Today one bot, which identified itself as Sean's Agent/1.0 (compatible; SA 1.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; .NET CLR 1.1.4322; made 10459 requests to one of my sites within two hours from the same IP address (78.84.130.92). The user agent comes from a C# sample. This is a good example how good code can be used for bad purposes.

Looks like somebody stupid took this sample and tried to build some kind of bot with it. This bot tried to grab the site in a very aggressive way, requesting...

Finally, I created SpamAssassin rules to filter out spam from Google mailservers. Itappears that all messages are sent by the same software. Possibly it uses Google vulnerability discovered some time ago (and not fixed till now as it seems). All messages have several identifying characteristics. I will not tell all that I found because it will be easy for spammers to "fix" their software. However one thing can be made public.

All these messages has a link to a web site hosted at network block owned by...

Usually I get very little amount of spam. I have a very good anti-spam setup, which I will describe some time in future. Normally I do not get any spam at all. But recently Istarted to get 2-3 spam messages a day. Not a big deal but annoying. I usually check all such messages to see where they come from. And currently all of them have headers like:

Received: by fk-out-0910.google.com with SMTP id b27so1193048fka.0     for <xxx@xxx.lv>; Sat, 17 May 2008 12:46:34 -0700 (PDT) Received: from ?88.183.182.56? (...

My personal DNSBL now runs for 3 days and already caught 53 IP addresses. It is weekend, so activity is prety low, though some addresses attempt to spam every hour. What a waste of resources! May be I should block them with iptables.

And this 53 addresses were caught with the most trivial filter. I am sure I could catch more if I write better filters. But I am lazy...

Caught...

In this article I am going to discuss advanced guestbook spam blocking. "Advanced" means that techniques will require not TYPO3 configuration but compiling, configuring and installing additional server components. This article is intended to web server administrators who are not afraid to protect their customers by installing non-traditional software.

I have to put standard disclaimer here: this technique works well for me. However it may not work for you. It may block some of your customers (though I provide ways to unblock most of them). If...

Yesterday Google give a link to very nice article on Spam Resource web site. It explains why autoresponders, non-delivery reports and other notifications are bad and gives some numbers. Read the part below and, if interested, visit Spam Resource.

Let's do some quick math on the back of a napkin. A quick check of my personal spamtrap account finds 2039 pieces of backscatter, just by searching for a few common phrases found in bounce messages and challenge/response requests. Out of the 320,000 recent pieces of spam I've got in that account,...

Last two days I get huge amount of backscatter spam to one of my e-mail addresses. Normally I get 1-2 spam messages as daily maximum (usually none at all) due to good filtering. But last two days server is bombarded by this spam. I had to spent lots of time analyzing this spam and writing new filters. But now it is done. It is all caught. I have time to go and drink tee. And back to development after that...

I put some links to those, who suffer from these problems.