[spam-stopper] Reporting spammers to their ISP

markus akismet at phpmix.org
Wed Jun 21 16:14:56 UTC 2006 

Hi all!

I was getting close to 0 spam in my site, but since I released Akismet
module for Drupal I'm getting one or two, heh. Not a problem because Akismet
is catching them all. However, most of this spam is sent from a single
spambot, from where I've been learning a bit about their practices.

Some facts and observations:

a) They seem to use a custom HTTP client, that supports cookies so it is
able to keep the PHP session alive. This is a must when comment preview is
required before being able to submit the comment.

b) They send the spam from different IPs that may or may not be proxies.
Some of them seem to be ordinary PCs (just guessing now, probably infected
with a trollan or something similar). I have also observed that they have
been monitoring the attack by doing manual requests from behind a proxy.
Probably because their automated engine was getting a few errors :P

c) They use real e-mail addresses from a known free e-mail provider. I know
this because I'm using a module that checks the MX records to get the list
of mail servers and connects to them to check if the e-mail is valid.

d) They tend to fill in the homepage field of the comment with the URL of
the advertised site (or one of them).

e) I have also observed that they reuse the same IPs and e-mail addresses to
deploy different attacks, even when these attacks are happen in different
days. It seems no one is reporting to the corresponding ISPs abuse of these
resources ...hmm... or abuse report resolutions are taking a lot of time...


So I was thinking...

There is little we can do to break their clients. There are even programable
HTTP clients that support javascript, so they can easily emmulate whatever a
user would be required to do.

However, I wonder if there is something we could do to stop them use the
same IPs, e-mail addresses and advertised sites again and again. It might be
hard, but we are a lot more than them.

Would it be possible to join efforts to document procedures to report their
activities to the involved ISPs and/or e-mail providers. If we really could,
I believe, they would have to spend a lot more money trying to renew those
resources that we could eventually stop.

Akismet is great, but maybe there is something more that we all could do?

Any thoughts or experiences reporting spammers out there? What if we join
efforts in this direction?


Cheers
Markus

More information about the spam-stopper mailing list