You are viewing a plain text version of this content. The canonical link for it is here.
Posted to blogspam@spamassassin.apache.org by PHSDL <ad...@phsdl.net> on 2007/12/12 23:57:00 UTC
BlogSpammAssassin project is very important contributions by PHSDL
I am really excited to bring my experience to BlogSpamAssassin project!
As a PHSDL developer and administrator I have been fighting forum and blog
comment Spam for a year now!
The biggest problem is Malware and redirect domain Spam in comments.
In devising an anti Spam Filter for blogs and forums, it is very pertenent
to use URL SBL not IP addresses.
A Spammer can use any one of the anonymous proxies to submit comments, but
their main intention is to promote some Website.
While Akismet and Karma use this type of technology the SBL is very broad
and includes off comment Spam. The users who build the Spam list are not IT
savy and will put all URL containing posts to the SBL, this is problematic
because it impedes communication and free speach! IT may even cause
unnecessary problems for the blog owner, with the user commentator believing
that the blog owner does not like them or thinks they are Spammers, where
they actually not!
Once a commentator is flagged as a Spammer by Akismet or Karam they are
prohibeted from posting on Akismet filter utelized blogs!
Please refer to a number of incidents documented by PHSDL
http://www.phsdl.net/phsdl-vs-akismet-complaint.php
PHSDL comments to ICANN blog were flagged as Spam, just today! I have
included the message of complaint to ICANN about this, refer to buttom of
this message.
I ahve been using SpamAssisn email filter with Cpanle for years, and never
had any problems, with false positive.
I apply some manual email filters to fine tune the Email SpamAssissin, which
I belive should be included in BlogSpamAssissin Filter as well by
SpamAssissin or by Wordpress and other developers.
BlogSpammAssin project developers you are welcome to use PHSDL public
Malware and redirect domains Spam list in your beta development.
http://www.phsdl.net/project_honeypot.php
This SBL domain list blocks 95 percent of Spam to PHSDL honeypot forum
http://www.travelinasia.net/forum/index.php
Please let me know how else I can help and contribute to this project.
Spam is bad, very bad, but be called a Spammer when you are a commentetor is
Even Worse!
Commentetors are Not Criminals!
Thank you
Igor Berger
PHSDL
Administrator
and
Developer
www.phsdl.net
----- Original Message -----
From: Igor Berger
To: Jason Keenan
Cc: icann@icann.org ; Igor Berger
Sent: Thursday, December 13, 2007 6:24 AM
Subject: ICANN Public Blog Spam Filter False Positive Problem identified
by PHSDL
ICANN Public Blog Spam Filter False Positive Problem
There is a problem with ICANN public blog Spam filter identifying
commentators as potentional Spammers if there is a URL in a comment.
Once a commentetor has been flagged more than a few times that
commentator's IP address is blocked from commenting even if a URL is not
used in a message.
"Your IP address (XX.XXX.XXX.XXX) was recently used to post spam to this
website. For this reason, you are currently not allowed to post new content.
If you believe this is in error, please contact the site administrator."
This is a serious public image issue for ICANN, being that ICANN is
promoting this blog as a public forum for communication between Internet
users and ICANN.
I cannot even post on my PHSDL blog node! PHSDL is an anti Spam project
being flagged as a Spammer by ICANN???
Please unlock my account, and I will abstain from using URLs in comment
postings!
IMAO this Spam thing will drive all of us crazy!
My PHSDL node ICANN blog
http://public.icann.org/blog/2763
Meanwhile there is Spam postings http://public.icann.org/node/318
You must be using Akismet or Karma filter!
Please read this to understand the problem.
http://www.phsdl.net/phsdl-vs-akismet-complaint.php
Thank you,
Igor Berger
PHSDL
Administrator
www.phsdl.net
Zlob Troian Spam Domain Variants
Posted by PHSDL <ad...@phsdl.net>.
I am aware of two Zlob Trojan redirect domains variants.
One is in the forum of an ActiveX that tries to install itself when a
contaminated Website is opened in a Browser.
When using Northon Anti Viras it would crash the browser and self installed
itself even if a user did not agree to installation. I do not know if this
problem with Norton AV has been fixed.
But using NOD32 perevents automatic installation and allows a user to close
the browser.
Variant two comes as a Java Cab that tries to install itself automatically
but using Sun Microsystem Virtual Java Machine I can chose not to accept the
installation.
http://www.java.com/en/index.jsp
There are different way that generates the attack. But all involve going to
cantaminated site. One porn video site and click on porn video embeded
pictures, another is just opening a url in a list of many URLs...
Thank you,
Igor Berger
PHSDL
Administrator
Alert Zlob Trojan using other domains besides Porn
Posted by PHSDL <ad...@phsdl.net>.
I just got a post with a free Web service domain url with flower sho file
name and glass sho file names that once I went to that url, there was a long
list of URLs that when clicked redirected to a Malware domain that pretends
to scan your computer.
One of the redirecting domains is yourflowershow.com
Zlob Trojan is morphing from Porn to general domains and URLs this is very
dangerous...
Igor Berger
PHSDL
Administrator