typo3bloke.net

Finally, I created SpamAssassin rules to filter out spam from Google mailservers. Itappears that all messages are sent by the same software. Possibly it uses Google vulnerability discovered some time ago (and not fixed till now as it seems). All messages have several identifying characteristics. I will not tell all that I found because it will be easy for spammers to "fix" their software. However one thing can be made public.

All these messages has a link to a web site hosted at...

Usually I get very little amount of spam. I have a very good anti-spam setup, which I will describe some time in future. Normally I do not get any spam at all. But recently Istarted to get 2-3 spam messages a day. Not a big deal but annoying. I usually check all such messages to see where they come from. And currently all of them have headers like:

Received: by fk-out-0910.google.com with SMTP id b27so1193048fka.0     for <xxx@xxx.lv>; Sat, 17 May 2008 12:46:34 -0700...

My personal DNSBL now runs for 3 days and already caught 53 IP addresses. It is weekend, so activity is prety low, though some addresses attempt to spam every hour. What a waste of resources! May be I should block them with iptables.

And this 53 addresses were caught with the most trivial filter. I am sure I could catch more if I write better filters. But I am lazy...

Caught...

In this article I am going to discuss advanced guestbook spam blocking. "Advanced" means that techniques will require not TYPO3 configuration but compiling, configuring and installing additional server components. This article is intended to web server administrators who are not afraid to protect their customers by installing non-traditional software.

I have to put standard disclaimer here: this technique works well for me. However it may not work for you. It may block some of your customers...

Yesterday Google give a link to very nice article on Spam Resource web site. It explains why autoresponders, non-delivery reports and other notifications are bad and gives some numbers. Read the part below and, if interested, visit Spam Resource.

Let's do some quick math on the back of a napkin. A quick check of my personal spamtrap account finds 2039 pieces of backscatter, just by searching for a few common phrases found in bounce messages and challenge/response requests. Out of the 320,000...

Last two days I get huge amount of backscatter spam to one of my e-mail addresses. Normally I get 1-2 spam messages as daily maximum (usually none at all) due to good filtering. But last two days server is bombarded by this spam. I had to spent lots of time analyzing this spam and writing new filters. But now it is done. It is all caught. I have time to go and drink tee. And back to development after that...

I put some links to those, who suffer from these problems.

Less than a month ago spammers started to send spam using PDF files. SARE reacted immediately providing PDFInfo ruleset for SpamAssassin. Thanks to them, ruleset was very effective. My current setup is almost spam free due to combining of several spam-fighting techniques. But I was getting so much of this PDF spam and was so happy to get rid of it with new SARE rules.

Now spammers adapted. They send attachments az pseudo-zip files (in fact, rar files), which are not caught by any filters....