On Sun, 14 Jan 2007, William Warren wrote:
Heck feed it from spamkarma 2 or askimet. I use spamkarma 2 and it routinely nails tons of blog spammers..:)
SK2 and Akismet indeed do good work on WordPress, but are far from the solution to the problem. Things just get out of hand in the realm of comment spam as more and more spammers invest resources there and overload web pages and services. http://blogs.securiteam.com/index.php/archives/285 http://blogs.securiteam.com/index.php/archives/290 http://blogs.securiteam.com/index.php/archives/296 http://blogs.securiteam.com/index.php/archives/401 http://blogs.securiteam.com/index.php/archives/470 http://blogs.securiteam.com/index.php/archives/471 http://blogs.securiteam.com/index.php/archives/502 http://blogs.securiteam.com/index.php/archives/180
Alexander Harrowell wrote:
Gadi, if your HTTP spam DNSBL gets working, we would certainly be interested in feeding our spam filter from it. It is my experience so far that comments spam is not very "botnetty" but more "boxy" - the proportion of the total we get from any single IP address is relatively high.
Actually, to put that better, rather than being evenly distributed over many IPs, a core-group of the IPs spamming us at any one time account for the bulk of it. 80/20 rule again
On 1/14/07, *Gadi Evron* <ge@linuxbox.org <mailto:ge@linuxbox.org>> wrote:
On Sun, 14 Jan 2007, Peter Corlett wrote: > > On 14 Jan 2007, at 13:27, Tony Finch wrote: > [Blog spammers] > > Most of the IP addresss you listed are are already on various DNS > > blacklists. > > Ooh, now that is interesting. I had assumed that the DNSBLs only > covered SMTP spam sources, but on reflection I suppose SMTP is a dead > protocol these days in the wider Internet. > > For the benefit of those of us who have been lucky to Recover from > ISP work and now herd blogs[0], would you be so kind as to share > which blacklists are worthwhile and worth consulting on this front? > > [0] Before you ask, no, it's no easier, in fact arguably harder work, > although the pay and hours are better. But yes, we're hiring. >
Your assumption is incorrect. These DNSBLs cover spam sent in email, indeed. Thing is, spam is spam and spammers are spammers. Meaning, they spam in every way they can.
In my experience 20-70 per cent would be flagged by email DNSBLs. Not accurate to filter out blog spam.
As in, bots will be bots.
I've been working on a new DNSBL for comment/etc. spam for a while, which will be reliable, generally, it doesn't exist yet for public consumption.
There is such a black listing service already, but again, reliability is an issue.
Gadi.
-- My "Foundation" verse: Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD.
-- carpe ductum -- "Grab the tape" CDTT (Certified Duct Tape Technician)
Linux user #322099 Machines: 206822 256638 276825 http://counter.li.org/