Persistent spambots

By | February 24, 2010

On my other WordPress-based site, I get a lot of spam posts.

spam_over_time

Most of it’s from the same botnet; the posted message is virtually identical (a long list of casino-related links which are probably fraudulent).  The botnet always posts using the same username and e-mail address.

Akismet properly flags it as spam, but it still piles up, and I still like glancing through it to make sure no legitimate posts get flagged.  I figured it would be easy to stop the botnet; WordPress has a built-in blacklist:

blacklist

Yes, those are the actual values the botnet uses for the e-mail address and username fields on its posts.  Unfortunately, the blacklist doesn’t appear to work at all; I added those values several weeks ago, and it has had no effect.  The same posts keep coming in, with the same username and same e-mail address.

It got to the point where last week, I installed a plugin that bans based on IP address.  For the last several days, I grab all the IP addresses that this botnet posts from, and start banning them.  Sometimes I ban with wildcards (109.122.*.*), when there are a lot of bots on the same network, but usually it’s just individual addresses.

spam_ban

As you can see, it’s working.  Those 479 access attempts are 479 spam posts I didn’t have to sift through.

What troubles me is that there’s basically no remedy for these botnets.  I’ve looked up some of the addresses; a lot of them are in China.  The addresses at the top of that list belong to a particular domain, but the e-mail address of its technical contact doesn’t look particularly trustworthy, so I’m reluctant to send a message there.  I don’t really want to hack into that network and disable the botnet, despite how much fun it would be to succeed.

My wife suggested I enable captchas, but I hate them so I’m not going to.

Any ideas?

Update: The worst set of addresses, 109.122.*.*, belong to a Ukrainian ISP called Megastyle.  They probably wouldn’t care, even if I could contact them…

Leave a Reply

Your email address will not be published. Required fields are marked *