Two link spammers down, a gazillion to go. The Dutch ISP and University in Spain came through on their promises and disabled the machines that had been link spamming me. Neither offered any more insight into the specific virus/trojan/program, but the effort is much appreciated as this accounted for 25% of the link spamming activity on my sites.
The Register has an “Interview with a Link Spammer.” Short summary: it’s nothing personal, but people want pills, pr0n and poker.
Brad Choate wrote a plugin that checks the IP of the commenter against dsbl.org, the distributed sender blackhole list. The cool thing about this is it’s automagic, e.g., no template changes required.
For those of you whom I’ve not contacted personally, there are some nasty bugs in Movable Type (all versions prior to 3.15 could enable a malicious user to send mail to arbitrary recipients), awstats (prior to 6.3, an unchecked parameter could run an arbitrary script) and gallery (cross-site scripting vulnerability). If you don’t want to upgrade Movable Type, there’s a small plugin (one file) that you can drop in place to solve the problem. The awstats fix replaces the main perl script. I’ve not tried the gallery fix.
Finally, if you haven’t done so already, check out Project Honeypot. (Thanks to Ted for the pointer.)
.
2 users have commented
Follow-up comment rss or Leave a TrackbackNote typo in register link. The real link has a typo of its own: spamer, indeed.
Thanks, I fixed the link. – jim
Leave A Reply