A Losing Battle with Blog Comment Spam? Is Share This Plugin at Fault?

April 15th, 2007 by Joshua Dorkin | Filed under Blogging, Commentary, Plugins, Wordpress.

Share

Failing to Stop Comment Spam

For the past week I’ve been getting a ton of comment SPAM, and it doesn’t want to stop. I’ve got the Akismet and Spam Karma 2 plug ins up and running, and SK2 is set on MEAN! Unfortunately, as you can see:

I’m getting hit by MP3 Ringtone spammers. The problem is that I’ve gone and put this spammer’s domain on the blacklist, but it doesn’t seem to be working . . . they are smart enough to be using multiple IPs to post the messages, and seem to be using some kind of exploit on the Share This plugin:

If you look at the above image, you’ll see that the posts aren’t trackbacks to an outside site, but to my site’s “Share This” pages. Of course the author’s link goes back to bla-bla-bla.us.

Tracking Down a Spammer

When I did a WhoIs search on the domain, I got what seemed like a nonsense profile, until I saw the contact email domains@sslpayments.com, which is run by Andrew Kartashov, a SPAMMER out of Moscow, Russia. (Thanks to the Spam Huntress for the info on this guy)

Domain Name: BLA-BLA-BLA.US
Domain ID: D12017577-US
Sponsoring Registrar: ENOM, INC.
Domain Status: clientTransferProhibited
Registrant ID: DE8A82A65637B3F3
Registrant Name: Tamara Larsen
Registrant Organization: RX-PHarma
Registrant Address1: Cordova
Registrant City: Cordova
Registrant State/Province: AK
Registrant Postal Code: 99574
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +1.34578905
Registrant Email: domains@sslpayments.com

Technical Application Purpose: P1
Technical Nexus Category: C11
Name Server: DNS1.NAME-SERVICES.COM
Name Server: DNS2.NAME-SERVICES.COM
Name Server: DNS3.NAME-SERVICES.COM
Name Server: DNS4.NAME-SERVICES.COM
Created by Registrar: ENOM, INC.

It looks like the domains are registered and hosted by eNom.com. I put in a message to them to see if they’d be helpful at all in dealing with this.

What about the ShareThis PlugIn Exploit?

I’m not sure. If anyone has any ideas about what I can do from here, let me know. I’ve always been able to handle spam on site with the 2 plugins I mentioned earlier, but this is just geting annoying now!

If I have to stop using the plugin to handle the situation, I guess I’ll have to . . .

Any thoughts?

Related Posts:

• How to Protect Your Website’s Copyright When Someone Steals Your Content
• Are You Blacklisted? How to check the SPAM Blacklists
• A New Form of Twitter Spam: ReTweet Stories With Your URL
• Are Large Corporations Resorting to SPAM for Marketing? Yes They Are!
• phpBB Forum Spammer Registration Mod – Kill the SpamBots!

« This Blog Delayed by Possible Broken Finger

How Linkbait is Diluting the Accuracy of Search Engine Results »

16 Responses to “A Losing Battle with Blog Comment Spam? Is Share This Plugin at Fault?”

1. Jenn | 18/04/07

   Hi Josh,

   I believe we met last week at Opencoffee.

   The issue with blogspam, and webform spam in general is, almost all of it is generated by zombie robot armies (yes, I wish I had a photo too).

   You can see some replication in sources over time, but it doesn’t take much thought or effort by these scammers’ to infect more broadband-connected home computers with viruses, worms or trojans that send spam email or spam webforms all day.

   I just returned to blogging last week after abandonning a Movable Type-based blog three years ago because every time I’d return to my blog, there would be 3000 comments about pills, spread across a couple hundred posts. Luckily I haven’t been noticed by the spammers yet.

   Last summer, the spambots discovered one of my oldest web services (http://jenn.com/canadian/canadian.shtml). I chose to write a spam filter rather than abandon it, because it was over 10 years-old and shutting it down wasn’t an option.

   Four lines of perl and a 150 word “spamword” list syphen off the spam attempt information to a non-visited page (http://jenn.com/canspam.html). So honorary Canadians can now celebrate in a now over 99% spam-free (It is also very mean) environment.

   – Jenn

2. Joshua Dorkin | 18/04/07

   Hey Jenn – it was good meeting you at OpenCoffee. I realize that it is mostly auto-generated, but the issue I was having was that my filters kept failing – for like a week. All of a sudden after writing the post, it surprisingly stopped. Strange coincidence, I think.

3. Jenn | 18/04/07

   Zombie bots search for known exploitable patterns in websites. Whether it is a PHP/mailto form vulnerability used to sent out regular spam through other peoples’/companies’ websites or a WordPress plugin, it’s what they go after.

   If the ShareThis plugin doesn’t speak to the anti-spam filter plugin, then it’s likely that the spam is entering though the ShareThis plugin backdoor.

4. Joshua Dorkin | 18/04/07

   Thanks for the feedback, Jenn! I appreciate it.

5. Chris | 19/04/07

   I think the plugin you need is Bad Behavior. With it off, I get about 300 spams a day to review in Akismet. With it on, it’s 10-15.

   It stops an awful lot of the bots from getting close enough to ‘comment’

   There is an anti-spam plugin especially for trackback spam that I saw recently, but I can’t remember where…..

6. Joshua Dorkin | 20/04/07

   Chris – Thanks for the info. I’d heard of BadBehavior, but never installed it. I’ve got it on all my blog sites now, thanks.

7. Chris | 23/04/07

   Cool, hope it does the job for you.

8. Joshua Dorkin | 23/04/07

   Thanks!

9. MJR/blog: Bad Technology | 13/08/07

   [...] is lots of spam with From-lines starting akst… Is the cause Alex King’s Share This? It seems Time for Blogging asked “A Losing Battle with Blog Comment Spam? Is Share This Plugin at Fault?” but I see nothing relevant on WordPress: Support: Plugins and Hacks: Alex King’s Share-This about [...]

10. Weird Biz | 20/11/07

    Is anyone else finding the comment above me rather ironic considering the title of the post? … And what in the hell is he saying?

11. Gilberto Galea | 7/06/08

    At some days ago, a usually police at the companies were not using internet for keep contact with customers and providers. Because the fear to been attack for hackers and spammers. But now, any that don’t use internet is virtual dead.
    There’re tools and plugin that made the art of blogging more easy and efficient. But ignore or not use them because you was attack or may be you’ll be, it’s a bad practice. It’s like the virus or electronic fraud, you don’t decide never use your debit card, because one or several time was clonning your account.
    The best of the free software community, is the help together again the bad code and persons.
    Many host offer solutions over spam, keep track with updates for your plugins. And most important report the spammers. I always do it.
    You never let that other take your rights.

12. Big Fish | 27/06/08

    Here’s another useful tool: Spam Karma 2.3
    http://unknowngenius.com/blog/wordpress/spam-karma/

13. lohn | 2/09/08

    The practice of medicine in This distinction between
    medicine, surgery, and pharmacy. The regulation of
    medical practice, by examining and licensing.The signs and symptoms related on
    as science and technology developed, medicine became
    more medicine is practiced within the medical system
    Primary care medical services are provided by Medical errors and overmedication are also the focus of
    complaints and negative coverage.

14. Michell Lamb | 30/04/09

    eztqrczcfy7dt233

15. bestmed | 10/09/09

    Get access to online drugstores that offer brand name and generic drugs and prescription medications. Now you can safely buy medication from licensed online Pharmacies at guaranteed low prices. Online prescription medication has never been so safe or easy.

16. max191 | 5/10/09

    I would just say one thing to you and that is, “FANTASTIC”!! Keep it up and wish to get more details from your blog.
    regards
    charcoal grill

Share Your Thoughts