Archive for the ‘spam’ Category

Yikes! “Removal from Google’s Index”

Tuesday, February 3rd, 2009

I hate it when people with vacuous business models try to sap my web reputation and waste my time.

Earlier this week, Google sent me a friendly note with the subject line: “Removal from Google’s Index.” My first thought was that it was a scam or a phishing attempt.  But no, after examining the links carefully and doing a couple web searches, it turned out to be legit.

A blog we host was running WordPress version 1.5.  It’s not an active blog. It’s up  for posterity, so we didn’t really care that it was several versions out of date.  Unfortunately, that version of WordPress, and everything prior to 2.5.1 (I think), is exploitable.

In our case, it had been hacked to have hidden text links for run-of-the-mill spam links such as porn, pharmaceuticals, etc. In fact, the links appear to have changed a few times over the week or more that it had been compromised. Google noticed, and told us to get rid of the spam links or else it would be booted out of it’s search results.

So, upgrade WordPress we did. Overall, cleaning up the mess wasn’t too bad.  It could have been worse.

The moral of this story?  Do backups. Check for upgrades of software every once in a while (yeah right). And make sure that one or more of these email addresses work: contact@yourdomain.com, info@yourdomain.com, support@yourdomain.com, webmaster@yourdomain.com.  These are the addresses to which Google addressed the email.

My wish?  That WordPress and other common web applications had a single line in their FAQ that said in 100% unambiguous language what was the minimum version of software that was free of exploits.  I looked for several minutes to see if this blog, running WordPress 2.5.1 was ‘safe’.  In the end, I couldn’t tell, so I decided to upgrade to 2.7 while I had all the files handy.

User Friendly Form Spam Block

Thursday, December 25th, 2008

SPAM, SPAM, SPAM. How do I hate thee.

Well, it finally happened again – abuse of one of our web pages by spammers.  This time, it is form spam – an automated web crawling tool (I assume) has discovered the “save/send/share” feature of print-bingo.com.  That form lets print-bingo.com users email their custom bingo designs to friends, family, or themselves. This form is now used by a spam bot network to send poor quality spam using our “invite” emails.  I’m currently getting about 10 bounce backs a day and growing – it has to be stopped before my VPS gets blacklisted for spamming.

I could setup a CAPTCHA, but I hate them – particularly the ticketmaster.com’s.  So, I will try to foil spammers with simple tricks to fool “dumb” automated spam software.

I’m trying a hidden to humans “fake” email field.  This post Quick tip to fight email form spam is the model.  The basic idea is to create a form field with “email” in the name and hide it with CSS (display:none) so that humans will not see or fill in the field.  Then deny attempts to use the form where the hidden field has been filled in.

We’ll see how well this works.

Merry Christmas!