Spammers 1, Ralph 1
The good news: changing the names of the fields in my comment forms appears to have stopped the comment spammers cold, at least for now. Yay me. I’ll have to keep monitoring things closely to see if that continues to be the case, which I would interpret as meaning that the spammer’s program is parsing for common strings and adjusting accordingly, or if the spam returns at some point, which I would interpret as meaning that they visit sites, configure their control program to use the field names currently in use, and order the zombies under their control to attack using those field names. If it’s the former, then I can leave the names as is; if it’s the latter, maybe I’ll come up with a way to automagically change the names every week or every month or at some other appropriate interval. In the meantime, I’ve added a new feature to my commenting system that cuts down the chewing up of my bandwidth by redirecting hits that attempt to use the old field names to POST something to a page to http://localhost/....
The bad news: shutting down some of the e-mail addresses receiving the most abuse didn’t reduce CPU usage enough. My hosting company shut down my procmail script because it was consuming too many resources. So I’ve had to abandon the spam filter I’ve been using for the past ten years, Spambouncer by Catherine Hampton. I started using it when Catherine and I were both hosted by Best Internet, long since swallowed up by Verio, which was then eaten by Japanese legacy monopoly telecom company NTT. My current hosting provider, Pair.com, offer Spam Assassin by default. I haven’t been happy with it when I’ve tried it in the past, but I guess I’ll have to use it now. One interesting thing they do is greylisting, in which the SMTP server refuses to accept the first attempt to send certain e-mails. Legitimate e-mail will retry, and at that point, the mail will be accepted (at which point Spam Assassin takes over). Most spammers’ MTAs don’t bother to resend. Hence, a reduction in spam. So far, I’m not all that impressed; spam that my previous solution would have certainly caught is getting through, although not at a rate that normal people would find all that bad (I don’t know how my mom or my wife can stand to deal with the amount of spam they get....) I’ve done some configuration to make sure my important mailing lists and such get through with no problem, but I’m still getting used to the system. I haven’t been able to figure out how to get Spam Assassin to give me the kind of logging that I used to get from Spambouncer so that I can judge how well a job Spam Assassin is doing. Maybe once I get enough spam to train Spam Assassin’s Bayesian filtering, it will work better.
As I mentioned before, if you have problems with comments (or in sending me e-mail), try contacting me through my web form.
Tags: spam comments e-mail spam assassin spambouncer pure evil
Posted at 9:57 PM