Todays worst spamming address: www.nutzu.com

It’s a tie, my friends, nutzu.com and tigerspice.com. tigerspice has hit me worse today. And Spam Karma’s stopped them all.

I was hit by tigerspice (poker) and hit back by going after four of the open proxies the spammer used. All closed off by their owners. What’s more, the proxy logs revealed this IP (216.195.44.106) as being behind the comment spam. (IP>open proxy>my blog)

Anybody here know anything about it? I’ve done all the usual checking (whois, traceroute, OS, hosting (China), upstream ISP etc) Whois revealed a company in Gibraltar.

xxxx.eddiereva.com has now joined the party where xxxx is variations on poker such as free-texas-holdem or poker-room. And guess what, eddiereva.com sits on the same IP as tigerspice.com.

Spam Karma is going to town on these guys. Nothing is getting through.

I think either SpamKarma or Spaminator should be inluded in one of the next releases of WP or be one of the standard plugins included. That would save many new user A LOT of worry and frustration …

New users will find that a spam word like poker is enough to stop the comments going through but then it’s a clean-up job for the moderated comments. Next simplest step is .htaccess to deny the IPs. After that, it’s plug-ins. But what worries me is that we sit here putting up endlessly complex defences where, perhaps, we ought to tell owners of the open proxies that their systems are being abused to send comment spam. I’ve got four open proxies closed down in the last couple of weeks, and I’ve just asked a fifth company to secure their system. Drop in the ocean but every little helps.

“Next simplest step is .htaccess to deny the IPs”

Nah, I don thing so. Most spammers use zombiefied machines to spread their evil comments. You could block a thousand IPs a day and still get hammered from many more adresses.

I’ve been finding more open proxies than zombies….and you can block ranges of IPs with .htaccess. But I also think some standard anti-spam plug-ins are a good idea – ready to activate when needed.

I agree with you mikep but I also believe that most WP users have no idea of how to find open proxies or even know what they are. Maybe you can write up a tutorial on how to find open proxies and then what to do with the information once they find it? I’d be happy to add a link to it from my blog, as would others no doubt.

If you added these names to the blacklist form included in WP 1.5 would that block them too?

Yeah. I’ve been thinking about doing that. If I write one, I’ll post a link here. Meanwhile, this is what I did recently which may help.

OK, what are open proxies and how can you tell? And if I enable Blacklist comments from open and insecure proxies could that blacklist legitimate comments, pingbacks or trackbacks?

Open proxy=misconfigured HTTP proxy server. What happens is this. The spammer connects to the open proxy to send the comment spam. What you see in the comment is the IP address of the proxy server, not the IP address of where the spammer actually is. (If the misconfigured proxy is running an access log, then that will record the spammers IP address) In other words, the spammer is hiding behind somebody else’s IP and using that system to spam us. The proxy should be configured to allow only the organisation’s users to access the internet, not people like the spammer coming from the outside and then ‘leap-frogging’ to spam your blog.

As I know there are spammers that range in the thousands, but I’ve come acrossed one with tracks. He’s 14, from Houston and seems to have quite a reputation, especially after a routine Google search.

The little ferret wanted a free blog from me, but as done with all, I checked him out a bit. Yeah, right. He wins! Not in this lifetime.

I’d give you his known names, but should he peruse this forum, it’d only cause him to change to new ones so I’m unsure how this is really going to help anyone.

Someday, just wanna nail ’em all in the town square for all to see.

So such an occurance has to be done on purpose? So enabling Blacklist comments from open and insecure proxies from within WP 1.5 is a good idea?