Cian Davis wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> It's been running for a few months but only got it's first victims
> last Friday - 33 different IP addresses over 2 minutes at 18:00. And
> no false positives. BTW, if anyone has a theory as to why the 2 albums
> that always get spammed are the pictures of the Paris Air Show and
> Skiing 2005 photos, I'd love to hear it.
What the spammer does is visit your website with their browser. They
leave a legit or almost legit comment on one or two posts but they also
record the POST data sent. To further spam your site, they simply send
the same POST data to your comment script with different comment data.
That's one of the main reasons only a couple of your pages are spammed.
> generally be legit. Also, they could well be in a DNS pool. Anyone
> figure it's worth a go? Pity the apache module to deny access based on
> listing in a DNSBL hasn't been updated in a few years.
I'm biased of course, but I'd recommend looking at Akismet, at
http://akismet.com/ - it was originally built for WordPress blogs but
there's an API you can access to verify your comments so it should be
easy enough to build it into your own system.
You'll have to open a free http://wordpress.com/ account too to get an
API key but it's fairly painless to do so.
Oh, all those IPs belong to botnet PCs - machines infected with a virus
or trojan that's under the control of the bad guys. It's not really
possible to ban specific IPs because they're probably on broadband lines
that will change from time to time.
Donncha O Caoimh
http://ocaoimh.ie/ // http://inphotos.org/
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!