Contributed by: Dirk Saturday, April 09 2005 @ 01:11 pm EDT
Comment spam is a huge problem for a lot of sites these days. And since geeklog.net gets its share of comment spam, we thought we'd give you some information about the spam that hits geeklog.net so that you can use this to protect your own site.
The most persistent wave of spam that's been hitting us for months now comes from two brothers, nicknamed The Bulgarians.
Have you been getting waves of comment spam for poker / casino sites, alternating with spam for pills / drugs, and finance / mortgage sites? Then you're most likely on the Bulgarian's list.
Ann Elisabeth Nordbo has collected some background information on these two. An interesting read (and I highly recommend her other site, Spam Huntress, which is dedicated to fighting comment spam).
Fortunately, there is a very effective method to block these particular spammers. If your webhost lets you edit your own .htaccess file, see Cindy's spampop for the recipe. Cindy also used to keep a list of all the domains that the Bulgarians have registered (over 2500), but had to take it down due to heavy traffic. Ann Elisabeth is now keeping track of the recently used domains.
If you can't create your own .htaccess file, then you should feed your personal blacklist (in Geeklog's Spam-X plugin[*1] ) with a few typical phrases and keywords from the comment spam you may see. We will also be releasing an update to the Spam-X plugin soon that will include a filter module that lets you apply the "spampop" method from within Geeklog.
In addition to comment spam, the Bulgarians are also flooding sites with referer spam[*2] . On a Geeklog site, that will cause a higher server load, since every such request creates a session. Referer spam can be blocked by the same method[*3] that's also effective against worms such as the Santy and Spyski worms. The only problem here is that you'll continually have to update your .htaccess to include the new domains.
But that's not all - the Bulgarians are also doing trackback[*4] spam. The next Geeklog release will support trackbacks, so we will face that problem then, too. However, the "spampop" method pretty much takes care of this particular sort of trackback spam as well (and Geeklog's trackback implementation also supports spam filtering with the Spam-X plugin).
Okay, that's it for now. I hope this first installment under the new "Spam" topic has provided you with some useful information. Expect more posts in the future.