Posts with keyword: spam


New Twitter Spam Tactic?

Today, someone (or some bot) tweeted something that had nothing to do with me, but had my Twitter handle in it. The interesting thing about this is that the URL shortener is smart and goes to Amazon when you first click it, but there after goes to another site (something about Tatoos for Geeks--not sure what the point is). If you just go to the URL shortener's base URL, you get redirected to bit.ly. This seems to be a new tactic to keep Twitter from finding spam: disguise the links so that Twitter doesn't see the real target.
Continue reading...


Twitter Honeypots

Image by windley via Flickr When I was building the twitterbot for @utahpolitics, I set up a test account: @uptesting that I don't use for anything. It has 38 followers even though it's just test messages and hasn't had a tweet since early January. The followes are mostly a good list of Twitter spammers or people who follow a lot of people to get a lot of followers. Setting up a bunch of honeypots on Twitter and then adding anyone who follows them to a blakclist wouldn't be such a bad idea. Someone's probably already built it.
Continue reading...


Encrypting Your Email Address

Via a Wired story on protecting yourself from spam, I found Jim Tucek's Email Protector, a Javascript that let's you embed a mailto: link to your email address on your Web page without actually revealing the email address except to people who run the Javascript. The theory is that email address harvesters don't run Javascript.
Continue reading...


My Mail Is Offline

I haven't received any email all day, so if you've sent me something and are waiting for a response, I probably won't get your email for a while. Seems that windley.com is the subject of a distributed, dictionary email attack--that is a spam botnet is hitting my email server with every email address they can generate from the dictionary in hopes of getting a few through. The effect is an effective denial of service for my email server. The services on the server have been turned off awaiting the zombies to find somewhere else to play. In the meantime,
Continue reading...


A Simple Solution to Form Spam

A few weeks ago, Britt Blaser sent me a link to a technique for using CSS to fight form spam. The idea is simple, you add an extra input field to your form and use the CSS visibility property to hide it. The input field won't be visible to humans, but will appear normal to a spambot crawling the Web filling in forms. On the back end, you look for values in that field. If the form returns a value for that field you assume that a bot filled it in and discard the session. If the field is
Continue reading...


Hunting Down Spammers

The last talk reminds me that on my way into Canada, as I was passing through customs, the customs officer asked me my business. I reported I was going to give a tutorial at a Web conference. Here's the conversation: Customs Officer: On what? Me: Digital identity. Customs Officer: What's that? Me: Ways to identify people on the Web. Customs Officer: Will it help with Spam? Me: Not directly. Customs Officer: Will you ask the people at the conference if there's any way we can hunt them [spammers] down and kill them? N.B. I think by "we" he meant
Continue reading...


Understanding Splogs

Have you ever wondered exactly how splogging (spam blogs) work? What's the structure of that industry (and it is an industry)? Yi-Min Wang and Ming Ma (of Microsoft Research) and Yuan Niu and Hao Chen (of UC Davis) have studied the problem and found that there's a bottleneck in the economy of splogging at what they call the "aggregator level." This is the place to fight splogs. Here's the PDF version of the paper and here's a NY Times article on the results.
Continue reading...


Welcome Sploggers!

Chuck Knutson accidentally put out the welcome mat for sploggers and got a lot of unwelcome visitors. The first big problem was that we had installed the multi-user version of WordPress. Why did we do that? I teach a class called Computers and Society, and I have students deliver their thoughts and reactions as short posts on actual blogs in the actual blogosphere. It's an interesting experience for students to submit their homework to the world where the instructor and TA are two of a potentially larger number of random readers (including the entire class). Strangely it tends to
Continue reading...


Limit Simultaneous Connections in Apache

Yesterday I wrote about the comment storms that were happening on my blog. Many people made some great suggestions and I plan on implementing many of them in the coming weeks. I found something, however, that was pretty simple and, so far, seems to be working beautifully. Mod_limitipconn is a small Apache module that allows you to limit the number of simultaneous connections from any given IP address for any particular resource or mime-type. It built and installed without a hitch--within 15 minutes I was in business. Here's the configuration I'm using to limit connections to the comment CGI:
Continue reading...


Comment Spam Storms

Update: Be sure to read the comments. There are lots of good suggestions on solving this problem. Here's what I did to stop spam storms About three times per day my server gets hit my a comment storm. Someone with a botnet is trying to spam my blog and they're going about it stupidly. They don't get any comments through because of a simple textual CAPTCHA that I installed in June. The storm occurs because the spammers try to post over 100 comments in the space of about 1 minute from five or six different IP addresses. Naturally, the
Continue reading...


419 Scams, Black Money, and Greed

This piece about a former Congressman in jail because of Nigerian 419 scams caught my eye this morning. Amazing. It makes me wonder how gullible we all are. Clearly greed is the underlying culprit here. Be sure to watch the video on the black money scam. That was new to me. Anyone want to buy a suitcase full of black paper?
Continue reading...


Bot Nets and Spamming

You've probably been deluged by Spam in the last month or so selling penis enlargement pills or trying to get you to buy penny stock. A fascinating eWeek article gives details about the sophisticated bot net that's behind the Spam. The bot net is capable of sending over 1 billion email messages a day. That's quite a resource. Like anyone with a valuable asset, the bot herders have put considerable time and effort into growing, managing, and protecting it. The accompanying slide show is worth looking at as well.
Continue reading...


Blog CAPTCHA

The last week or so I've been getting slammed by "Nice site" blog comment spam that just wants a link to some dubious Web site. I'd turned on "approval for everyone" but that just means that it doesn't show up on the site--I still have to delete it and it got to be a pain. In an effort to fight spam while keeping my site as open to feedback as possible, I've added a CAPTCHA to the comment page. The package I'm using is SCode (Movable Type). It's not too sophisticated, but it works and I imagine it will
Continue reading...