[94252] in North American Network Operators' Group
Re: Comment spammers chewing blogger bandwidth like crazy
daemon@ATHENA.MIT.EDU (Gadi Evron)
Sun Jan 14 20:22:44 2007
Date: Sun, 14 Jan 2007 19:08:35 -0600 (CST)
From: Gadi Evron <ge@linuxbox.org>
To: Tony Finch <dot@dotat.at>
Cc: Peter Corlett <abuse@cabal.org.uk>, nanog <nanog@merit.edu>
In-Reply-To: <Pine.LNX.4.64.0701141827340.31357@hermes-1.csi.cam.ac.uk>
Errors-To: owner-nanog@merit.edu
On Sun, 14 Jan 2007, Tony Finch wrote:
>
> On Sun, 14 Jan 2007, Peter Corlett wrote:
> >
> > For the benefit of those of us who have been lucky to Recover from ISP work
> > and now herd blogs, would you be so kind as to share which blacklists are
> > worthwhile and worth consulting on this front?
>
> I would expect the lists of compromised hosts to be fairly effective -
> open proxies of various kinds and perhaps botnet hosts. As for SMTP the
> blacklists would only be a starting point that either provide a cheap
> preliminary check or feed a more sophisticated filtering system.
Honestly, the more advanced we get we still can't get a hold on this
issue. Imagine you run a blog services web site, and each blog gets
between 1000 and 1,000,000 comment spams a day. Or even just one blog with
several thousand such.
Advanced systems based on "time on page", "direct to post link", capctahs,
Javascript captchas or challenges, URL in name, URL in DATA, # OF URLs,
etc. are all fine scoring rules, add to that a DNSBL and you will be fine
to a level... until next week.
There are quite a bit of botnets involves, but a lot of "mass-mailers" are
still in this business.
This is not very NANOG relevant and I feel I contributed enough on the
subject (unless the membership keeps responding), but it is a very serious
issue. There is a mailing list dedicated to this subject, you can ping me
off list if you are interested in the topic.
>
> Tony.
> --
> f.a.n.finch <dot@dotat.at> http://dotat.at/
> SOUTH UTSIRE: NORTHWEST BACKING SOUTHWEST 6 TO GALE 8, OCCASIONALLY SEVERE
> GALE 9. VERY ROUGH OR HIGH. RAIN OR SQUALLY SHOWERS. MODERATE OR GOOD.
>
