Here's a URL that should be in everybody's spam filter: widecircles.com

Some idiot has been trying to (manually) spam for this site pretty much all of November. It doesn't faze him that his posts are deleted automatically. He registers new accounts, which are banned as soon as they start spamming - but he keeps on trying.

The spam posts themselves are coming from various IP addresses in India. He tries to spam our forums or tries to post comments, usually spouting marketing crap about how The social bookmarking will also improve your business by boosting your page rank. Yeah, sure.

Dear spammer, you're an idiot and on your website, you openly advocate spamming. Go away.

Good news of the day: Slashdot (and others) report that Scam-linked ISP Intercage / Atrivo Gets Shut Out.

I haven't been following their activities recently, since I had all their IP addresses blocked anyway. Oh, and I'm sure we'll hear from them again ...

Okay, so I can be slow sometimes but I've only noticed today that the spam that I've been getting since last December and the spam trying to infect a visitor's PC with trojans has quite a few similarities.

First of all, the form and the destination: Most of that spam comes in as a submission for this site's Links section. It's using "Good site", "Thank you", "Great work", and similar phrases as the title for the link target and then crams the link description full with more links. Okay, so the spambot in question has no idea that Links submissions are working differently from, say, comments here.

Other similarities: The spambot always uses "uk" in the HTTP Accept-Language header. Since this is a language header, the "uk" is for the Ukraine, not for the United Kingdom. Which may give us an indication for the source of at least the spambot (not necessarily the spam itself).

The other constant is the User-Agent header: It's always
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) read more

No, I don't mean the silence on this blog - that's just because I'm busy and the spammers are mostly boring ("Viagra"? Trackback spam? You've got to be kidding ...)

One spammer, however, who has been hammering this site continuously for the last 8 months has finally fallen silent. Over the last two weeks, I've noticed that his spam attempts only came from a handful of IP addresses. And so I decided to try and shut them down.

A big thanks goes to Rob at Blue Connex / BlueSquare Data who has been very helpful here. And then the spammer's last IP address, belonging to giga-hosting.biz, has fallen silent more than 24 hours ago (I didn't get a response from them, though).

I guess with the right sort of motivation (and a political agenda), you could make a much more interesting headline out of this URL:

http://my.barackobama.com/page/community/blog/kiddieporn

Yes, that's the official homepage of the presidential candidate for the US democrats, Barack Obama. No, it's not what it says. It's a page that displays what looks like an embedded video and asks you to "Click here to see movie". When you do that, you are redirected to another site that tells you that you need to download a codec to see the video. Of course, that "codec" is a trojan that infects your (Windows) PC. So don't do that ... read more