Damn Spam!
Search 

Topics

User Functions






    Lost your password?

Trackback spam test run?

    
Sunday, April 16 2006 @ 23:01 CEST
Contributed by: Dirk

Yep, I've been way too busy to blog over the last couple of ... months, actually. Fortunately, the spammers haven't invented any new tricks recently and so all I have to do are the occasional manual updates to our blacklists.

One trackback spammer, though, puzzles me. He's spamming for Google, Yahoo, and MSN. Yes, I do mean google.com, yahoo.com, msn.com - no dirty redirects or anything, just the plain base domains. Odd.

There was an earlier spam run like this a few weeks ago and I just now got another couple of those. It's obviously the same spammer. The content is some lame compliment ("this is very good") and a link to one of the above search engines behind the text "this is related article".

After the earlier wave of these trackbacks died down, I expected them to be followed by real spam, but that hasn't happened yet.

The only problem with this spam is that it's hard to filter since, obviously, I don't want to block posts linking to Google etc. And it's using varying IP addresses from all over the place (mostly Comcast and other US-based ISPs in today's batch).

One of the trackbacks was actually caught by LinkSleeve, so I guess other sites are seeing those, too. Yet I only got them on the one site where I currently don't run Bad Behavior. And the headers of that one trackback look pretty broken. So, I gave in, installed Bad Behavior, and hope for the best ...

[Update, less than an hour later] Didn't help, at least not completely. Bad Behavior caught a few of those, but some others went through. Plus we just got one on geeklog.net, too. On a German-speaking site, adding the two sentences to the blacklist is not a problem. On an English site, however ...

Filed under: Miscellaneous
()

View Printable Version

Trackback

Trackback URL for this entry: http://spam.tinyweb.net/trackback.php/trackback-spam-test-run

No trackback comments for this entry.
Trackback spam test run? | 5 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
Look where THIS is coming from

Now that's a surprise: Another one of those, coming from 207.68.146.109. That IP address is owned by a certain well-known software company in Redmond ...

No, I'm not accusing Microsoft of spamming (the spam in question was for yahoo.com, actually). But someone there didn't do his homework ...

Authored by: Dirk on Monday, April 17 2006 @ 00:07 CEST
[ Reply to This | # ]
Trackback spam test run?
I've seen the same recently, and this has been followed by real spam. No direct relation, but, until the yahoo/msn spam I was recieving no trackback spam. Once that stopped I started getting real trackback spam.

Well, I say real, the url's were wrong, they had no http:// so when geeklog outputs the URLs, they were invalid, as they were assumed to be within the rest of the site (http://mysite.tld/spammers.subdomain.domain.com/blogpage)

I patched this:

//sloppy check that it's a good url:
if( substr($url,0,7) != 'http://')
{
return TRB_SAVE_REJECT;
}

Into lib-trackback.php in the TRB_saveTrackbackComment function, since then, I've not had any more spam. It was a lot of stuff for porn. I'm not going to post any of the keywords here, because your spam filter will probably kill me if I do ;-)
Authored by: THEMike on Tuesday, April 18 2006 @ 16:29 CEST
[ Reply to This | # ]
Trackback spam test run?
In fact, you have an identical trackback spam on this site here:
http://spam.tinyweb.net/article.php/omniexplorer-bot-not-spamming#trackback

To some of the ones I've been getting.
Authored by: THEMike on Tuesday, April 18 2006 @ 20:56 CEST
[ Reply to This | # ]
Trackback spam test run?

Not sure if the two are related. The other trackback spam you're referring to isn't new. Now if I could only figure out why my regexps don't seem to catch it all ...

Authored by: Dirk on Wednesday, April 19 2006 @ 19:22 CEST
[ Reply to This | # ]
Trackback spam test run?
PREVED! I'm superman :)
Authored by: Anonymous on Monday, July 17 2006 @ 13:58 CEST
[ Reply to This | # ]

Copyright © 2008 Damn Spam! Powered By Geeklog