Forum Moderators: DixonJones
Pendanticist.
how to ban spambots [diveintomark.org]
if you want more info.
[edited by: engine at 8:59 am (utc) on Mar. 27, 2003]
[edit reason] fixed scrolling link [/edit]
(All) - Think in terms of "I'm doing a study".
So, I guess my original question still stands.
How many do you get a day?
Pendanticist.
The article itself wasn't too bad if slightly missing the point (spambots are adaptive and UA checks just don't cut it against moderately smart ones) but I shouldn't complain since I got a link in the main content without having to ask... :)
- tony
These are the formail attempts I got today:
All with "Mozilla/?" as the user agent. (Interesting side note, the user agent actually has two question marks in it, but this software removes one of them.)
What's with all the edu's?
Well, I thought this was an interesting thread.
It is.
:)
These are the formail attempts I got today:fw-outside.geneseo.edu
anieto.mine.vt.edu
204.196.19.157 (a community college in Louisiana; tried again after an hour)
12.19.86.21 (a well respected U.S. corporation; that's kinda bad; I have half a mind to write them a letter)
tw5.udallas.edu
194.126.44.151 (RIPE)
All with "Mozilla/?" as the user agent. (Interesting side note, the user agent actually has two question marks in it, but this software removes one of them.)What's with all the edu's?
Hey, apparently students need to augment their income somehow. <major frown>
CGI-BIN Formmail Queries <- I'm fighting with a major University
Are there "any" legitimate reasons for them? [webmasterworld.com]
Here's what I do:
Run the IP Number thru SpamCop and/or SamSpade.
If you use SC, you can just click on the abuse addies and if you have things set properly, then it will open a letter. Tag on any/all addies give, including hostmaster, ipadmin, support and uce@ftc.gov.
I title mine: "Formmail Query(ies) from your IP Block."
Then I have a line I paste in each message: "Greetings, I am the owner/webmaster of the domain shown below. During inspection of my access log files discovered the following:"
Then I paste in the formmail query itself.
At the end of the report I simply ask them to explain. Some will tell me what they think I don't know and the others will tell me what they know I want to know...what about the account?!?
By all means, report each and every access_log file entry for formmail queries. Once in awhile you get some really great responses...especially when they tell you they've terminated an account you recently reported.
And then every once in another while you might just get in on the bigger stuff. In two months I've closed six misconfigured proxy servers alone!
UCE/SPAMers using Open Proxy Servers...Until I got it closed! <Big Smile Goes Here> [webmasterworld.com]
Formmail query reporting is something that will be addressed (Panel #5) at the upcoming FEDERAL TRADE COMMISSION: Public Forum: Spam Email. [ftc.gov]
The workshop will be held on April 30-May 2, 2003, from 8:30 a.m. to 5:30 p.m. at the Federal Trade Commission, 601 New Jersey Avenue, N.W., Washington, D.C. The event is open to the public, and there is no fee for attendance. Pre-registration is not required.
Pendanticist.
Thanks for the additional info and advice re SpamCop. I didn't know that. Will give it a shot when I'm done here.
And thanks for the CGI-BIN thread, too. I hadn't seen that either. Very helpful.
It's good to know someone is on top of this stuff. Did you get enough responses for your "study?"
...and to all who posted.
It's good to know someone is on top of this stuff. Did you get enough responses for your "study?"
To address the first part, I'm not that person. I'm one of the more outspoken ones who doesn't appreciate UCE/SPAM on any level, but chooses this one as more effective in combatting UCE/SPAM on the Internet. The other, much more adept simply didn't respond.
Secondly, no...for whatever reason. <shrug> You'd think something as intrusive as formmail queries would be more highly despised and thereby have more attention paid to it. Then again, things are not as they 'appear' to be, eh?
Pendanticist.
