer spam filter on your site???

Something that preferably blocks them silently, and at the very least throw them away with an HTTP error without using up your bandwidth?

I won’t give you any name, since there would likely be a conflict of interest, but I’m sure you’d find something by yourself…

By: DraDomains

DraDomains — Sun, 28 Aug 2005 11:53:10 +0000

hi: i’m new to all this stuff, and I am not a techie — just have a very basic understanding of this stuff (still learning) so i hope this isn’t too much of a stupid newbie question, but …. what are the best tools online for de-obfuscating URLS/DNS settings, email headers, etc and ultimately finding out who really owns a website or domain name, server, site, etc? How do you get to the root of these things? I just came across this great blog by accident and I would really like to know better how to track these creeps down who run a lot of these fly-by-night sites and operations, not just the spam, but that too, so they can be reported, identified, shared with anti-spam sites, etc.

I noticed that there are sites that host sites that host sites like leap-frog or hop-scotch or something. They start at one place and end at an entirely different but are linked somehow, but I don’t know if I’m checking the right information or using the right tools. I would really appreciate feedback on the best tools and places to use (and where / how to understand all the terms and the tricks I’m missing). I have been using Whois.sc and DNSstuff.com to look up these jerks. Where else do I need to look and to learn?

Thank you so much.
dora

Moderator: URL removed. Too commercial…

By: Administrator

Administrator — Sun, 28 Aug 2005 09:39:21 +0000

Very few linkspammers use zombies. Since I’ve been doing this, I’ve only seen two linkspammers using zombies. One was Alexander Morozov/Dyakon, who used it for some trackspam runs. He normally uses proxies. Then there’s Mike Tison, who so far seems to use only zombies. I’ve never seen the Zaharievs using zombies, for instance.

So Suzy, can you please give us more background on this?

By: -S-

-S- — Sun, 28 Aug 2005 08:23:19 +0000

I am nearly certain that what occurs is that the spamming is quite “personal” in the sense that certain sites wherein these discussions occur are used to access related sites/URLs when they’re included in signon and/or identified per comments.

I only began receiving my current high volume of referral spam via this same process you identify here after commenting on (1.) a conservative, political blog site and (2.) this site and (3.) another spam investigative site.

The IPA you mention is among the “Mexico proxies,” alestra.net.mx.

Everyone should ban the entire range (I have) but it won’t at all solve the referral spam problem once a domain is targeted. The same spammers use the Naperville, IL “backbone” to proliferate (64.4.195.62).

And any available zombie PC, of which there appear to be many.