[wp-hackers] Spam load

Jamie Holly hovercrafter at earthlink.net
Wed Dec 27 14:53:01 GMT 2006


I use Maxthon with IE7 (been using Maxthon since the days of it being called
MyIE2). It makes tabbed browsing soo much easier with mouse gestures hehe.

Actually what a lot of these spammers do is make a post manually via their
browser and use a program like Smart Sniffer to get the packet header
information. They then just copy that packet information into a string
inside Visual Basic and generate a small Winsock program to go through and
post to different sites. A lot of the old Yahoo booter sites use to have
this source code listed on them.

I have been using BB2 + Akismet on my site. BB2 blocks around 33,000 access
attempt per week and Akismet still catches about 600 comments a day. Before
installing BB2, I had one night where I went to bed and had only about 30
comments in Akismet. Woke up the next morning and I had over 10,000
comments. That is with wp-comments-post removed and renamed, so they are now
going through and filtering out the form action. Luckily my hosting company
is very understanding about this and working with me to stop it.


Jamie Holly
http://www.intoxination.net
> -----Original Message-----
> From: wp-hackers-bounces at lists.automattic.com [mailto:wp-hackers-
> bounces at lists.automattic.com] On Behalf Of Kimmo Suominen
> Sent: Wednesday, December 27, 2006 5:24 AM
> To: wp-hackers at lists.automattic.com
> Subject: Re: [wp-hackers] Spam load
> 
> Maxthon is a tabbed version of IE -- I even see IE7 with Maxthon in
> my logs.  (None of which are posting comments -- spam or real...)
> 
> Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Maxthon; InfoPath.1;
> .NET CLR 2.0.50727)
> 
> Best regards,
> + Kimmo
> --
> <A HREF="http://kimmo.suominen.com/">Kimmo Suominen</A>
> 
> On Wed, Dec 27, 2006 at 10:54:39AM +0100, C. Rummel wrote:
> > Oh, yes, absolutely. My site got hammered by requests to
> > wp-comments-post.php every few seconds. All requests had a UserAgent
> > of "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon)"
> > and so many different IP-addresses it obviously was caused by a bot
> > net.
> >
> > I switched from SpamKarma to Akismet, renamed wp-comments-post.php and
> > denied all requests to the old wp-comments-post.php - which obviously
> > didn't scare away manually submitted commentspam, but relieved the
> > server from a lot of PHP-work.
> >
> > Today not a single Maxthon-UserAgent so far.
> >
> > Chris
> >
> > On 12/27/06, steve caturan <scaturan at negimaki.com> wrote:
> > >yep, for the past ~2 weeks...been observing a spike (using tail -f )
> > >in POST requests made to ~/wp-comments.php on my installations.
> > >mod_security has been busy issuing 412:precondition failed errors for
> > >matching filters, still there are dozens of keywords/phrases that go
> > >through, hopefully those using Akismet, SK or Bad Bahavior will have
> > >an added layer of protection - less database pollution. :)
> > >
> > >On 12/27/06, Matt Mullenweg <m at mullenweg.com> wrote:
> > >> Has anyone gotten in trouble with their host because of the recent
> > >> comment spam spike?
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers



More information about the wp-hackers mailing list