Tag Archives: SpamValve

Some blog spam cases you might want to watch for

I like to think that I’ve got some pretty decent spam prevention measure in place on my server. My mail server uses RBL/DNSBL services and sets maximum limits for certain protocol violations. All my blogs use Akismet for comment spam detection. I’ve got a large number of entries in my comment moderation and blacklist lists. And I hook it all together into my SpamValve plugin, which automatically adds firewall rules to block repeat offenders.

Still, though, occassionally I get bursts of traffic that either aren’t detected by these measures, or that are detected, but the process of handling the connection causes excessive load on the system. [...]

Dear Spammers…

Thank you for continuing to submit your data to my anti-spam systems. I have been able to put your information to very good use, keeping my blogs and email practically spam-free 24-hours a day. The emails, comments, trackbacks, and referers that you submit are analyzed for key spam indicators, which I can then use to automatically block your servers so that your future spam attempts don’t even reach my web server.

Eventually, I hope to share my collected anti-spam knowledge to a wider audience, via WordPress plugins and web services available to the general public. [...]

Spam on the rise again?

Has anybody else noticed a sharp increase in blog spam activity lately over the past couple of weeks? The number of firewall rules on my system generated by SpamValve was down below 40 not too long ago, but now it’s back up to over 100 again. The worst of the attacks still cause some brief hiccups on my server from time to time, but now that I’ve got a good set of automated countermeasures in place, I typically don’t notice it until after the fact.

SpamValve Download

I only had a couple of responses to my call for SpamValve testers. One of the testers has already begun using SpamValve on his FreeBSD server. The other is tied up at the moment, but is going to attempt to adapt it to work on a Linux server sometime next week.

In the meantime, I’ve started using it to filter spam hits to my mail service. This was accomplished with a one-liner:

tail -0f /var/log/maillog | \
perl -e 'while(<>){ m/Mail from (.*) rejected/; \
system("/usr/local/sbin/svupdate", $1) if $1;}'

The command above watches the end of my sendmail log for entries indicating messages rejected by RBL checks. [...]

SpamValve Testers Wanted

I think I’m almost ready to let some other people bang on SpamValve. I want to get a closed group of users to try it out and give me some feedback before I release it to the general public. If you’re interested in testing it, and meet the requirements below, contact me.

Requirements:

  • Requires root access on your server.
  • Currently requires the ‘ipfw’ firewall system (I’m on FreeBSD). But if you think you can modify it to work with ipchains or some other firewall, feel free to give it a try. [...]

SpamValve update

I’ve been pretty busy at work, so I haven’t done much more work on my auto-firewall code in the past couple of days. But it seems to be holding its own pretty well. Normally, over the course of a few days, my comments database accumulates a couple thousand spams (I check it using Chris Davis’ Spam Nuke plugin). But since activating my new system, the spam comments are down to a trickle, maybe 10% of what it used to be.

This is because the system only allows a few attempts from any particular host before it blocks that host completely, eliminating any further attempts. [...]

Testing a new spam blocker

I’ve been trying to snatch a few minutes here and there to work on the automated spam blocking system that I proposed last week. Earlier today, I finished up one of the components, and I’m currently testing it. It seems to be performing as designed, so far.

There are three pieces to the system, currently:

  1. ipupdate: A perl script which accepts an IP number as an argument. When run, it checks whether the IP already exists in its configured database table. If not, it adds it. [...]

Spammers should all DIE DIE DIE

I am so sick of the damn spammers. Spammers are teh sux0r. Spammers are a festering boil on the ass of the Internets. I wouldn’t let a spammer kiss my butt with a pair of wax lips from ten feet away. If I ever see a spammer bleeding in a ditch, I will not be a Good Samaritan, I will kick him in the head, cover him up with dirt, and leave him there to rot.

Over the past few weeks, the comment spam has been coming in so thick that I’ve had to start blocking IPs at the firewall level. I’m currently blocking over 40 IPs, plus an entire Class C block out of Mexico. My normal blacklist blocks prevent the spam from showing up on the blog anyhow, but they were coming in so fast and furious that Apache and MySQL were grinding to a halt under the load.

On top of that, the email spam has been spiking up, too. [...]