[pmwiki-users] How To Help Fight Spam on PmWiki.org

Crisses crisses at kinhost.org
Mon Oct 2 08:12:37 CDT 2006


On Oct 2, 2006, at 8:48 AM, Thomas -Balu- Walter wrote:

> On Fri, Sep 29, 2006 at 01:30:58PM -0500, Patrick R. Michaud wrote:
>> As far as dealing with dynamic IPs; I'm not too concerned yet
>> about the difference between IPs at the /24 netmask level.
>> I.e., if someone at 24.1.26.127 posts spam to the board, then
>> it's fine for now to go ahead and block everyone at 24.1.26.* .
>> As far as I know it hasn't posed a real problem in terms of
>> blocking legitimate posters, and if it does we'll deal with
>> it then.
>
> You might even hit all users of a proxy when adding just a simple  
> IP not
> mentioning a /24 block.
>
> I'm usually against punishing many if one does stupid things.

PmWiki(.org) is rather international.  I have mainly English-speaking  
only people on my sites, some are geared not only towards US-only,  
but LOCAL only -- as in maybe the "Tri-State Region" of New York, New  
Jersey and Pennsylvania or Connecticut -- maybe even more local than  
that.  When the case is that I don't need people from the entire  
planet on my site, and much of my spam is coming from other  
countries, I just need to check the country the IP block is coming  
from.  Then I can wildcard out the ###.###.###.* block where the  
offender is.  If his/her IP address changes, they probably still  
can't get on my site.  At least until they hijack my next door  
neighbor's Windows machine ;)  It's a hack against hacks.  No one  
thinks it's perfect, but there are people deliberately trying to mess  
around with us, and some of them are desperate, diligent or creative  
in their approaches.  It's always us reacting against them when they  
find a new hole to exploit.  I consider wasting people's time a  
mortal sin, because no matter who you are or what religion you're  
from, it all boils down to each of us having only so many minutes in  
this life and these *@)@#)#{#{@(@{@(#@&&$&%$##{ are wasting our  
finite precious time.

> IMHO the first countermeasure should be to use the spamvertised domain
> to block those bastards - perhaps even adding those to some of the
> external blocklists?

I did this -- eventually I ended up with a blocklist only a few  
thousand lines long.  You can see a sample of it on the Blocklist2  
page.  There are some IPs of some particularly diligent persons, and  
a HUGE list of domains and drug words.  It ground my site(s) to a  
halt.  I couldn't do that anymore.  Now I use a much shorter  
Blocklist with the link validation (ApproveURLs)

>      Balu
> PS: While playing around with my new wiki I thought of adding some
> unprotected honeypot-area to collect those domains.

There are endless people suckered in to SEO optimization scandals.   
One way those -- as you put it -- bastards help raise the ranks of  
their paying customers is to spam our wikis with their links.  There  
are probably a hundred thousand sites buying in to unethical SEO  
practices -- and I can't believe those people are making money on  
something that probably won't work.  I have a ton of emails from  
blocked wiki posts if you'd like to see some of the results of  
capturing attempted postings.  there is no need to set up a honeypot  
-- just follow the Blocklist2 recipe instructions to have failed  
attempted postings emailed to you.  So many were blocked on the drug  
names that I didn't need to add the domain names to my blocklist.

You don't want a blocklist a hundred-thousand lines long ;)

Crisses




More information about the pmwiki-users mailing list