The Definite Article

New spammer alias, same game.

The gambling folks are back at it again, but this time we have more powerful tools to deal with the likes of lilo@suddenenlightenment.us and sunny@moonlightshadow.us

Interested? Read on below.

As a side note, I'm sick as a dog. Edinburgh has undergone the transformation that all it's denizens know and loathe. The sun now sets before five and rises after seven. It's cold and raining constantly. My throat feels as though someone has cleaned it with a scrub bud that had been dipped in Drano.

I'm miserable.

First, if you are using either Wordpress or MovableType, there's a blacklist plugin. Both are fairly easy to use and install.

There are two different blacklist plugins for Wordpress - one holds all comments for moderation. I don't recommend this approach; bloggers and sysadmins, just like internet connections, have limited bandwidth.

The second blacklist plugin is modelled after the MovableType blacklist plugin that Jay Allen wrote before leaving Hungary.

You can find the Wordpress plugin that uses Jay Allen's blacklist.txt file here.

Download it and install it, then go get the blacklist.txt file from this plugin.

If you are running MovableType 3.01, get version 2.0e of the Blacklist plugin here.

If you are running MovableType 3.1 or better, go and get the latest version of the plugin pack, which has a bunch of plugins, here.

The blacklist.txt is also updated via RSS feed; to have your blacklist updated automatically, which I don't recommend just yet, go and get the RSS blacklist plugin from chuyeow at his Blacklist updater site. I think that chuyeow has written a great piece of software here; I eagerly look forward to the day that I can use it. I'm not going to start just yet, though. See below for the reasons why.

I don't recommend using an automatic updater because you can spoof entries into the automatically updated blacklist database with a carefully crafted email, so I'm carefully munging mine at the moment. Admittedly, I'm speculating slightly - I don't know what scripts Jay is running on his automatic email munger - but it did occur to me that if the main blacklist.txt was compromised, then the whole scheme would be damaged.

In a couple of days, when I'm feeling well again, I'll post a list on how to track someone's IP address using comments and the best manner in which to notify ISPs.

Ciao!
- Nathan

Posted by Nate at 11:53 PM | Permalink | Comments (10) | TrackBacks (0)

Hey, Sunny! Kiss my American Ass, you punk bitch!

I own you! Ha!

Okay, here's the deal, for those of you who have missed out.

There is a spammer bot, spamming for a number of poker sites to increase their Google rank by a tried and true method of Search Engine Optimization (SEO). That method is to post referrer URLs on blogs that have open comments allowed.

Since most of us in the blogging community would like to have anyone who wants to able to post on our blogs, this kind of thing is particularly pernicious.

Well, I've done a couple of things.

First, I've logged all of the entries from sunny_at_moonlightshadow.us and her affiliated poker companies.

Second, I've extracted all of the IP addresses and performed a reverse DNS lookup on each one. I'm in the process of cross referencing that with a list of service providers for those blocks of addresses. Once that is complete I'll send a series of emails to the service providers who provide IP transit to those boxes and ask that their customers be informed - it's likely that sunny has illegally compromised their boxes.

Third, I've installed an anti-spam tool that is - so far - keeping sunny at bay.

There are a few more pieces to this story, but until I know who is with me and who is not I'm holding off.

Cheers!
- Nathan

Posted by Nate at 12:06 AM | Permalink | Comments (6) | TrackBacks (1)