Tag: spam

Drowning In Comment Spam

Comments ‹ My Permanent Record — WordPress

Having a website with comments means fighting a tireless battle against spammers. They want their url mentioned online because that’s how Google decides who’s important and who ranks first for any given keyword search. The spammers are persistent.

I use a double barreled approach. There’s Akismet, from the same people who write WordPress itself. It identifies characteristics common to spam, then just throws those comments away.

Until today I was also using WP-SpamFree.

A week ago what was a garden hose of spam became a fire hose! The rate of spam comments probably didn’t increase. More likely some spammer just found a new way to look human enough to penetrate my defenses.

Tonight I swapped out WP-SpamFree and replaced it with Anti-spam. I like Anti-spam because its method of trapping spammers seems foolproof.

Spammers send out thousands, maybe millions, of comments every day. This is automation at its most destructive. The spam bots look for forms and are armed with enough answers (names, email addresses, comments, etc.) to get a message in.

Anti-spam adds two questions to each comment form. Then, using javascript, it hides them so humans won’t see the questions. Bots avoid javascript. It slows them down. That lets them see the questions you don’t!

Answer the extra two questions, you’re a spam bot! Foolproof (they say).

I hope it works, because right now spam is driving me a little nuts. Akismet alone blocked 26,340 spam comments last month! I hear you knocking, but you can’t come in.

Easy-To-Do: How To Stop Spam Posts On Your Twitter Account

This fix is incredibly easy and can be done by even the most computerphobic tweeter without fear of screwing things up further.

An old friend recently followed me on Twitter. He’s my friend, I went to follow him back. Uh oh. His Twitter feed is full of spammy weight loss messages, six in the last 24 hours.

My guess is he didn’t know he was sending out this stuff. He does now. It’s hidden in plain sight in a place most Twitter users won’t see!

It’s likely his account WASN’T hacked. Most compromised accounts have given the spammers permission without realizing it.

I sent him instructions to fix it. Here they are for you too!

  1. 1 – With a web browser (Mac, PC, Linux – no difference) go to www.Twitter.com and sign in.
  2. 2 – Click here. You’ll be taken to a list of the applications you’ve authorized to post to your account.
  3. 3 – Go through the list and “Revoke access” from any applications you don’t recognize or have stopped using.
  4. 4 – There is no step four. You’re done!

This fix is incredibly easy and can be done by even the most computerphobic tweeter without fear of screwing things up further.

The Times Should Have Come To Me

My hypothesis was you don’t go after spam by filtering email. You go after spam by stopping credit card transactions.

February 6, 2004 I wrote a blog post about spam. My hypothesis was you don’t go after spam by filtering email. You go after spam by stopping credit card transactions!

It seemed reasonable at the time though as you’ve probably noticed spam continues and is still supported by credit card purchases!

Flash forward seven and a half years. Today’s New York Times carries this headline: Study Sees Way to Win Spam Fight. Guess what scientists have found?

It turned out that 95 percent of the credit card transactions for the spam-advertised drugs and herbal remedies they bought were handled by just three financial companies — one based in Azerbaijan, one in Denmark and one in Nevis, in the West Indies.

The researchers looked at nearly a billion messages and spent several thousand dollars on about 120 purchases. No single purchase was more than $277.

If a handful of companies like these refused to authorize online credit card payments to the merchants, “you’d cut off the money that supports the entire spam enterprise,” said one of the scientists, Stefan Savage of the University of California, San Diego, who worked with colleagues at San Diego and Berkeley and at the International Computer Science Institute.

It makes you wonder, do the credit card companies really want to stop this? If they wanted to they could.

Seriously Facebook… This Again?

If Facebook isn’t equipped to fight off this tiny and easily identified threat how will they perform against something big?

With nearly 5,000 Facebook friends I am a spam magnet! Unfortunately for me my goal is keeping my Facebook account accessible to all which makes me vulnerable to everything! The spams started coming early Saturday.

OMG! Its unbeliveable now you can get to know who views your facebook profile.. i can see my top profile visitors and i am so shocked that my EX is still creeping my profile every hour. click below

I have received that automated message at least a half dozen times in the last two days. Each time its posted on my Facebook wall. It is the worm on the end of the hook! It is trolling for fish.

The first one I received came from a friend with an EX. Trust me, she doesn’t care to stalk his Facebook account.

Facebook claims and I believe you can’t do any of the things these spammy scams promise and yet they continue to promulgate week-after-week-after-week. Even worse they’re sent through Facebook’s internal mail system. Is there no filtering?

If Facebook isn’t equipped to fight off this tiny and easily identified threat how will they perform against something big?

Facebook wants us to trust them with nearly everything personal and private in our lives. They’re a long way from getting my trust.

More Facebook Scamming And Spamming

Here’s a screengrap from my friend Wayne in Hong Kong. All these women want to meet him.

Now I feel bad! I thought I was savvy about all the Facebook scams and spams. Guess not. Here’s a screengrap from my friend Wayne in Hong Kong. All these women want to meet him.

Obviously these are phony accounts set up to try and extract something from poor Wayne and the rest of us!

Is There Really A Su Bransom? I Don’t Think So

I’m not sure how Twitter makes money off Twitter, but I think I know how Su does… or tries to!

I’m a people watcher on the Internet. That’s especially true with Facebook and Twitter. Often I’ll just gaze as my newsfeed/timeline scrolls by. That’s how I ran into Su Bransom.

Twitter says Su Bransom is the person behind SuBransom8028. Her profile says she’s from New Haven and an environmental engineer. I think it’s a bunch of bull and that there’s no Su!

I’m not sure how Twitter makes money off Twitter, but I think I know how Su does… or tries to!

Every few minutes Su’s twitter account lets loose with a tweet. They’re random incomplete thoughts cut short by Twitter’s 140 character limit.

A few minutes ago Su said,

“Leading scientists and thinkers writing on everything from robots to physics to behavioral economics”

I threw that phrase into Google and out came a citation from Steve Lohr’s page in the New York Times. Lohr uses those words and more to explain a link he’s included.

Su uses it because she needs words!

So far nothing Su’s done has made any money for her. That part of the game comes in other tweets she sends every fourth or fifth time.

@_SkyLineDrives Finally saw Just Go For It here http://bit.ly/xxxxx-kinect_online?=mzaz&#185

That’s Su responding to @_SkyLineDrives, but not because they’re Twitter friends!

@_SkyLineDrives sent a tweet which mentioned the movie Hall Pass a few minutes earlier. That’s what triggered Su’s response.

Her reply included a link to a site (I’ve never heard of) that streams (or claims to) movies that haven’t yet been released to home video. That’s where the money’s made!

The random text tweets are decoys. They make Su look real to Twitter which is probably on the lookout for anyone who exclusively replies to people they don’t follow! In reality this whole charade is just a sophisticated form of spam! Unlike email spam which goes out en mass this Twitter spam is targeted and goes to one user at a time.

Expect to see a lot more of this as we spend more time on networks that connect us exclusively to people we know and which therefore seem more secure. When there’s money to be made people will find a way!

&#185 – I’ve added some extra characters to keep from spreading the actual link. You can figure it out if you really want to.

This Could Kill Facebook

In both cases my ‘friends’ were making mass mailings without regard to whether their product or client’s product was worthwhile to me. This irks me.

I had to block two Facebook friends this afternoon. It seems they were friending me on behalf of their business so they could send commercial email. Because of Facebook’s inherent friend-to-friend trust there’s not the same kind of spam filtering you find on more traditional email.

In both cases my ‘friends’ were making mass mailings without regard to whether their product or client’s product was worthwhile to me. This irks me.

As it is I already ignore friend requests from businesses. Businesses shouldn’t have personal accounts. They do. This seems to be poorly policed by Facebook. Maybe it’s not policed at all.

When Facebook becomes more pain than fun it will disappear. I will miss stalking your photos.

The Second Coming: “Hello – How Are You” Spam

This didn’t make sense the first time. It doesn’t make sense now. There’s no payload and no way for the sender to know the spam’s final disposition.

It’s back. The “hello – how are you” spam is once again flying across the Internet. I didn’t notice until a few new comments posted on the blog earlier today. Then a few made it past Gmail’s filters.

This didn’t make sense the first time. It doesn’t make sense now. There’s no payload and no way for the sender to know the spam’s final disposition.

The only thing that seems to be clear is it wasn’t a mistake the first time. It definitely stopped. It’s definitely restarted. That means someone has positive control.

This flight of spam started Friday. I got my most recent “hello – how are you” around an hour ago.

Why?

The Amazon Attachment Spam Attack Gets Weirder

My javascript interpretation isn’t good enough to understand whether this is a vicious or just suspicious set of emails. I think we’re being set up. The next hits probably won’t be as docile.

This past weekend I wrote about a totally harmless, weirdly meaningless, spam attack. Thursday afternoon another began. I’ve got 80 already.

I think they’re coming from the same place except this one is a lot scarier.

The weekend spam attack was just a few words. Once it was sent it was totally out of the spammer’s control. Today’s spam delivers an html file. Strings attached? Could be.

In and of itself html isn’t a problem. The entire worldwide web is built on html. This file’s contents seem to be a duplicate of something Amazon.com legitimately sends. Thursday afternoon that lulled me into a sense of security. Then I got a comment from Vince Batchelor.

If you look at the source of the html file, you see some javascript in the middle of the file.

Again, like html javascript itself isn’t nefarious. Nearly every web page you visit uses javascript, even this one! The javascript in this spam is different. It’s squeezed into the middle of the Amazon message where it definitely doesn’t belong. Inside the javascript is an encoded set of commands&#185. Unlike the rest of the javascript encoding makes this part unreadable by humans!

Don’t worry it can still be decoded!

I’m a little over my head here, but the code creates a clickable link to a South African website which in turn sends you to another website which Google labels a malware carrier. I’m sure I don’t have that 100% right. Whatever it does it’s unexpected and eye raising.

This spam continues to be passed to my inbox by Gmail as if it were no problem at all! Shouldn’t they be filtering it?

My javascript interpretation isn’t good enough to understand whether this is a vicious or just suspicious set of emails, but I think we’re being set up. The next hits probably won’t be as docile.

&#185 – For those of you who’d like to examine the code I’ve placed it here.

The Hello How Are You Spam Stops

If you’ve been getting these spam emails would you please check and let me know when yours stopped. I doubt it will unlock any secrets, but it would be interesting to see how tightly controlled this army of spammers was.

I just got a blog comment from Richard in the Netherlands.

I have not received any “hello – how are you” spam since 19-09-2010 / 20:28 CET.

That sent me to my spam inbox. The last “hello – how are you” spam was received here Sunday at 2:18 PM EDT (1818 UTC or 2018 CET), ten minutes before Richard’s stopped. Up until that point they had been coming in sporadically sometimes as often as a few a minute other times once every 10-15 minutes.

If you’ve been getting these spam emails would you please check and let me know when yours stopped? I doubt it will unlock any secrets, but it would be interesting to see how tightly controlled this army of spammers was.

Meanwhile I don’t know any more than earlier. This whole thing is a puzzle. We may never know.

Hello – How Are You. The Spamming Continues

This is an immense undertaking–that’s for sure. And as far as anyone can see there is absolutely no benefit to the spammer–zero! I’d like to know why he’s doing it.

What the heck is going on? Yesterday I wrote about a spam message making its way across the Internet.

Subject: hello
Message: how are you

As has happened a few times in the past I blogged about something esoteric, poorly covered and curious. There was no one else ‘covering’ this news. Google deemed me the authoritative source. Search: “hello how are you spam” and you come to me.

No problem. I’m glad to help.

My blog traffic began to spike overnight as geeks and nerds from around-the-world tried to figure out what was going on. If you read through the comments you’ll see how perplexed everyone is. Why would a spammer send out millions of emails with absolutely no payoff on his end?

Every possible justification for the spam led to a dead end, save one.

RFC 822 allows for using X- prefix for user generated info. I have no idea what the “X-Mras: Ok” header means, but it seems to only show up in these emails. I created a filter to send any email containing “X-Mras” anywhere in the headers to a special folder. So far the only emails that show up there are these odd “Hello – how are you” type emails.

This sort of email has been showing up for at least 2 years, off and on –the “X-Mras” field seems consistent in all cases (this may change).

For the non-geeky RFC 822 is the 1982 set of rules which govern email. The rules allow you to add your own parameters for your own purpose without telling anyone why. The only requirement is they start “X-.” These spam messages all contain “X-Mras: OK” a combination not seen in any other email.

Does “X-Mras: OK” mean or do anything? We still don’t know, but the more people who dive into this the more likely it will make sense… at some point… just not now.

Earlier I wrote how I received a few handfuls of these messages. I was wrong.

It was possible some were getting ‘stuck’ at the geofffox.com spam box and never making it to Gmail. When I went there and checked the first screen of results showed 20 spams. At the bottom of the page it said, “20 of thousands.”

I’s difficult to say with any authority the resources being pressed into service to send the “hello – how are you” spam. This is an immense undertaking–that’s for sure. And as far as anyone can see there is absolutely no benefit to the spammer–zero!

I’d like to know why he’s doing it.

The New Spam: Hello – How Are You?

This is a test for sure. But what’s being tested? I have no clue.

Right now my email spam folder has nine emails unlike all the others. Though each claims to be from a different sender they’re all exactly alike. The subject is “hello” and the body is “how are you?” That’s it.

Like most spam its lineage is questionable. All the addresses are forgeries.

I opened a few to check the routing information. The first originated in Brazil. Another came from India. I suspect each of these spams comes from a different source. More than likely this is a botnet at work.

Someone has gone to a lot of trouble, but why? Seriously–this spam accomplishes nothing. There is no ad nor any payload (like a virus). Because most of the addressing info is forged these spams can’t report back on what they find.

This is a test for sure. But what’s being tested? I have no clue.

These “hello – how are you?” messages are one of two coordinated spam waves I’m currently seeing. The other contains snippets from various news stories run together into a large paragraph of unrelated sentences! Again it’s totally worthless to the spammer with no useful payload though it certainly requires a lot of resources.

Are you getting these to? I’d like to know.

Because so many of you are curious I’m including the source from one after the jump. The email was sent to a seemingly random, non-existent mailbox at geofffox.com. As with all my email it is then forwarded to a catch all box at Gmail.
Continue reading “The New Spam: Hello – How Are You?”

State Of The Spam Report

At the moment the spam folder contains 38,416 spam messages. That’s about 1,280 per day!

I needed to respond to someone on Reddit.com. For some reason my direct message to her didn’t go through so I left my email address out in the open. A few minutes later another user sent me a private message.

You posted your email address and I would say that it would probably be best if you removed it – there are people on here and also a lot of bots that will pick it up and you’ll have spam coming for the rest of your life.

Too late on that. The horses are already out of the barn.

My me@geofffox.com address is hosted by Google/Gmail. Their spam filters are mainly great. Anything spammy goes into its own bin for thirty days. After that it’s automatically discarded.

At the moment the spam folder contains 38,416 spam messages. That’s about 1,280 per day!

I seldom look at it, but did now for research purposes. Scary!

Spam trends change often to try and evade filtering. At the moment there are dozens of messages claiming to be from Pfizer the maker of Viagra. Right.

There are phishing messages that say they’re from AARP. They’re not. This only establishes I am now in an age group too trusting for the net!

At one point spam used to contain lots of porn. Guess you have to search that out on-your-own nowadays. “Naked college girls who want to meet you” have been replaced by ads for those disappointed with their size. In fact the vast majority of my spam is for pharmaceuticals of all type.

Most of my spam is sad. I feel bad for the people who buy.

Here Comes The Spam

Since the bog has been up with Wordpress (under 24 hours and only now beginning to be seen by Google) I’ve gotten 46 comments. 41 were spam!

While setting up this new iteration of the blog I made a decision–all my older entries would again be open for comments. A few years ago faced with a plethora of blog spam comments were shut off after a week or two.

You know what spam is, but blog spam? It’s much more insidious!

Did you create your own blog or did a program do it? Could you please respond? 18 – Leila Caracci

Looks harmless, right? Except Leila’s email address says she’s GailWoolfolk@aol.com. There’s more.

My blog’s comment form allows you to enter a website address. Leila/Gail has attached MLBH0TD0G.TK (I have sanitized the site by substituting zeros). There lies the rub.

If that comment had gotten posted, accompanied by that URL, the named website would get a little rub of my Google glory. It would rank a tiny bit higher in searches. Multiply that by hundreds or thousands of sites and the effect can become enormous.

I would have spotted this on my own, but WordPress comes with Akismet, a filter which performs the job silently and very well.

This blog is great. How did you come up witht he idea? 6 3 4

That’s another one appealing to my ego. Notice the random numbers at the end to try and throw off filtering. It didn’t work.

Great site! Your writing is so fresh compared to most other bloggers. Thanks for writing when you get the chance to, I’ll be sure to keep visiting!

That’s another with a non-matching email/name combo. The linked website soft sells French Press coffee makers with an affiliate link to Amazon. These folks are resourceful.

Any time anyone has something of value others want a piece of it, like my Google karma. What the Internet does is make tiny inconsequential pieces easy to aggregate. I would guess getting many Geoff’s to post your URL produces significant income for little effort!

Since the bog has been up with WordPress (under 24 hours and only now beginning to be seen by Google) I’ve gotten 46 comments. 41 were spam!

As long as Akismet holds its ground I’ll keep everything open. I am only marginally optimistic.