Today I received these new kind of spams to which has a link to a drug company .
Name: Nigelia Email: jhudak2@televar.com
Comment: Very nice picture. Interesting contrast effect.
Image: "Liquid Tunnel"
Comment made: 2006-05-11 12:59:40. From ip: 201.247.150.133.


we need AKISMET addon

I got a few comments "very nice ... " with a beam to female link ... as long as they like my pictures :rolleyes:

... and btw, they stopped after I installed the captcha plugin :)

spammers can appreciate pictures too, amazing

Once again Akismet did catch most of these except 1 on my setup - so Akismet *is* indeed working.

Now I am getting atleast 10 spams a day - so it is very easy to test out the code changes. The V1.1 version is very easy to install as well....

I'm getting that spam, too. The referrer is here:

http://web-searcher.info/photopost/

Whois info:

Domain ID:D5682095-LRMS
Domain Name:WEB-SEARCHER.INFO
Created On:17-Feb-2004 03:49:38 UTC
Last Updated On:16-Apr-2006 20:46:06 UTC
Expiration Date:17-Feb-2007 03:49:38 UTC
Sponsoring Registrar:EstDomains, Inc. (R295-LRMS)
Status:OK
Registrant ID:C4324823-LRMS
Registrant Name:Night Breeze
Registrant Organization:NBS
Registrant Street1:Molotov str. 200
Registrant Street2:
Registrant Street3:
Registrant City:Tigina
Registrant State/Province:
Registrant Postal Code:3301
Registrant Country:MD
Registrant Phone:+95.226546556
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:admin@anime-tgp.net
Admin ID:C4324823-LRMS
Admin Name:Night Breeze
Admin Organization:NBS
Admin Street1:Molotov str. 200
Admin Street2:
Admin Street3:
Admin City:Tigina
Admin State/Province:
Admin Postal Code:3301
Admin Country:MD
Admin Phone:+95.226546556
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:admin@anime-tgp.net
Billing ID:C4324823-LRMS
Billing Name:Night Breeze
Billing Organization:NBS
Billing Street1:Molotov str. 200
Billing Street2:
Billing Street3:
Billing City:Tigina
Billing State/Province:
Billing Postal Code:3301
Billing Country:MD
Billing Phone:+95.226546556
Billing Phone Ext.:
Billing FAX:
Billing FAX Ext.:
Billing Email:admin@anime-tgp.net
Tech ID:C4324823-LRMS
Tech Name:Night Breeze
Tech Organization:NBS
Tech Street1:Molotov str. 200
Tech Street2:
Tech Street3:
Tech City:Tigina
Tech State/Province:
Tech Postal Code:3301
Tech Country:MD
Tech Phone:+95.226546556
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:admin@anime-tgp.net
Name Server:NS1.AWM-DREAM.COM
Name Server:NS2.AWM-DREAM.COM

If you go to that link, it looks like it starts to post spam. If you take off the photopost part, it redirects to here: http://softlisting.com/

Is there any way to find out the actual hosting company from this?

Yesterday I've got 88 comments (in 3 minutes) and 27 this morning, the IP addresses are: 60.233.15.21 and 213.177.126.129. I've blocked them all and I believe tomorrow I will have some spam comments with different IP address :(

the comments was nice, such as: "Nice photo!!!, great long exposure, i like the quality of light in this picture! (they put this in the picture with flash), Hello Pretty good a phto and also all the blog, great job ! Good Luck , etc "
You didn't see anything with this comment not even a link from their name. but when you set your HTML email notification to "NO" you'll see all links (levitra, shower cams, etc). The refferer is http://web-searcher.info/photopost/ same with paul wood mentioned.

I don't know how to deal with this spammer. It didn't work with captcha. I know there is akismet plugins in wordpress, is there any akismet add-ons for PP?

Thanks

aj

PS: I installed PP 1.5 last night, the installation was so smooth, and it runs great. thumbs up for PP team, thanks a lot

I installed captcha 0.1 beta addon and the spam comment went away so far.

I'm still getting these, but Askimet is catching them now.

I get exactly the same spam! Is captcha the way to go? If so can someone point me in the right direction so I can also figure out how to use captcha. At the moment I am trying to make sense of this http://en.wikipedia.org/wiki/Captcha

I get exactly the same spam! Is captcha the way to go? If so can someone point me in the right direction so I can also figure out how to use captcha. At the moment I am trying to make sense of this http://en.wikipedia.org/wiki/Captcha

i'd go for the akismet addon you can find in this forum. it's working very well for most.

I noticed one of these spams this morning that had been caught by the akismet addon. At first I thought it was a false positive. But checking the link confirmed it was spam. If Akismet can catch these custom photoblog spams then it's prety darn clever!
Install the addon. It'll clear this right up!

I installed askimet, but it doesn't catch the 'photo appreciation' spams!:mad:

I installed askimet, but it doesn't catch the 'photo appreciation' spams!:mad:


then report them as spam

I think nearly everyone is missing the point on this - let me explain some...

What these "nice pic" spam messages contain is a div set to 1pixel high so the content WILL NOT BE SEEN BY YOU but will be indexed by the Search Engines.

Go and look at the page source of your comment page where you have one of these "nice pic" messages and you will find probably 10's to 100's of URL's to eiter a porn site or a pharmacy site.

I have been getting these for about a week or 2 and decided to do something about it.

I will not say in an open forum as what I have done is NSFW - I output a very nasty rude message on my screen when someone tries to post spam that tries to hide links in my blog.

In order to do this, I actually made some changes to the index.php file.

If one of the Team wants to contact me and look over my solution and improve upon it I will gladly assist.

While my solution is based on 1.4.3, It would be a snap to apply the same methodolgy to the 1.5.x version.

please contact us as thecrew at pixelpost do org

contacted - hopefully a maintenence release will be forthcoming to address this problem!

in .htaccess

deny from 62.96.21.71
deny from 80.11.191.130
deny from 85.96.201.131
deny from 85.99.99.162
deny from 80.108.20.12
deny from 195.39.4.138
deny from 195.175.37.6
deny from 195.175.37.71
deny from 193.110.187.105
deny from 200.166.185.131
deny from 211.76.98.66
deny from 222.100.119.244

...include an option force any comment with "x" number of links to be moderated? This works very well for Wordpress?

I am not sure how to deal with these spam comments yet, but one of the steps that I have taken so far is to give each comment a [rel="nofollow"] attribute, as per Google's recommendation (http://googleblog.blogspot.com/2005/01/preventing-comment-spam.html). I hope that in the longer term this will discourage these spammers. I did this by modifying a line in the functions.php file in the "includes" folder under a function called function print_comments($imageid) ...{. Under the line that begins with if ($comment_url != "") {... where a line begins with $comment_name = "<a href='$comment_url' . I modified this line so it reads: $comment_name = "<a href='$comment_url' rel='nofollow'....

I hope that the dev team will consider putting this modification into the latest version to bring pixelpost in line with the other blog software such as Wordpress. It would also be nice to be able to optionally block comments by url that the commenter puts in. This is the main feature that is taken advantage of by the spammers.

Maybe it could be a list system such as the one used for the body part of the comment. I have noticed that most of the links used by the spammers seem to be pointing to only a few websites, such as http://phlog.net/....something random, etc.

As for a more immediate fix, I have resorted to the .htaccess method which is a bit of a pain since they seem to have access to a lot of ip addresses. I would like to try Akismet, but still not sure.

More suggestions would be appreciated.

I will explain a little bit about what I have done to my blog to slow down the flood of spam.

I actually process the posted comment and I have 2 triggers in any message. If I hit one of these 2 triggers, I automatically mark a comment as spam and DO NOT add it to the database. I do get the system to still send me the email to say someone has tried - I like to know....

Additionally, I found a very persistant spammer trying a few days ago and I made a tiny little change that stopped the spammer in their tracks.

I think that these spammers use a script/bot to post their messages to blogs and RELY on the URL being index.php?x=post_comment to acheive their results.

All I did was to change the posT_comment within index.php and my templates to something else. This stops the bots but does not affect any users who click on a link on my site.

Fighting comment spam is just one of those things that you have to do I guess.

e300, you are da bomb, man. I looked into your suggestion and it has worked brilliantly. I changed all the instances of "save_comment" into something else and it is working brilliantly and not a single spam. Maybe there should be some sort of randomizer for each install so that each one uses a slightly different variable for saving comment. This can make a spammer's life hell!

...now when a comment is entered, the comment window comes back up with the name, website and email fields filled with <VINFO_NAME>,<VINFO_URL> and <VINFO_EMAIL> and no comments entered. What did I do wrong? This is with pixelpost dark template ver 1.4.3


I will explain a little bit about what I have done to my blog to slow down the flood of spam.

I actually process the posted comment and I have 2 triggers in any message. If I hit one of these 2 triggers, I automatically mark a comment as spam and DO NOT add it to the database. I do get the system to still send me the email to say someone has tried - I like to know....

Additionally, I found a very persistant spammer trying a few days ago and I made a tiny little change that stopped the spammer in their tracks.

I think that these spammers use a script/bot to post their messages to blogs and RELY on the URL being index.php?x=post_comment to acheive their results.

All I did was to change the posT_comment within index.php and my templates to something else. This stops the bots but does not affect any users who click on a link on my site.

Fighting comment spam is just one of those things that you have to do I guess.

...now when a comment is entered, the comment window comes back up with the name, website and email fields filled with <VINFO_NAME>,<VINFO_URL> and <VINFO_EMAIL> and no comments entered. What did I do wrong? This is with pixelpost dark template ver 1.4.3

Belay my last, I figured I'd just upgrade to 1.5 and it blew up...now I have a completely different problem. Sorry for the wasted bandwidth.

Maybe there should be some sort of randomizer for each install so that each one uses a slightly different variable for saving comment. This can make a spammer's life hell!

Or a user-entered variable, like the SQL info in the pixelpost.php file. I really like this idea.

In next release we plan to put some special string or hash value as variable value. It will be hardcoded and invidual for each Pixelpost installation so BOTs wont have so much luck as now.

I changed save_comment to something else and it worked for me as well. :)

Well - I went back to the drawing board today and added yet another hack....

The changing the default save_comment worked for a few days for me, but the spammers have found out what I have done, I have had around 100 attempted spam comments overnight.

A summary of my hacks at the moment are:

1 look for a couple of specific strings in comments that ONLY spammers use -> catches approx 98% of the spam and has yet to catch a real legit comment.

2 If I have captured a message that is spam I simple DO NOT let it make it into the database

3 I still get an email telling me that the spammer has tried, and I capture the IP address of the spammer.

4 (Today's hack) I am automatically populating my .htaccess file with IP addresses that are used when someone tries to spam me. The spammers will now do the hard work of blocking themselves every time they try and spam me! I guess that over the next few days, I might change this a little bit and not just block single Addresses, but block address ranges.

I Might look at writing this all as an addon and just put a couple of specific hooks in the main code at the required points to do the work - anyway, I will wait and see how succesful I have been!

I have had to take comments offline for this very reason - the spam was coming in at the rate of about 1 every 30 seconds! Very sad. I do not have Akismet - but I assume that this is not stopping these get through?

akismet has stopped it totally for many users, some users see a few get through, but a slowdown from what i have read

Just tried it but I was unable to turn moderation on.

UPDATE: Ignore the above comment - just did a search and understand that to turn moderation on I have to turn Akismet off.

wit hthe hacks that I have done, I have stopped most of the messages - and I think I have a method of detecting the other spam as well. At the moment, the only spam hat is making it into my database are the ones where the spammer puts in a reasonable comment and puts a link to a URL that re-directs to another site - usually porn or pharmacy. I know how to test for this occurance and just need to test for it.

It looks like a lot of people are running pre v1.5 Blogs (myself included) and are suffering. Hopefully, by the time I get done, I will block all of the most common spam and techniques that are being used.

I'm using a hashed string instead of save_comment that changes with every visit. I'm testing it and if it worked I'll share it with you. I made a modification in the base code plust a small addon with a new tag for that.

I have had a successful day!

I had over 80 attempted spam messages overnight, and not one of them made it into my comments.

The spammers have been very nice and added around 30 new IP addresses to my .htaccess file. The more attempted spam I get, the more the spammers are helping me block other spammers! It is simply a verry nice win-win situation.