You are viewing a plain text version of this content. The canonical link for it is here.

Posted to blogspam@spamassassin.apache.org by PHSDL <ad...@phsdl.net> on 2007/12/12 23:57:00 UTC

BlogSpammAssassin project is very important contributions by PHSDL

I am really excited to bring my experience to BlogSpamAssassin project!

As a PHSDL developer and administrator I have been fighting forum and blog 
comment Spam for a year now!
The biggest problem is Malware and redirect domain Spam in comments.

In devising an anti Spam Filter for blogs and forums, it is very pertenent 
to use URL SBL not IP addresses.
A Spammer can use any one of the anonymous proxies to submit comments, but 
their main intention is to promote some Website.

While Akismet and Karma use this type of technology the SBL is very broad 
and includes off comment Spam. The users who build the Spam list are not IT 
savy and will put all URL containing posts to the SBL, this is problematic 
because it impedes communication and free speach! IT may even cause 
unnecessary problems for the blog owner, with the user commentator believing 
that the blog owner does not like them or thinks they are Spammers, where 
they actually not!

Once a commentator is flagged as a Spammer by Akismet or Karam they are 
prohibeted from posting on Akismet filter utelized blogs!
Please refer to a number of incidents documented by PHSDL 
http://www.phsdl.net/phsdl-vs-akismet-complaint.php

PHSDL comments to ICANN blog were flagged as Spam, just today! I have 
included the message of complaint to ICANN about this, refer to buttom of 
this message.

I ahve been using SpamAssisn email filter with Cpanle for years, and never 
had any problems, with false positive.
I apply some manual email filters to fine tune the Email SpamAssissin, which 
I belive should be included in BlogSpamAssissin Filter as well by 
SpamAssissin or  by Wordpress and other developers.

BlogSpammAssin project developers you are welcome to use PHSDL public 
Malware and redirect domains Spam list in your beta development.
http://www.phsdl.net/project_honeypot.php

This SBL domain list blocks 95 percent of Spam to PHSDL honeypot forum
http://www.travelinasia.net/forum/index.php

Please let me know how else I can help and contribute to this project.
Spam is bad, very bad, but be called a Spammer when you are a commentetor is 
Even Worse!
Commentetors are Not Criminals!

Thank you
Igor Berger
PHSDL
Administrator
and
Developer
www.phsdl.net

  ----- Original Message ----- 
  From: Igor Berger
  To: Jason Keenan
  Cc: icann@icann.org ; Igor Berger
  Sent: Thursday, December 13, 2007 6:24 AM
  Subject: ICANN Public Blog Spam Filter False Positive Problem identified 
by PHSDL


  ICANN Public Blog Spam Filter False Positive Problem

  There is a problem with ICANN public blog Spam filter identifying 
commentators as potentional Spammers if there is a URL in a comment.

  Once a commentetor has been flagged more than a few times that 
commentator's IP address is blocked from commenting even if a URL is not 
used in a message.

  "Your IP address (XX.XXX.XXX.XXX) was recently used to post spam to this 
website. For this reason, you are currently not allowed to post new content. 
If you believe this is in error, please contact the site administrator."

  This is a serious public image issue for ICANN, being that ICANN is 
promoting this blog as a public forum for communication between Internet 
users and ICANN.

  I cannot even post on my PHSDL blog node! PHSDL is an anti Spam project 
being flagged as a Spammer by ICANN???

  Please unlock my account, and I will abstain from using URLs in comment 
postings!
  IMAO this Spam thing will drive all of us crazy!

  My PHSDL node ICANN blog
  http://public.icann.org/blog/2763

  Meanwhile there is Spam postings http://public.icann.org/node/318
  You must be using Akismet or Karma filter!
  Please read this to understand the problem.
  http://www.phsdl.net/phsdl-vs-akismet-complaint.php

  Thank you,

  Igor Berger
  PHSDL
  Administrator
  www.phsdl.net

Zlob Troian Spam Domain Variants

Posted by PHSDL <ad...@phsdl.net>.

I am aware of two Zlob Trojan redirect domains variants.

One is in the forum of an ActiveX that tries to install itself when a 
contaminated Website is opened in a Browser.
When using Northon Anti Viras it would crash the browser and self installed 
itself even if a user did not agree to installation. I do not know if this 
problem with Norton AV has been fixed.

But using NOD32 perevents automatic installation and allows a user to close 
the browser.

Variant two comes as a Java Cab that tries to install itself automatically 
but using Sun Microsystem Virtual Java Machine I can chose not to accept the 
installation.
http://www.java.com/en/index.jsp

There are different way that generates the attack. But all involve going to 
cantaminated site. One porn video site and click on porn video embeded 
pictures, another is just opening a url in a list of many URLs...

Thank you,
Igor Berger
PHSDL
Administrator

Alert Zlob Trojan using other domains besides Porn

Posted by PHSDL <ad...@phsdl.net>.

I just got a post with a free Web service domain url with flower sho file 
name and glass sho file names that once I went to that url, there was a long 
list of URLs  that when clicked redirected to a Malware domain that pretends 
to scan your computer.

One of the redirecting domains is yourflowershow.com

Zlob Trojan is morphing from Porn to general domains and URLs this is very 
dangerous...

Igor Berger
PHSDL
Administrator