WordPress.org

Ready to get started?Download WordPress

Forums

Todays worst spamming address: www.nutzu.com (28 posts)

  1. orangeguru
    Member
    Posted 9 years ago #

    Praise Kitty's Spaminator! It's killing hundreds of spam comments. Nutzu.com - or whoever you are - you suck!

    Sorry for the rant ... but it shows once again that WP with it's great plugins (developers) is a great tool!

    ;-)

  2. IronCladBurrito
    Member
    Posted 9 years ago #

    It's a tie, my friends, nutzu.com and tigerspice.com. tigerspice has hit me worse today. And Spam Karma's stopped them all.

  3. mikep
    Member
    Posted 9 years ago #

    I was hit by tigerspice (poker) and hit back by going after four of the open proxies the spammer used. All closed off by their owners. What's more, the proxy logs revealed this IP (216.195.44.106) as being behind the comment spam. (IP>open proxy>my blog)

    Anybody here know anything about it? I've done all the usual checking (whois, traceroute, OS, hosting (China), upstream ISP etc) Whois revealed a company in Gibraltar.

  4. mikep
    Member
    Posted 9 years ago #

    xxxx.eddiereva.com has now joined the party where xxxx is variations on poker such as free-texas-holdem or poker-room. And guess what, eddiereva.com sits on the same IP as tigerspice.com.

  5. Spam Karma is going to town on these guys. Nothing is getting through.

  6. orangeguru
    Member
    Posted 9 years ago #

    I think either SpamKarma or Spaminator should be inluded in one of the next releases of WP or be one of the standard plugins included. That would save many new user A LOT of worry and frustration ...

  7. mikep
    Member
    Posted 9 years ago #

    New users will find that a spam word like poker is enough to stop the comments going through but then it's a clean-up job for the moderated comments. Next simplest step is .htaccess to deny the IPs. After that, it's plug-ins. But what worries me is that we sit here putting up endlessly complex defences where, perhaps, we ought to tell owners of the open proxies that their systems are being abused to send comment spam. I've got four open proxies closed down in the last couple of weeks, and I've just asked a fifth company to secure their system. Drop in the ocean but every little helps.

  8. orangeguru
    Member
    Posted 9 years ago #

    "Next simplest step is .htaccess to deny the IPs"

    Nah, I don thing so. Most spammers use zombiefied machines to spread their evil comments. You could block a thousand IPs a day and still get hammered from many more adresses.

  9. mikep
    Member
    Posted 9 years ago #

    I've been finding more open proxies than zombies....and you can block ranges of IPs with .htaccess. But I also think some standard anti-spam plug-ins are a good idea - ready to activate when needed.

  10. Glo
    Member
    Posted 9 years ago #

    I agree with you mikep but I also believe that most WP users have no idea of how to find open proxies or even know what they are. Maybe you can write up a tutorial on how to find open proxies and then what to do with the information once they find it? I'd be happy to add a link to it from my blog, as would others no doubt.

  11. trendsurfer
    Member
    Posted 9 years ago #

    If you added these names to the blacklist form included in WP 1.5 would that block them too?

  12. mikep
    Member
    Posted 9 years ago #

    Yeah. I've been thinking about doing that. If I write one, I'll post a link here. Meanwhile, this is what I did recently which may help.

  13. trendsurfer
    Member
    Posted 9 years ago #

    OK, what are open proxies and how can you tell? And if I enable Blacklist comments from open and insecure proxies could that blacklist legitimate comments, pingbacks or trackbacks?

  14. mikep
    Member
    Posted 9 years ago #

    Open proxy=misconfigured HTTP proxy server. What happens is this. The spammer connects to the open proxy to send the comment spam. What you see in the comment is the IP address of the proxy server, not the IP address of where the spammer actually is. (If the misconfigured proxy is running an access log, then that will record the spammers IP address) In other words, the spammer is hiding behind somebody else's IP and using that system to spam us. The proxy should be configured to allow only the organisation's users to access the internet, not people like the spammer coming from the outside and then 'leap-frogging' to spam your blog.

  15. gnukerman
    Member
    Posted 9 years ago #

    As I know there are spammers that range in the thousands, but I've come acrossed one with tracks. He's 14, from Houston and seems to have quite a reputation, especially after a routine Google search.

    The little ferret wanted a free blog from me, but as done with all, I checked him out a bit. Yeah, right. He wins! Not in this lifetime.

    I'd give you his known names, but should he peruse this forum, it'd only cause him to change to new ones so I'm unsure how this is really going to help anyone.

    Someday, just wanna nail 'em all in the town square for all to see.

  16. trendsurfer
    Member
    Posted 9 years ago #

    So such an occurance has to be done on purpose? So enabling Blacklist comments from open and insecure proxies from within WP 1.5 is a good idea?

  17. mikep
    Member
    Posted 9 years ago #

    The spammer will use a bot to do the work. As for enabling the blacklist in 1.5, it's a good idea but as I'm using 1.2.2 (I know, I know) somebody else will have more experience on that.

  18. trendsurfer
    Member
    Posted 9 years ago #

    In WP 1.5 there is a blacklist form to key in words and a selection to Blacklist comments from open and insecure proxies. I've added nutzu and tigerspice, along with holdem and a few others to the black list form. Plus I've selected (checked) to Blacklist comments from open and insecure proxies.

    Along with that I've selected Before a comment appears:: # Comment author must fill out name and e-mail and # Comment author must have a previously approved comment. My understanding is this will capture all comments, pingbacks, and trackbacks. Those which meet blacklisted requirements will automatically be labeled SPAM and others will wait in the moderation queue.

  19. ceo
    Member
    Posted 9 years ago #

    Yeah, I've been getting majorly hit by this site this past week and Spaminator has killed them all. (Kitten, I love you!)

    trendsurfer, I would say yes, but frankly I have that option checked and Spaminator still was what caused the comments to not appear, apparently. So...I don't know.

  20. trendsurfer
    Member
    Posted 9 years ago #

    It could be that the plugin code was used first. (?) :) Anyway, if I have problems I'll be installing a plugin too. As a side note, I think what the WP developers did with regard to SPAM in 1.5 is as notable as the theme additions.

  21. Jinsan
    Member
    Posted 9 years ago #

    The only plugin I use for spam now is that new one that Matt uses along with the author and several others. Now my site isn't live per se, but when I turned it off I immediately had spam, turned it on and it was autmoatically in the moderated area. I'e not had one spam message since installing it. I no longer use anything else other than WP's blacklist in conjunction.

  22. Glo
    Member
    Posted 9 years ago #

    I don't use any kind of blacklist to combat comment spam. The only thing I use is Elliott Black's Hashcash plugin. Works like a charm on my blog and my clients blogs. No blacklist to maintain and no moderation to weed through. And the best thing - spammers get none of my bandwidth to spam me with and their spam is spinning in the cyber-ethers, never to be see again. ;-) You just gotta love it!

    I do use a piece of php code to combat referral spam and it has worked very well so far. However, if I start getting referral spam from many different sources, I'll have to implement something else because that php code checks for the domains IP and then redirects it to the spammers site. All of which uses resources and could slow down my sites load time if the list gets too large. Right now I'm getting no referral spam attempts. If it starts up again I may try coldforged.org .htaccess solution.

  23. "Next simplest step is .htaccess to deny the IPs. After that, it's plug-ins."

    Actually, most users find it easier to install a plugin than mess with .htaccess.

  24. Jinsan
    Member
    Posted 9 years ago #

    Well after all the praise I felt for Hascash, I turned off moderation for comments and got four spam comments from tigerspice. So I've added kitten's spamwords and spaminator as an addition. I wish these spammers would get a life - there should be some law that treats spammers just as harshly as virus writers.

  25. mikep
    Member
    Posted 9 years ago #

    I'm now getting comment spam directly from 216.195.44.106 rather than via open proxies. (see my earlier post above) Words include chinese, yellow, monkey, ape and p*ker.

  26. Jinsan, tigerspice sends their spam via trackback and WP-HashCash only protects comments.

    MikeP, add yellowmonkey to your moderation list.

  27. toddpedlar
    Member
    Posted 9 years ago #

    Is there ANY protection for spam trackbacks? If not, can an option be made that comments are allowed but trackbacks are not? Presently (unless I'm mistaken) you can only disallow BOTH trackbacks and comments, OR allow both... but you can't just disallow trackbacks.

    Right now, trackbacks are the main spam problem I'm having.

  28. charlesarthur
    Member
    Posted 9 years ago #

    I've sorted out how to stop spam trackbacks in 1.2 - see my blog at http://www.charlesarthur.com/blog

    Does require tiny, tiny bit of file editing - as in, copy + paste three lines between two files.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.