Spammers Got In, And Made It Hurt
Well, it took them 24 days to get around my simple spammer block, but last night they made up for it. I woke up to 377 spam comments this morning, so I'm afraid I'm going to have to make some more changes to the anti-spam system.
There was a single spam comment posted to one of the entries at some point in the afternoon, and the spam barrage didn't start until the late evening. That leads me to believe that my site was flagged up on a spammer's machine as not accepting their comments, and that they came here and added one manually to see how to get around the spam barrier. Their bot must have then come along later and done the damage.
Why do spammers love radiac.net so much? It's not just the comments - it's not yet 8:30, and I've already had 12,000 spam e-mails today.
I've got two tricks left after this to stop the spam comments, but if they still get through after those, I'm stuck. And extremely scared at the lengths these people will go to.
Comments
The new anti-spam measure is now in place, let's see if it helps. It probably won't, but I'm curious about how the spammers operate, so I'm just taking it one step at a time :p
If you make me enter the animal of the day from a text string... isn't that really, really easy to parse and defeat?
Yes it is, but for them to parse it, they have to come to the website first and process it. I am curious about how the spammers work, so each step I implement is there to see what they'll do.
So far I have learnt that they execute javascript, and that they come round and test spam filters manually. I'll add the last few things gradually to satisfy my curiosity - and to see how long it takes them to evade each step.
Eventually I'm sure I'll end up with an image-based captcha, but I want to see what they do up to that!
How about using a set of dodgy 1980s pop star pictures taken from old issues of Smash Hits, and the response phrase being the title of first single - creeky might like that
Once again GreaseMonkey defeats you. Never mind, eh!? Have emailed you accordingly.
The most disturbing thing about spamming is that it must work. I mean, they wouldn't do it if there weren't stupid people who fall for the messages and respond accordingly. I am back up to 50 spams or so per day (nothing like my 100+ per day previously)... last time I scrapped arenaman.com and moved to michaelstubbs.net. Now I'm thinking of scrapping that and going to my .co.uk domain but not publishing my email address anywhere online. Pain in the arse!!
Michael: I agree - see my [[http://www.radiac.net/diary/id/1082|open letter to whoever buys from spam]]! My biggest e-mail spam problem is that some of my domains are catch-all, and currently two are being dictionary attacked. No real solution other than to white-list the addresses I use, and consign everything else to the bin - moving domains would avoid spam to the addresses that have been harvested from the web, but there's no guarantee that the new domain won't also start to get e-mails to graham@, garner@, stevens@ etc.
Andrew: I don't mind GreaseMonkey doing it! Problem is, as long as it can, so can the spammers.
DavidH: But then I wouldn't be able to comment on my own diary :(
Leave a comment
- Add a comment - it's quick, easy and anonymous