[wp-hackers] Simple comment spam experiment
iacobs at m0n5t3r.info
Wed Apr 16 22:14:49 GMT 2008
> I don't know of a particularly good lojack solution, obviously. I can
> think of some ways to do it.
> Idea: when spam comes in and is confirmed to be spam, block the IP
> from that site for a time period. All access to the site from that IP,
> blocked with instant 403. If this gets to enough sites, then rather
> rapidly the spammers can't send spam anymore.
this is mostly what I do, however at the firefall/iptables level:
fail2ban is monitoring the logs and adding firewall rules that end in DROP
> Problem: Blowback.
> Spammers will effectively shut down these sites for dynamic IP users
> who happen to get one of those IPs. Plus side: it will encourage ISPs
> not to allow spammers onto their networks at all and to take more
> proactive measures against this sort of thing.
the latest fashion seems to be botnet-powered comment/trackback spam, so
if you block the corresponding lusers with a mobilising message they may
actually grab an antivirus and clean their machines, so you're helping
save the world :D
> Anybody else got any other lojack ideas
instead of just DROP-ing the connections at the firewall, I believe one
can set it to allow the handshake to occur, then drop anything coming
from the internet and send RST to Apache to abort the connection;
or (my latest evil thought) set up a bunch of scripts like:
header('HTTP/1.0 302 Moved Temporarily');
I am afraid your target has moved. Again.
and have them redirect in a circle (perhaps even with random switching
between them) >:D
Most spam bots implement HTTP incompletely, but they usually do follow
redirects; now, I need to see how I can put this in a nice graphical
display like http://xkcd.com/350/
More information about the wp-hackers