Saturday, October 14, 2006

No Referrer and Visitors vs Spambots

I've been struggling recently on better ways to handle requests to form pages, like a comments page, that are more secure yet more visitor friendly than just slapping up a "403 Forbidden" which runs off humans as well as bots.

After contemplating the issue and taking bookmarks and disabled referrers into account, I decided to simply redirect these potential bad hits to my home page instead of the old 403 error. This way a valid visitor that bookmarked the page could just navigate back, referrer intact and post as usual. So far I've seen a few humans that were redirected off the page for whatever reason navigate back to where they wanted to go, so it doesn't appear to be stopping determined people that aren't just there for malicious purposes.

Additionally, I only do this redirect after verifying the request isn't coming from the search engines as I obviously don't want to confuse the SEs by redirecting them to the home page.

The fun part is it seems to be confusing the shit out of the spambots, they're bouncing all over the place, quite hysterical to see them freak out.

For even more fun, verify that the referrer to your form page isn't a direct hit from a search engine to that page as many of the hand spammers from places like the Ukraine and India seem to like to use Google to find pages to post their clients' listings. For those reasons, now I'm also redirecting any direct hits to the posting page that comes from Google, Yahoo, MSN and ASK. Redirecting the hand spammers (aka SEOs) back to the home page seems to stop the hand spams as well since I've just made the job a little harder they just seem to move along instead of spending more time to find the page

One last trick, if you have the means to track these things like I do, is reject or auto-moderate anything with just a single page view to your site, which is just that form page. Some figured out I was looking for a specific referrer and plugged it in so the post looks 100% legit. Well bummer dudes, you need to view more than one page to make a submission so cleaning up the data to add a valid referrer was a nice try but you still have a bad bot profile by having no previous page views.

Gotta love all the fun and games with both sides escalating but so far I'm still spam free and winning this war.

Friday, October 13, 2006

Bot Busting or Spam Hunting?

Since I made a few posts about spam lately, mostly web spam, it seems I have a few spammers all bent and other people thinking that I'm a spam hunter.

For starters, I'm a bot buster and not a spam hunter. Whether it's a scraper, a stealth crawler, or a spambot, they're all bots so anything that malicious bots do to my sites that need to be stopped will be of interest to me. Defeating a bot that scrapes or spams each has it's own challenges and it's not been too terribly hard to stop them either way, so far.

Spam Hunter?

Get real, who has to hunt spam?

I just sit here minding my own business and spam comes from every angle via email, online submission forms, blog comments, or anything else you can put online and they'll spam it. When I see a trend emerging in my own spam logs, like the recent wiki/tiki and phpBB abuse, I just look to see how deep the problem is which isn't hunting spam exacly, it's analyzing the trends and patterns of the software vulnerabilities that are being exploited.

Maybe someone will notice and close some of those exploits, wouldn't that be nice, unless you use those exploits...

Just because a few of the latest topics revolve around spam, it's still bots in action and bots I've automatically blocked and logged, just spambots is all, but still bots all the same.

Enough of this noise, back to busting bots, scraper, spam or otherwise.

Wednesday, October 11, 2006

Web spammers abuse GuestCity's hospitality

While researching the depth of the wiki/tiki spam abuse problem there was one particular redirect link that caught my eye to some site called GuestCity.



When you see the smoke from web spammers in a search engine there's usually a web spammed fire somewhere close so I decided to look deeper to see what GuestCity was all about and assess the damage.

There on the home page was an encouraging anti-spam symbol on the lower left of the screen!



I clicked on the anti-spam symbol and read their get tough policy on spam, cool.




If these guys are really tough on spam, shouldn't find much web spam over there, right?

Sorry, took about 2 seconds to spot sites overflowing with crap like phentermine, viagra, cialis, and on and on.

If you want to see the funniest shit ever, click on their DEMO link right off the home page that is spammed upside down and inside out with a couple of years worth of garbage.

The most priceless quote is this one from 2004:
4249. Old demo book was removed due to lot of spam messages. Welcome to new one!
2004-10-21 08:33:59, Webmaster,
I think I fell of my chair laughing hysterically about then.

Sure wouldn't take more than a few days to write some code that would stop the spammers and eradicate all the splogs over there, hope they're up for the challenge.

Zone Communications sends SEO Spam

Just when I thought some of the SEO's were getting smarter, since I haven't been spammed by one for a while, here comes a nice juicy one from our friends at Zone Communications in southern California.

The spam came from this IP:

71.128.4.233
ppp-71-128-4-233.dsl.irvnca.pacbell.net.
Here's the lovely spam:
Your website can be at the top of the first page on all major search engines. Zone Communications has a great service that is very low cost and is billed month to month with a full refund if you are not satisfied. With this service you�re your ranking on Google, Yahoo and MSN within certain cities will be at the top of the page.

The pricing is simple. We charge $59 per month for your first listing and $40.00 per month for each additional listing. (There is also a small one time set up fee.)

If you are not satisfied with your position within 30 days, we will give you a 100% refund.

[spammers name]
Zone Communications
800-xxx-xxx
714-xxx-xxx (fax)
[spammers name]@zonecominc.net
OK, if they even took a look at the site they spammed they would know I'm all over the top of the 4 top search engines for keywords, cities and just about everything in my niche short of Mom's Apple Pie and Kitchen Sinks.

For people that spam me, my pricing is simple. We out spammers for FREE, and there is no per month fee to continue being outted. (There is also a small one time fee called you've been BUSTED for sending me spam.).

Now stay off my damn websites, you weren't invited in the first place.