There has been a lot of discussion here recently regarding strange users registering on my site. There have been several potential solutions discussed as well. One of the solutions discussed is to use CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) to prevent spam bots from registering on your site. To address this need, I have released gl-captcha-1.0, a CAPTCHA implementation for Geeklog utilizing the custom registration feature.

gl-captcha-1.0 is a combination of the previous beta releases and contains both the dynamic and static image support. This version also supports the use of a language file and improvements to the memberdetail.thtml template to allow users to refresh the CAPTCHA image and to email the administrator if having difficulties registering.

Three months ago, we released an update for Geeklog's Trackback handling that stopped Trackback spam by simply checking if the site in the Trackback URL was actually linking to your site. At least one spammer has now figured out how to circumvent that check and so it's time for the next round ...

Yet another update for Geeklog's lib-trackback.php is now available for download. This is a drop-in replacement for the lib-trackback.php of all Geeklog 1.4.0 releases (up to and including 1.4.0sr5-1).

Note: The download link was still pointing to the old file. If you downloaded it before September 15th, 2006 2 PM EDT, please download it again to get the correct version!

SLV (Spam Link Verification) is a service run by Russ Jones at www.linksleeve.org. The idea is that interactive sites like Geeklog or forums send all user-contributed posts to SLV first which then checks if certain links show up in unusually high amounts. In which case it considers those to be spam and flags them accordingly.

The SLV module for Geeklog's Spam-X plugin makes use of that service. See the included README for installation instructions.

This module should be considered experimental for now. I've been using an earlier version on two sites for several months now, though, and it did help quite a bit. And it can only get better the more sites use it.

We're probably not the only ones seeing a sharp increase in the amount of Trackback spam over the last couple of weeks. Trackbacks are a new feature in Geeklog 1.4.0 and we're still learning ...

So here's a first result of that learning process: A new version of the lib-trackback.php for Geeklog 1.4.0 that contains a few improvements to better fight Trackback spam:

• a separate speedlimit setting for Trackbacks
• stricter handling of the speedlimit for Trackbacks
• can optionally check if the site that sent the Trackback actually contains a link to your site
• option to log rejected Trackbacks

You may want to check if you have a registered user on your site who's email address is new@sys54.3fn.net or new1@sys54.3fn.net (or a variation thereof). On at least two Geeklog sites (including geeklog.net) that user has suddenly started posting comment spam (for drugs and pills) after the account lay dormant for a year or longer. The oldest accounts found so far date back to August 2004.

Account names differ but follow a pattern: 9NoraRebecca, 3BillAlika, 7FlossieOma, 9AlmaNoguri

We suggest that you delete or at least ban that user (banning a user is only supported as of Geeklog 1.4.0). If you find any interesting variation of the above patterns and suspect it's the same user, feel free to email us and send us the details.

As you may have noticed when trying to update MT-Blacklist from the Spam-X plugin recently, the blacklist hasn't been updated in a while and has now even started to throw error messages. The reason is that Jay Allen has discontinued MT-Blacklist.

We would like to thank Jay for his work on MT-Blacklist and hope that his assessment that MT-Blacklist is no longer needed proves to be correct.

As a temporary measure, the last complete MT-Blacklist is available here on geeklog.net. So if you set up a new Geeklog site, open up the Spam-X config.php file (/path/to/geeklog/plugins/spamx/config.php) and update the URL for the initial import to read:

// Entire MT-Blacklist (for inital import)
$_SPX_CONF['mtblacklist_url'] = 'http://www.geeklog.net/backend/blacklist.txt';

Please note that there will be no updates, so if you already did the initial import, clicking on "Update MT-Blacklist" won't do anything (other than throwing an error message ...).

We will be looking into providing other means of spam protection for Geeklog in future releases. In the meantime, the last version of MT-Blacklist should provide some sort of protection for the time being. We suggest that you check your site for new comments / posts on a regular basis and feed your personal blacklist with any URLs and keywords of spam that you may encounter.

And if you haven't already done so, upgrade to Spam-X 1.0.2, which includes some new spam filtering modules.

The Spam-X plugin 1.0.2 is now available for download. This release fixes a few bugs, includes new modules and also implements the necessary name change.

• Fixed MassDelete module
• New module to filter spam posts by IP address
• New module to filter spam posts by the IP address of the spamvertized domain
• New module to filter spam posts by characteristics of the HTTP header

The tarball also includes an updated submit.php which now filters story, link, and event submissions for spam.

This release is compatible with Geeklog 1.3.10, 1.3.11, and 1.3.11sr1. If you're running the current CVS version (1.3.12cvs), please do not install this plugin but continue to use the CVS version.

Hi, this is just a short note about referrer spam and the problem I've had with it and the Visitor Stats plugin by Tom Willet and John Huges, I believe... My site, www.justrage.com gets loads and loads of referrer spam for some obscure reason, and I've always had a hard time doing htaccess magic. So here's what I do and it works for me.

Assuming, of course, you have the Visitor Stats plugin, go to your /plugins/stats directory, open functions.inc and find the following line:

if ($host == 'geeklog.sourceforge.net') {
  $host = 'geeklog.sf.net';
}

And then add the following new line under it:

if (ereg("word", $host)) {
  $host = '';
}
// the '' are single quotes, not a double quote

Change "word" to a specific string in the referring URL you want to block. For instance if you want to block http://something.ne.com you chould change "word" to "something" or "ne" or "com" or even "ne.com". What happens is that the code will simply rub out ALL the referring urls that contain "word" anywhere in it. It will only rub out the URL from the Stats phpblock, though, not the stats pages themselves. Which works fine for me anyway.

Add as many lines under it for as many "words" you need to block.

To my knowledge and experience, SpamX only blocks comment spam, and htaccess is just too complicated for me. So this is what I simply do to resolve my referrer spam issues. Hopefully, in the future someone could update the Stats plugin to include an easy way of doing it from its admin frontend.

Well, we've had spam for porn, pills, and poker - but contact lenses?

Last week, someone actually registered with several Geeklog sites only to post comment spam for contact lenses. I actually thought that was somewhat amusing, but it seems there's more of this coming.

We are now seeing referer spam for a site advertising contact lenses:

Spamvertized site:	contact-lenses-x7 DOT com
Domain registered with:	Names4ever.com
Site hosted at:	72.9.234.170, Global Net Access LLC, Atlanta
Referer spam came from:	63.247.74.90, Global Net Access LLC, Atlanta

It doesn't look like the two incidents are directly related, though. Last week's spam was for:

Spamvertized site:	lens DOT excellentoffers DOT info
Domain registered with:	DirectNIC
Site hosted at:	216.195.42.217, APS Telecom

I don't have the IP address of that spammer any more, but it belonged to an ISP in Hong Kong.

The excellentoffers site is apparently registered to some Alex Antuacesko in Romania, while contact-lenses-x7 is registered to some Marlon Santos in Seattle, WA. Both addresses may be fake, of course, but at least the Seattle address looks legit.

Anyway, it can't hurt to add both domain names to your Personal Blacklist. And throw in a few key phrases like "contact lens" (so that it also matches "contact lenses"), too, while you're at it.

Comment spam is a huge problem for a lot of sites these days. And since geeklog.net gets its share of comment spam, we thought we'd give you some information about the spam that hits geeklog.net so that you can use this to protect your own site.

The most persistent wave of spam that's been hitting us for months now comes from two brothers, nicknamed The Bulgarians.

Have you been getting waves of comment spam for poker / casino sites, alternating with spam for pills / drugs, and finance / mortgage sites? Then you're most likely on the Bulgarian's list.

Ann Elisabeth Nordbo has collected some background information on these two. An interesting read (and I highly recommend her other site, Spam Huntress, which is dedicated to fighting comment spam).

Fortunately, there is a very effective method to block these particular spammers. If your webhost lets you edit your own .htaccess file, see Cindy's spampop for the recipe. Cindy also used to keep a list of all the domains that the Bulgarians have registered (over 2500), but had to take it down due to heavy traffic. Ann Elisabeth is now keeping track of the recently used domains.

If you can't create your own .htaccess file, then you should feed your personal blacklist (in Geeklog's Spam-X plugin) with a few typical phrases and keywords from the comment spam you may see. We will also be releasing an update to the Spam-X plugin soon that will include a filter module that lets you apply the "spampop" method from within Geeklog.