Name and shame
We’ve been talking about some sort of blacklist related to blog spamming before.
I propose that we center that list on the name and contact info of the companies instead of the IP numbers. In other word, a list not meant to be used as an automated blacklist. There are a few of those already.
But rather a list meant to attract the attention of companies, so that they will know their network isn’t ship shape.
And I propose one main list:
A list of networks with proxies on them. And those placing on that list must be notified first. If we don’t receive any acknowlegement, and the IP numbers keep spamming, they get placed on that list.
As for a list of hosts harboring spammers, that could be misused, so we may need to work on that a bit more.
What do you think?
January 28th, 2005 at 9:32 pm
I like it and approve - but it’s kind of unwieldy - bots can shft faster than lists can follow unless youre willing to invest the time in a full on battle.
I dont know about the blogging engine you use but I’ve found in mine a flag that checks the referrer for the actual link to me -if theres no link - theres no entry in the referral log.
also - it seems that the user agent of this attack is unique - if you can look at the user agents in your web stats - look for
MSIE 6\.0; Windows NT 5\.2; \.NET CLR 1\.1\.4322\
meaning an agent running on windows server 2003 - using the latest dot net updates
(or using the latest .net code in a script) - very odd to see someone hitting your site with a server OS—– very very odd to see servers leading your stats. - I’ve tracked it down to 4033 hits in the last couple months on mine - and the traffic pattern and usage all tell me the spammers are using a bot on this platform.
As of Today I’ve banned that User Agent in my htaccess file - Since booting that user agent and checking if the site actually links to me - I have gotten zero logs in my referrer stats from abusive morons.
I think maybe rather than a list of abusers - you might want to think pro-active and just interrupt their google ranks by disallowing their attack.
After all it all comes down to google right ?
February 1st, 2005 at 8:23 pm
Hi Ann –
I would suggest looking at what’s been done before in the email spam world.
SpamHaus, for example, collates IP addresses and puts those in a list — but then periodically “crunches the numbers” to map IP to ASN, and therefore figure out the top N spam-emitting ASNs worldwide. it’s then possible to map ASN to network name. reverse DNS can help here too, of course.
In other words, there’s *both* an IP blocklist, and an informational, “these are the world’s spammiest networks” page for PR and public pressure.
BTW, there’s a lot of best-practice guidelines from the email spam world, and we can definitely give advice where it may be useful
I’m the original author of SpamAssassin, and we’ve just started a mailing list for blogspam discussion there — mail blogspam-subscribe /at/ spamassassin.apache.org to subscribe, if you like!