suspicious spam/not-spam

  • over these last hours some very “strange” comments have been posted on my site. they are not technically spam, as they dont contain any links or nothing, but their wording, weird and always similar email syntax and the complete randomness and unrelatedness to the actual post make me suspect it might be some spammer trying to hack my latest comment spam protection, — spam-stopgap.php, which so far has been working like a champ.

    anyone else getting spam/not-spam attacked?
    and, more importantly: what to do?

Viewing 2 replies - 16 through 17 (of 17 total)

  • Why this new breed of comments has no links:
    https://www.asymptomatic.net/archives/2005/01/18/1225/got-new-spam-tactic-figured/

    The “miracle” of filtering spams that have no links (via many of the spam filter plugins available) is enabled through Realtime Blackhole Lists (RBLs), not by some mystic heuristic/bayesian algorithm.

    Basically, the plugin takes the IP of the spammer and uses it when making a DNS request from someplace like sbl-xbl.spamhaus.org. (Note that this is not the same thing as an email RBL, which would be significantly less effective.) That site has a database of IPs that were used to send comment spam, usually via open HTTP proxies. If the IP is in the list, it reports that info to the plugin, and the plugin filters the comment.

    Blacklisting IPs works, but you’re not benefitting from the work done by others who already have expansive lists of bad IPs. Install one of the spam filtering plugins and let it do the work for you. A good filter will cache the IP results so it doesn’t make duplicate requests to the RBL, and can still work if the RBL is inaccessible for some reason. A better filter could help report new bad IPs to the RBLs.

    Thread Starter pieceoplastic

    (@pieceoplastic)

    actually switching back and forth between spam-protections is not much work at all with the great plugin system worpress has. its as easy activate one, deactivate the other, and back again a few days later.

    apparently google is getting on it with the rel=”nofollow” link-attribute, but i still have to understand how this works… anyone looked into this yet? google.blog

Viewing 2 replies - 16 through 17 (of 17 total)
  • The topic ‘suspicious spam/not-spam’ is closed to new replies.