WordPress’ spammers

Blogs have been under massive attack from spammers lately; I totally didn’t expect to have so many posts about this single topic in this blog.
But with Trencaspammer users as the last casualties, I think investing in a heavy spam defense – such as Spaminator or WP-AuthImage is actually now worth the trouble of installing them.

I’ve installed WP-AuthImage here and it seems to be working, and for a long time I hope.
But with the spammers continuing to attack our defenses, I think it’s time to fight back.

Ideally, there should be some sort of SpamAssassin, but available as Apache module, which once installed will block incoming requests from spammers.
I just hope it won’t be as bloated as SpamAssassin (SA) though 🙁 this server is of quite decent spec, yet it’s almost running out of memory with amavis & SA running.

But to be fair, my current anti-spam setup for my mailserver is quite complex. Incoming email will go through Postfix (which will query various RBLs), then it goes through amavis (virus scanned by clamd), then it got passed to SA (checked against Bayes and Razor database).
It will take some time for Internet community to make similarly robust defenses available for our webservers.

In the meantime, we can launch offenses at the spammers instead. There are a few which you can try :

  • [ Unsolicited Commando ] will fill out the forms on spammers websites. This makes it harder for spammers to find legit business among torrents of the bogus submission caused by Unsolicited Commando. The project doesn’t seem to be very active though.
  • [ SpamVampire ] causes significant bandwidth bill for spammers by keep on downloading images from their website. It’s quite efficient as well because it provide incentive to the webhoster to kick the spammer, and you just need your browser to run it.
  • For Windows users – use [ SpamDot ]. You can cut and paste spam websites (from the spam emails) to it, and it will hammer those websites for you.
  • For those who have OpenBSD / FreeBSD server, you can run [ this tarpit ] software. It’ll help slowing down spammers – although not very effective; if more people use this, they’ll learn to just avoid it altogether.
    However, if every single server uses this, then it’ll kill the spammers – spamming would no longer becomes financially feasible.

It’s a warzone out there already 🙁

26 thoughts on “WordPress’ spammers

  1. I heard that mod_security (and the use of .htaccess) can (at least) help us in fighting spammers.

  2. Yes – but you need to maintain it. You need to keep updating the regex filter / banned IP address list.

    Compared to email, with SpamAssassin etc, website’s defenses against spammers are still not that robust yet.

    I’ve setup SpamAssassin, and after tweaking it for a while, now I can forget about it. There’s no such thing yet for websites unfortunately.

Leave a Reply

Your email address will not be published. Required fields are marked *