Posts Tagged ‘spam’

ASSP uninstalled and replaced with MagicSpam

Friday, May 10th, 2013
Posted in Computers · Tags:

I mentioned before that ASSP (Anti-Spam SMTP Proxy Server) is a great spam prevention solution. The install was a little complicated and the configuration took awhile to get just right. However, in the long run, I found out it was not for me. Even when I finally had it tweaked right it was blocking a few valid emails. So I switched to MagicSpam which is a commercial extension for Plesk. I disabled SpamAssassin as well. MagicSpam doesn’t have the ability to judge emails by subject or message, but it still blocks a lot. You can whitelist or blacklist IPs or emails addresses (and with the use of wildcards you should be able to block entire domains). It’s light on resources and should result in no false positives to be blocked.

Craigslist response spam getting worse

Tuesday, October 2nd, 2012
Posted in Web · Tags:

If you’ve posted something for sale on Craigslist don’t be surprised to start getting lots of spam after you respond to a interested buyer. It’s best to post with a Gmail account, because it seems there are now spam bots harvesting email addresses. I actually started getting some junk in my spam folder, something I rarely check. They seem to now be spamming with image attachments of scantily clad women; Although it’s very obvious it is spam, it caught my eye as something beyond the regular buy some pills or typical junk mail.

Craigslist email spam

ASSP is a better SpamAssassin alternative

Friday, September 28th, 2012
Posted in Computers · Tags:

SpamAssassin really sucks. Yes, I’ve heard you have to tweak the Bayes filtering it uses. You might even use graylisting to try to prevent some spam. And you might even install Pyzor, Razor and DCC on your server, which can help. But chances are it still might not be enough. Lowering the spam score threshold (points) in SpamAssassin is a bad idea as it will increase the false positives (good email that will get marked as spam). Even using blacklists such as: xbl.spamhaus.org;sbl.spamhaus.org;bl.spamcop.net;b.barracudacentral.org
resulted in not cutting down on spam enough (I found zen.spamhaus.org to block too many valid emails).

So what are you left to do? You might be able to block emails from certain TLDs, domains or even specific email addresses with Plesk or cPanel, but the amount of spam you get still might be too much.

Well let me introduce you to ASSP (Anti-Spam STMP Proxy). It’s kind of complicated to install and configure, but it works very well. It uses multiple methods to block spam:

  • Multiple Weighted DNSBLs
  • Multiple Weighted URIBLs
  • Greylisting
  • Weighted Regular Expression Filtering
  • Bayesian
  • Penalty Box
  • SenderBase
  • SSL/TLS
  • SPF/SRS
  • Attachment Blocking
  • ClamAV and FileScan
  • Blocking Reporting
  • LDAP support
  • Backscatter Detection

However, the best things I find about it is the web interface for configuration and the email interface. The web interface can be overwhelming because of the tons of options in there, but you can add in a whitelist of domains and specific email addresses. You can also tweak the keywords or phrases to denote spam. Any emails sent from your “local domains” have the “to” (recipient address) added automatically to your whitelist. Anyway, try it out if you have tons of spam coming in. Check out the wiki for some tips on setting it up.

WordPress Spam Prevention Hack

Sunday, February 10th, 2008
Posted in Web Apps · Tags: , ,

Akismet catches a lot of spam, but there is a lot it won’t catch. Therefore I decided to put together a hack to catch some more. The hack has 2 options:

  • One for you to put in spam words that if they are in the comment, the whole comment will be considered spam. Just be careful, if you add cialis you will block the word specialist also.
  • The other option lets you set the maximum number of links you will allow in a comment.

It will catch links that start with http://, https://, http://www., https://www. and www.. WordPress doesn’t convert text like example.com into a link.

The hack also checks to see if there is more content in the comment than just A tag(s), if there isn’t it’s considered spam. I recommend to use this with the Akismet plugin because it won’t prevent all spam. Keep in mind this hack may not work with other spam prevention plugins.

Open up wp-comments-post.php and after these lines

if ( '' == $comment_content )
wp_die( __('Error: please type a comment.') );

Add the following:

else /*MODIFIED - added this else to filter strings and count links*/
{
//OPTIONS
$link_limit = 3;//set the maximum number of links we allow
$disallowed_strings = array('[url', '[/url]', 'zithromax', 'levaquin');//add any strings you wont allow, make them lowercase, we test for case insensitivity later
//END OPTIONS
$temp_comment = strtolower($comment_content);//lowercase text so we can be case insensitive, php4 doesnt have stripos
$total_disallowed_strings = count($disallowed_strings);
//look for disallowed strings
for ($temp_counter = 0; $temp_counter < $total_disallowed_strings; $temp_counter++)
{
if (strpos($temp_comment, $disallowed_strings[$temp_counter]) !== false)
{
wp_die( __('Sorry, that looks like spam.') );
}
}
$comment_links = 0;
//regex would be better
$link_strings = array('http://www.', 'https://www.', 'http://', 'https://', 'www.');//order is important here
$temp_comment = str_replace($link_strings, '[LINK]', $temp_comment);
$comment_links = substr_count($temp_comment, '[LINK]');
//test for number of links
if ($comment_links > $link_limit)
{
wp_die( __('Sorry, that looks like spam.') );
}
//weed out all A tags and see if anything is left
$temp_comment = preg_replace('/<a[^\<]{1,}\<\/a\>/', '', $temp_comment);
$temp_comment = trim($temp_comment);
//see if the comment is nothing but links
if (empty($temp_comment))
{
wp_die( __('Sorry, that looks like spam.') );
}
}

Stop Using Email Addresses for Validation

Monday, January 21st, 2008
Posted in Web Development · Tags:

I still see a lot of forms require email address to post comments or for simple verification. It doesn’t stop spam at all.

You should only ask for a person’s email address if:

  • You require registration to access part of the site.
  • They have a password and will need to be able to reset it.
  • You will have an option to notify them of new comments or a response to their comment.
  • It’s an email form (then you need it, because how else will you respond).
  • It’s for a newsletter.
  • It’s an online purchase.

I’m probably forgetting a few other instances where its needed, but I think you get the idea. Using a email address to send a user a link to click on to verify it is inconvenient as well. You might as well just have them register and send them a initial verification link.

I understand spam is out of hand, but I’ve written an email form awhile back that gets very little.

Here are some things I do to prevent spam:

  • Filter HTML.
  • Filter any unsafe characters.
  • Prevent blank fields not only with JavaScript but on server side also.
  • Check field lengths not only with JavaScript but on server side also, don’t let them try to send a longer text than what your form is set to, this should be a red flag that they are trying to do something fishy. You can trim whitespace characters with JavaScript.
  • Look for any attempts of e-mail injection. Often times spammers try to trick your email form to spam others by putting in CC:, Content-Type:, To: and so on.
  • If its a email form and the email address is required, make sure the email address is in a valid syntax. Also make sure the domain part of the email address is one that really exists (PHP can do this).
  • Check the email address thats supposedly sending it and see if it is on my ban list.
  • Check the ip address thats supposedly sending it and see if it is on my ban list.
  • Check the words in the title and subject and see if they are on my censor list. Censored words will be let through but will be filled with asterisks.
  • Check the words in the title and subject and see if they are on my ban list. Bots are dumb and sometimes will send UBB code like [url=http://example.com]my nasty site[/url] because they thought the form was part of a forum. Just makes it easier for me to filter.
  • I like to filter out @ with (a) and replace any http://, https://, http://www. or https://www. with LINK: because often email clients will render these as links and I don’t want to accidentally click on them.
  • Count how many links are being sent and compare it to my limit. Some spam bots go insane and try to send 50 links per email.
  • Compare what domain the form was referred from with my allowed list, helps prevent cross-site scripting. For example, if your form on http://example.com/email.php sends data to http://example.com/processor.php, it should only allow http://example.com and http://www.example.com to do that. You could add more subdomains if you want to. I’ve seen server logs coming form some pretty nasty sites and the pages with forms get the most hits, so I know what they are doing.
  • Check the token, helps prevent cross-site scripting. Chris Shiflett has a good tutorial on this. It’s in PHP but you can use the principles for any language.
  • I usually ban the emails from the domain the form is on. For example, if your domain is example.com, a lot of bots will simply just fill out the email form as bob123@example.com because they assume you would never ban your own domain.
  • Check the timestamp, any forms that are older than X minutes wont be sent.
  • See if the same email address or IP address sent an email recently (flood protection).

I also log things at the end of my email, so I can monitor what is going on, incase I get a spammer that is getting through. Often I can see what pattern they follow, such as using the same IP address, email address, words, etc. and I can modify my filters accordingly.