December 5, 2007 – 10:47 pm
Thanks to a notice from Nate after he got blocked from commenting on Martha’s blog, I did a little digging and uncovered an update (just published today) to the WordPress Bad Behavior plugin that fixes an issue where it was blocking pretty much everyone from commenting.
From the Bad Behavior blog:
All users should update to Bad Behavior 2.0.11 immediately to prevent being blocked from your own site.
Within the past two days users have found themselves blocked from their own sites while using recent versions of Bad Behavior. A third party blacklist which Bad Behavior queries recently began sending false positives for any IP address queried, causing everyone using Bad Behavior to be blocked. This issue is fixed in Bad Behavior 2.0.11.
My apologies to anyone who was prevented from posting here or on Martha’s blogs; the issue should be resolved now.
For those of you who run WP blogs and use this plugin, be sure to update ASAP.
November 22, 2007 – 12:48 am
Tonight I heard a report from Dan about an e-mail alert he received from a mutual friend of ours regarding the dreaded “Invitation” virus.
As he read the mail out loud, I knew even before looking at it myself that it was a hoax, and as he read on it only confirmed it further.
This particular letter did try a couple clever tactics to try and add a bit of credibility, such as mentioning it was from a friend at a named local police department and that the police department friend had actually checked and verified it on snopes.com, but I knew without a shadow of a doubt that it was still bogus.
Here are some tell-tale signs that stood out like a sore thumb: (see the link above for the full text of the message, minus the added stuff I mentioned in the last paragraph)
- Technical inaccuracies and gross misspellings. I haven’t seen a real virus in quite some time that tried destroying / format your whole disk, but if you have any hope of being believed that it’s actually happening now, you’ll probably want to try something more convincing than “This virus simply destroys the Zero Sector of the Hard Disc,…” (capitalization preserved to illustrate foolishness).
- The overwhelmingly repeated purpose of the message is to get you to “send it to as many of your friends as you can”. I’m seriously considering writing a mail filter that automatically trashes any messages that contain a plea to forward it to my friends; 99% of the time it’s legitimate trash, and I can live with that small false positive.
- Overly ambitious attempts to claim credibility by referencing big names: “This is the worst virus announced by CNN, it has been classified by Microsoft as the most destructive virus ever.” These type of claims immediately seal the deal for me - 100% positively hoax. CNN and Microsoft, in the rare occasions when they do publicly discuss viruses NEVER, NEVER, EVER use phrases like “worst / most destructive virus ever”.
Just a few things to keep in mind when you’re reading your mail. 
August 26, 2007 – 9:58 pm
Maybe I don’t want an RSS feed for the main “News Feed” from Facebook after all, since these spam links are starting to show up in my feed every day:
Oh no!
Dear Customer, jared_.
You are receiving this message, due to you protection, Our Online Technical Security Service Foreign IP Spy recently detected that your online account was recently logged on from am 85.161.162.145 without am International Access Code (I.A.C) and from an unregistered computer, which was not verified by the Our Online Service Department.
If you last logged in you online account on Thursday April 5th 2007, by the time 6:45 pm from an Foreign Ip their is no need for you to panic, but if you did log in your account on the above Date and Time, kindly take 2-3 minute of your online banking experince to verify and register your computer now to avoid identity theft, your protection is our future medal.
Verification Link
Notice: You can acess your account from a foreign IP or country by getting am (I.A.C) International Access Code, by contacting our local brances close to you.
Note to spammers/phishers: I’m pretty sure that if Bank of America actually wanted to e-mail me regarding my account, they probably wouldn’t craft such an incredibly poor letter littered with grammar and spelling errors.
It does kind of make me wonder a couple things, though:
- Who the heck is going to fall for this?
- How many more people would fall for it if the e-mail was actually well written?
If any of you read Martha’s blog, you may have recently noticed several spam comments getting in.
Well, I finally got around to taking a look at it and it turns out to validate all the crap I’ve given to akismet in the past here on this blog. Every one of those totally obvious spam messages was marked as “not spam” by that lovely system, bumping its karma up enough to overcome the negative points that other parts of spam karma had given it.
The good news is I should be able to just update the plugin there, just like I did on this blog (as described here), so that it never awards any positive points for an akismet “OK”, only negative points when akismet decides it’s spam, because (in my experience) they very rarely have false positives, but very often have false negatives.
February 14, 2007 – 8:30 pm
Well, it looks like some of the forex folks’ scripts learned how to fill out the SK2 captcha fallback, so if you were watching my comments feed this afternoon, you probably saw quite a few of those come through.
I took that as a reminder to do something I’ve been meaning to do for a while: fix the SK2 akismet plugin.
The way the plugin normally works is it checks a comment against akismet and adds points to the karma score if akismet says it’s good, and subtracts points if akismet says it’s bad. Then, if it gets false positives or negatives and you correct them, it sends back your corrections to akismet. The first problem I had to fix involved disabling the feedback sent back to akismet, because there were so many false negatives (spam comments that akismet said were OK) that it was trying to post back a lot of corrections to akismet. This is dangerous, because akismet will block your API key if they determine you are posting too many corrections to their system.
After I did this, I still had to deal with the numerous false negatives bumping the karma scores up too often, so I eventually disabled it altogether. Tonight I decided to go back and just adjust it so that it only takes points away for comments akismet flags as spam, but does not add points for ones that it says are OK. I’ve done that now, and we’ll see how it goes.
December 4, 2006 – 10:30 am
It’s been a while since I posted on comment spam, and since it used to be a regular topic, I figured it might deserve an update.
It seems like it’s been on the rise lately; I’m averaging about 300 spam comment attempts per day on here. Obviously most of them get caught, but due to the increased volume a couple have slipped through in the last month or so.
I’m currently using a combination of Bad Behavior and Spam Karma 2 to filter most of them out, and that seems to work pretty well. I disabled the Akismet plugin a long while ago because of false positives, and for a while after that I was using a Spam Karma 2 plugin that used Akismet as just one source for karma, but I eventually ended up disabling that as well. I may go back and use that again once I get a chance to modify it slightly. I want to make it still give negative karma points for comments it identifies as spam, but I don’t want it to give positive points for comments it says are not spam, because (in my experience) too many slip through the cracks that way.
August 29, 2006 – 12:07 am
I was just reviewing my spam stats and noticed that somehow my Akismet API key got dropped out of my SpamKarma 2 plugin configuration some time ago, which means it hasn’t been checking spam against Akismet for a while.
I was about to go find my key and put it back in, but looking at the spam karma scores, I don’t think I want to. When it was in there, I’d very often notice (when reviewing the logs) that Akismet marked a particular (sometimes obvious) spam as “not spam”, and it was only kept out by the other SK2 pieces that counterbalanced that false Akismet score.
Now that I’ve been unwittingly running without it for quite a while and not seeing any adverse effects, I think I might just keep it that way.
August 9, 2006 – 11:19 pm
The last two days it appears that my spam filters have been getting a bit aggressive, which resulted in some legit comments being moderated. They should all be back now, for the world to see. Sorry Nathan and Jacquie!
A while back I posted the alternate e-mail address I used when signing up for netflix, in order to let people know where to send their friend invitations.
Well, it looks like the screen scraper spammers have been hard at work, because ever since that post I’ve been getting a steady stream of e-mails from “paypal”, “amazon”, etc. asking me to “update my account” (meaning give them my password), along with the other usual spam-like messages.
Luckily, I only use this particular address for netflix, so I can just have my spam filter trash any messages to that address that don’t come from netflix, which is why I did it that way.