Fake WordPress/2.1-alpha3 Trackback Spam Countermeasure (and a factoid) (Updated)

For those of you who control your Apache server driving your blog and who would like to easily block the incoming tide of spam with the fake user-agent “-- WordPress/2.1-alpha3” then all you need to do is to add the following to your .htaccess or central Apache configuration.

BrowserMatchNoCase "-- WordPress/2.1-alpha3" spambot=1 Order allow,deny
deny from env=spambot
allow from all

That should then cause the spammers to bounce off with a 403 “go away” error. You can also lather, rinse, repeat for other spam user-agents you would prefer not to let into the house..

On another point, a couple of them (one each in Brazil, Holland and Israel) had a fake SMTP server listening on port 25:

220 ESMTP service ready
250 ok
250 ok
250 ok
250 ok
telnet> quit
Connection closed.

Very odd!

Update: Also see Fight Blog Spam with Apache.

Spam Subject

Todays winner is:

Please do not republish in whole or part without prior written permission.

The irony is that the spammer probably randomly grabbed it from a web page somewhere..

Boosting SpamAssassin Usefulness

Found this posting to the spamassassin-users list on my quest to make life a bit harder for the image spammers, looks like it’s working already.. 🙂


The important part there to note is that the Bayesian spam value was very little, but the rest of the tests correctly flagged it as spam.

SpamHaus Lawsuit (Updated)

There’s been a lot written about a spammer listed by SpamHaus sueing them in the US, but this lawyers account is worth a read. Basically it looks like SpamHaus made a legal mistake in the way they dealt with the US court:

3. That said, Spamhaus had a likely winner of an argument if they’d made it from the beginning: the U.S. court does not properly have jurisdiction over the U.K.-based company. […] it would have been possible for an attorney to make what is known as a “special appearance” before the court without acknowledging the court’s jurisdiction in the case. Reading the record, I’m puzzled that this wasn’t the strategy Spamhaus’s counsel chose.

4. Unfortunately, since that’s not what happened, Spamhaus may have waived personal jurisdiction as a defense early on in the case when they not only appeared, but then asked for the case to be removed from state court (where it was originally filed) and moved to federal district court (where it is today).

Most importantly, he says:

9. Finally, one last point: anyone who has a chance to talk publicly about this, if you are a friend to Spamhaus I would strongly urge you to refrain from making derogatory statements about the judge or the legal system in the U.S. Talk all you want about the evidence that you believe demonstrates e360 is a spammer. Talk about how important Spamhaus is to the functioning of email. But calling the judge stupid doesn’t help the case. Given the record, the judge had little choice other than to do what he did. So far as I can tell, Spamhaus presented no argument that would let him get out of this case, even withdrawing the answer that had been filed from the proceedings.

Anyway, he says a lot more than that so please go and read.

Update: The spammer who is suing SpamHaus is now being sued themselves in California on 87 counts of spamming.

Buggy Virus Checker Deletes Windows O/S File

This is almost a program falling for the SULFNBK.EXE hoax.

From ZDNet:

Some Windows 2003 users have been experiencing problems with the operating system after CA antivirus software wrongly detected part of the operating system as malicious software last week.

I could beg to differ with about detecting Windoze as malicious software being wrong..

CA could spin this in one of two ways, either the eTrust virus checker signature for Win32/Lassrv.B had an unfortunate bug that caused unwanted side effects, or, the virus checker was taking extreme proactive measures to protect the rest of us from Windows systems being used as spam sources and denial of service zombie botnets. 🙂