Jump to content
Sign in to follow this  
annie

Unintended Open Proxies

Recommended Posts

I've been grappling with comment spamming lately. What I found is that the spammers are using open proxies to a large degree. Some might be zombie boxes, but a large percentage are webservers or other servers with proxying turned on. Most of them unintentional.

 

Usually you can just plug the IP addresses into Google and find lots of spammy posts, blacklists and open proxy lists.

 

When I did the same with the TCH address my site is listed on, there wasn't even ONE hit like that.

 

So, is there any way we can get the message out more thoroughly, than me notifying webmasters/admins one at a time?

 

Also, I've trying to get a server on Verio off their service. It's got hundreds of spammy sites on it. The owner of that server seems to be ultimately responsible for over 50 percent of the spam hitting my logs.

 

I've sent an e-mail to their hosting abuse department, and I know others who have and are about to. The server is still online, still serving all those spammy domains.

 

For details, check this post (click on smiley):

:pissed:

 

So, you guys at TCH, any advice on making this fight against the spammers more effective?

Share this post


Link to post
Share on other sites

Depending on what software you use on your site, you might want to look for some plugin that prevents spamming.

 

Currently I'm using wordpress at my borfast.com site and I installed an anti-spam plugin. Since this is my first blog ever and I started it with the spam filter already installed, I never experienced this comment spam problem that I read so much about, so I guess it works.... or perhaps it's just my site that doesn't have anything worth spamming... :pissed:

Share this post


Link to post
Share on other sites

And you should close your comments for old posts. I'm sure you can find a plugin for that too.

Share this post


Link to post
Share on other sites

I wasn't asking for advice on how to keep the comment spammers out of my blog. I'm doing fine in that respect.

 

I'm asking for advice on how to get as many open proxies as possible shut down.

 

One of the admins of one such server kindly offered to share the log with me. I got a small fragment so far, and will get the full log later on.

 

Comment spam is only one of the things happening on such a server.

 

Fraudulent banner traffic is one other thing. I'm sure there's more.

Share this post


Link to post
Share on other sites

The issue is, a lot of the zombie boxes are completely unknown to the users. I traced one such comment spam thread back, and found proxies everywhere, from ecommerce sites in the EU, to reserach universities, to residential cable internet hookups. I think the best thing that can be done is encourage as many people as possible to secure their machines - or, depending on how extreme things get, have ISPs block uploads on certain connections when they detect that the computer is sending a huge amount of ptraffic on unusual ports with no reason to do so. This would certainly prevent a lot of worms, which themselves can make computers vulnerable to subsequent zombification.

 

There's no perfect solution yet, but if you're determined enough, you can use a site like centralops.net (domain dossier) to find out info on the sites, and warn the users or ISPs that their computers may be infected, and doing quite a number of things that their owners don't want them to do...

Share this post


Link to post
Share on other sites

I'm very serious about this. I don't have the capacity to run down every proxy server. But I'm starting to see some patterns here as to what's happening on these servers.

 

I'm guessing the best way would be to create enough of a ruckus the admins will have to take it seriously, like they did with open e-mail relays a few years ago.

 

As to zombies, that's trickier. There are some zombies on my ISP's net. I notified the ISP, and they replied and told me they didn't have the capacity to run down specific users and warn them about this. So the users will keep on trying to get through my firewall - indefinitely. Unless I can find those IP numbers one Google connected to an e-mail address or user name, there's nothing I can do about it.

Share this post


Link to post
Share on other sites

They succeeded with open relays. It may take time, but chances are admins will eventually cotton on to this too. Just make enough noise, sooner or later it'll make it to the top, eh?

Share this post


Link to post
Share on other sites

I've seen an absolutely enormous amount of referer spam over the past several weeks, coming from a large set of different IP addresses and pointing to an equally large set of sites. There's some good discussion of it in several places:

 

photodude.com/article/2614/verio-and-comment-spam

forum.textpattern.com/viewtopic.php?pid=37470#37470

 

The mass of it functioned as a DDOS against one host:

textdrive.com/forum/viewtopic.php?id=1851#18328

 

Reid (the author of the first link above) has tracked a lot of it back to a single source, and is trying to get Verio to act on it -- but not much luck so far.

Share this post


Link to post
Share on other sites

Yep, that's the stuff I've been writing about. Many of us traced that connection, and complained to Verio. Yesterday that box was still serving spammy websites.

 

Click on smiley to go to blog:

:lol2:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×