The Musings of Chris Samuel

Bookmarking this useful information from Russell for future reference. I’ve just installed the RSS Footer plugin as recommended by the post that Russell links to.

Got to love the anti-spam Captcha on the sign up for the Quantum Random Bit Generator Service..

(Thanks Don)

I read on PLOA that Michael Carden briefly tried to open his blog for comments, only to find:

The WordPress UI balked at deleting 194,000 (okay, I ignored it for a while) comment spams. I had to dig in as admin and run a fun sql query on the database to delete all 47 meg of them.

I guess I’ve got a couple of suggestions for Michael to make his life a little easier should he decide to try again.

1. Akismet has an option to “Automatically discard spam comments older than a month“, that might help (though it’d be nice to be able to adjust the time).
2. Run, do not walk, to Rich Boakes most excellent Worst Offenders plugin. This will both group comments for deletion based on various criteria but also (if you have permission) add Apache “Deny From” rules for the offending IP addresses. It’s also worth bumping the number of IP addresses it can ban up, Donna’s blog is up to over 8,000 at the moment!
3. There are also tools like Bad Behaviour to try and catch bots before they get to you and if you are a member of Project Honeypot then there is the http:BL WordPress Plugin to check and block IP’s listed as baddies there.

Anyway, I hope that helps some people out.

Thanks to Jeremy for this one!

“Spamtrap” is an interactive installation piece that prints, shreds and blacklists spam email. [...] The paper is recycled after the spam email has been shredded.

“Spamtrap” - watch the video

For those of you who control your Apache server driving your blog and who would like to easily block the incoming tide of spam with the fake user-agent “-- WordPress/2.1-alpha3” then all you need to do is to add the following to your .htaccess or central Apache configuration.

BrowserMatchNoCase "-- WordPress/2.1-alpha3" spambot=1

That should then cause the spammers to bounce off with a 403 “go away” error. You can also lather, rinse, repeat for other spam user-agents you would prefer not to let into the house..

On another point, a couple of them (one each in Brazil, Holland and Israel) had a fake SMTP server listening on port 25:

220 ESMTP service ready
help
250 ok
quit
250 ok
quit
250 ok
bye
250 ok
^]
telnet> quit
Connection closed.

Very odd!

Update: Also see Fight Blog Spam with Apache.

Today’s winner of the oddest spam subject competition is:

Fruitful Overflow Gods

The plumbing equivalent of animism ?

Todays winner is:

ominously previously intended con

I suppose at least it’s honest..

Todays winner is:

Please do not republish in whole or part without prior written permission.

The irony is that the spammer probably randomly grabbed it from a web page somewhere..

Todays winner is:

onrush corpulent scanner

Found this posting to the spamassassin-users list on my quest to make life a bit harder for the image spammers, looks like it’s working already..

Yes, hits=5.433 tag=-100 tag2=5 kill=5 tests=BAYES_00, DK_POLICY_SIGNSOME, FORGED_RCVD_HELO, HELO_DYNAMIC_SPLIT_IP, HTML_10_20, HTML_IMAGE_ONLY_32, HTML_MESSAGE, MIME_HTML_ONLY, RCVD_NUMERIC_HELO, TVD_FW_GRAPHIC_NAME_LONG

The important part there to note is that the Bayesian spam value was very little, but the rest of the tests correctly flagged it as spam.