Tuesday, June 20, 2006
The good news: changing the names of the fields in my comment forms appears to have stopped the comment spammers cold, at least for now. Yay me. I'll have to keep monitoring things closely to see if that continues to be the case, which I would interpret as meaning that the spammer's program is parsing for common strings and adjusting accordingly, or if the spam returns at some point, which I would interpret as meaning that they visit sites, configure their control program to use the field names currently in use, and order the zombies under their control to attack using those field names. If it's the former, then I can leave the names as is; if it's the latter, maybe I'll come up with a way to automagically change the names every week or every month or at some other appropriate interval. In the meantime, I've added a new feature to my commenting system that cuts down the chewing up of my bandwidth by redirecting hits that attempt to use the old field names to POST something to a page to http://localhost/....
The bad news: shutting down some of the e-mail addresses receiving the most abuse didn't reduce CPU usage enough. My hosting company shut down my procmail script because it was consuming too many resources. So I've had to abandon the spam filter I've been using for the past ten years, Spambouncer by Catherine Hampton. I started using it when Catherine and I were both hosted by Best Internet, long since swallowed up by Verio, which was then eaten by Japanese legacy monopoly telecom company NTT. My current hosting provider, Pair.com, offer Spam Assassin by default. I haven't been happy with it when I've tried it in the past, but I guess I'll have to use it now. One interesting thing they do is greylisting, in which the SMTP server refuses to accept the first attempt to send certain e-mails. Legitimate e-mail will retry, and at that point, the mail will be accepted (at which point Spam Assassin takes over). Most spammers' MTAs don't bother to resend. Hence, a reduction in spam. So far, I'm not all that impressed; spam that my previous solution would have certainly caught is getting through, although not at a rate that normal people would find all that bad (I don't know how my mom or my wife can stand to deal with the amount of spam they get....) I've done some configuration to make sure my important mailing lists and such get through with no problem, but I'm still getting used to the system. I haven't been able to figure out how to get Spam Assassin to give me the kind of logging that I used to get from Spambouncer so that I can judge how well a job Spam Assassin is doing. Maybe once I get enough spam to train Spam Assassin's Bayesian filtering, it will work better.
As I mentioned before, if you have problems with comments (or in sending me e-mail), try contacting me through my web form.
Posted at 9:57 PM
Link to this entry || No comments (yet) || Trackbacks (0)
Monday, June 19, 2006
At the moment, my comment spam filters here on There Is No Cat seem to be catching 100% of the attempts. Over the past two days, that's about 230 attempts per day that aren't making it through my system. But the current system is one that requires constant vigilance, and I'm getting tired of it. I'm trying to figure out how this particular spammer's system works; I suspect that maybe it looks for certain parameters in comment fields. So I've replaced the name and id parameters of fields that users can enter to values that are unlikely to be easily associated with a particular type of field; that is to say, the e-mail field is no longer called "email", and so on. If this spammer is parsing my comment field based on common values for the name parameter, it should no longer work, and I can relax for a little while (at least until they catch up).
If you find you have a problem submitting a comment, please contact me with my e-mail form; I've tried to test the system, but I may have broken something.
In the meantime, I'll be exploring ways to improve my e-mail spam filters. My hosting provider contacted me this weekend with the bad news that my brandi.org domain was attacked with so many spams on Saturday that at one point, there were more than 100 copies of procmail running, dragging down the performance for the server not just for me but for the other uses as well. That's not good. I use procmail to do my spam filtering. Unfortunately, I've taken advantage of the fact that pretty much everything other than a few otherwise-defined addresses shows up in my mailbox to give out a different e-mail address to every web site that asks for one; that way, when spam starts showing up in my mailbox, I can see who it's addressed to and, if possible, shut down that address. It's bad enough when an address I left on a blog at some point is discovered, but it's kind of scary to realize that, for example, the address I used for the brokerage that holds one of my 401(k) accounts (and which I have never ever ever posted online anywhere) has been snarfed by spammers too. If I have to shut down everything except the main, defined addresses, this tactic isn't going to work any more.
I have to deal with this sort of thing offline, too. Local teenagers love to use our wooded lot as their personal dumping ground. I regularly have to clean up their messes of beer cans and empty liquor bottles (and boy, do I wish New Jersey had a bottle law so I could at least make some money getting deposits back on these presents). Today I had the lovely gift of God-only-knows-what in a black garbage bag; I didn't look too close, but in the 90 degree heat, the stench was awful as I dragged it from the end of the property to our garbage can.
If it comes down to it, I'll have to bite the bullet and shut down the e-mail addresses and comments here on the blog (and maybe the entire blog altogether). I've already shut down trackbacks a few weeks ago. This is the sort of thing that drove me away from Usenet in the mid-90s, the increasingly aggressive tactics of spammers. I have a pretty low tolerance for this crap. At some point, it's just not worth the effort to stay a step ahead of them.
Posted at 12:26 AM
Link to this entry || 3 comments || Trackbacks (0)
Tuesday, June 6, 2006
David Weinberger links to McDonald's Interactive, which claims to be an interactive division of McDonald's that is breaking away from their corporate father because of a corporate computer simulation that showed that the company's current course contributes to global warming and catastrophe.
So I looked up the McDonald's Interactive web site in whois. The administrative contact is shown as Marc Cohen, address 1 Kroc Drive, Oak Brook, Illinois. Sounds legitimate. "Cohen's" e-mail address, however, is given as email@example.com, and the technical contacts are at Aruba.it. Why would McDonald's host something in Italy?
Looking up mcvideogame.com in whois shows similar technical contact information, but the administrative contact is one Luca Nasi in Milano, Italy. Visiting the mcvideogame.com site reveals a take on corporate icon Ronald McDonald that a corporation like McDonald's would never countenance with such a valuable trademark. The Press section of that site gives the rest of the story away with links to stories about "La Molleindustria, developers of 'political games against the dictatorship of entertainment,'" as one of the stories puts it.
Clever. Deceptive, but clever.
Posted at 1:02 PM
Link to this entry || 4 comments || Trackbacks (0)
Back to There Is No Cat
This site is copyright © 2002-2017, Ralph Brandi.
(E-mail address removed due to virus proliferation.)