April 16, 2005

Comment Spam - killer tool

When someone who has written a leading tool recommends another tool for the same job, it is worth taking notice. In this case, Jay Allen, the author of the wonderful MT-Blacklist posted a note saying that we might want to take a look at SpamLookup written by Brad Choate and Tobias Hoellrich. I did and I have had zero postings of comment spam or spam trackbacks on my website since. Here are a two entries from the SpamLookup log for today (it NAILED over 100 potential spams - Go SpamLookup Go!!!)
Blocking comment on XXXXXXXXX based on wordlist match: Match on phrase: XXXXX-XXXX-XX (Wordlist filter)
Here, it took the comment, parsed it against a list of words and blocked it. The offending word was a variation of a bluffing card game with references to holding and the second largest state in the USA. MT-Blacklist did this and did it well but that was the only tool in its arsenal.
Blocking TrackBack ping for XXXXXXXXX since domain IP does not match ping IP for source URL http://bambi.fluffy.bunnies.iseedeadspammers.com; domain IP: XXX.XXX.XXX.XXX; ping IP: XXX.XXX.XXX.XXX (TrackBack Ping IP filter)
Here is where SpamLookup shines. It can look at the IP Address of the referenced URL and compare it with the IP Address of the potential poster. Many of the stupid script kiddies (probably still living in their Mom's basement at age 24 and "unable" to find gainful employment) think that sending emails, comments and trackbacks are the road to riches. Their IP addresses are not those of the PPC's they are trying to flog. (PPC refers to Pills, Porn, Casinos -- the clients of this pox.) The other source is from zombie systems -- some people have zero concept of computer security and will click on any pop-up that appears on their screen, especially the ones that let them know in a friendly way that there may be a problem with their system. Clicking on these allows the host system to install Zombie-Ware which runs in the background (no visible indication of operation) and starts up again with each reboot. These Zombie systems can be leased out to people for sending spam. Again, the IP Addresses will differ and again, SpamLookup can determine if there is a stochastic relationship between the two or if the spam is sent from some idiot. Say BuhBye -- If you run a MoveableType Blog, it's worth the five minutes it takes to install this wonderful software. SpamLookup also plays nice with MT-Blacklist so there is no reason not to have both running on your server. Good stuff!!! Posted by DaveH at April 16, 2005 10:39 PM | TrackBack