Re: Comment spammers chewing blogger bandwidth like crazy

[Gadi Evron <ge () linuxbox org>]

On Sun, 14 Jan 2007, Tony Finch wrote:
> On Sun, 14 Jan 2007, Peter Corlett wrote:
> > For the benefit of those of us who have been lucky to Recover from ISP work
> > and now herd blogs, would you be so kind as to share which blacklists are
> > worthwhile and worth consulting on this front?
>
> I would expect the lists of compromised hosts to be fairly effective -
> open proxies of various kinds and perhaps botnet hosts. As for SMTP the
> blacklists would only be a starting point that either provide a cheap
> preliminary check or feed a more sophisticated filtering system.

Honestly, the more advanced we get we still can't get a hold on this
issue. Imagine you run a blog services web site, and each blog gets
between 1000 and 1,000,000 comment spams a day. Or even just one blog with
several thousand such.

Advanced systems based on "time on page", "direct to post link", capctahs,
Javascript captchas or challenges, URL in name, URL in DATA, # OF URLs,
etc. are all fine scoring rules, add to that a DNSBL and you will be fine
to a level... until next week.

There are quite a bit of botnets involves, but a lot of "mass-mailers" are
still in this business.

This is not very NANOG relevant and I feel I contributed enough on the
subject (unless the membership keeps responding), but it is a very serious
issue. There is a mailing list dedicated to this subject, you can ping me
off list if you are interested in the topic.

> Tony.
> -- 
> f.a.n.finch  <dot () dotat at>  http://dotat.at/
> SOUTH UTSIRE: NORTHWEST BACKING SOUTHWEST 6 TO GALE 8, OCCASIONALLY SEVERE
> GALE 9. VERY ROUGH OR HIGH. RAIN OR SQUALLY SHOWERS. MODERATE OR GOOD.