This text is replaced by the Flash movie.
 


Site Map | Computer Help | XP Help | Message | Articles | Games | Puzzles | Fun | Quizzes | Build Computer | Remodeling | Misc | Web

A Websites fight against Spambots, Spammers and Hackers.


  • Spambots Page 1
  • Spambots Page 2

I have had to remove my Discus Message Board and my Vizbook Guestbook to stop the Comment spambots from spamming them. This is a Global Internet problem right now, any input form that is accessible to spambots, is at risk. If the spambots do not get to them, then the individual graffiti spammer will leave stuff. If you have a web site you are experiencing all these problems. I have installed a new Guestbook that includes what is called Captcha, what is it ? A test to tell what is Human and what is a Computer automated program. You can check it out on the sign in page of the Guestbook. A link to the Captcha Project
Next I put in a robot.txt file, which should be read by every bot or spider that enters the site, it tells them where not to go on the site, the bad bots do not read the robot file. These are the bad bots and need to be blocked or punished for not following the rules. Next I made sure to put the Robot-nofollow-noindex in Meta tags of the pages that the robot.txt file listed. You can view the contents of the robot.txt file on my home page, the robot.txt checker button. Well that should stop bots from going to pages that I list and they should no longer be listed on the search engines for a spammer to find, ya sure lol. Link to the Robots.txt org page
The next thing I did was make sure I named the files in the denied folders something different then what would be obvious, such as, if it is a Guestbook, name it something else, like fishing.html, so it isn't so obvious as to what it is. Next if there is a link to a certain form, if I could, I encoded the link by using this generator Hide link or mailto: I also used this to encode all my email links, (this is encoded using Java, if you have disabled Java you will not see it), a real person can still get the email address, but not a spambot. Well that should do it, ha ha ha ok
So I'm lol, yup cause I am not done yet. Next, yep there is more, I put some code in what is called a .htaccess file, this contains some code that will deny (BAD BOTS) or (BAD USERS) or allow all good users to enter my site, they are always changing the names and creating new scripts (Bots) to run on the web, some will even write a script (Bot) just to crawl a certain site, telling it what to put into what forms, devious hey. A bot or a spider is a script or program such as your Windows Search program, only these search the Internet and indexes all the pages that are not listed in the robot.txt files and puts them in a huge data base. When you do a search on Google, you are accessing that data base of indexed pages. Bad Bots do not look at the robot.txt file, they search for scripts or form fields to enter the info in or hack the script to deface a page. You have all seen the viaga, poker, etc links , Multiple Links in a row, sometimes 20 or 40 in a row every day, sorry, flash back of all the entries I had to delete, anyways, on Guestbooks and Message Boards and yes Email Spam. We are all lucky to get those,-----NOT---, that is another topic that I am not going to get into here, got enough to do with the Spambots, but setup disposable email addresses, ones that you can go to, but you can delete, once the spammers get it and they will. PLEASE do not send someone a page using the sites, Hey email this to your friends using this form, I promise not to spam them. Just fill in this form, (Oh but this friend of mine Spammer X, lol, buys them from me, he he), don't do that people.
So back to the Spambots, the htaccess file denies them access, if and that is a BIG IF I have them listed in the htaccess file. One site has about a 1000 entries lol. You can block IP addresses to, everyone has one, some have static addresses, same number and some change every time you login, like a dailup connection. Every web site has an IP address, like your street address, only we see the http-mikescomputerinfo thing instead, Spambots fake all that information, so until you positively know for a fact jack, that the abusing IP is the real abuser, I wouldn't block it. If I were to get a regular user on a Message Board that was registered and started abuse of some kind, then I would ban that persons IP Address, but if they are using a dailup connection, then I would not ban the IP, you get a different IP address every time you connect, fun hey. Well that should do it, hmmm aren't we a positive thinking person, not done yet. A link to a htaccess Guide
When it comes to a Message Board, ya know the little devils (Spambots) don't actually use the Messages Board, no no, they go directly to a Message that has the comment form on it and submit it from there. They are still trying to get to my old messages like once every minute, of ever hour of every day, persistent aren't they. I felt bad for them and reinstalled the messages, yup, well the folder and the file names of the messages and what is on those pages you ask, food for spambots. Now, I hardly get any errors for pages not there (messages) because I am feeding them. If it is a legitimate User requesting an old message from the message board, there is an explanation for them as to why they are on that page and why and what it is for. If a Spambot goes there, bogus emails, garbage and hey some forms for it to fill in, it is called a Honeypot. If your Forum or Guestbook uses MYSQL for it's data base, then the spambots cannot access it, if it is setup properly. Then it comes down to your registration process, I use Captcha and an extra question, to see it in action register on my Forum. Once a user passes the registration processes, they could spam, then you have to setup acct's so that their first few posts are approved by you, if they are legit users, promote them to an acct that is not Moderated.
What in the world is a Honeypot, well I am glade you asked, here are a couple links to some Honeypot's and if you want, you can join the fight and add a link from these sites onto your site, if you have one. The first one gives the spammer all kinds of bogus email addresses for their data base, which they will have to clean out from their data base in order to sell it lol, have fun spammer, have a taste of your own medicine. The next one is another Spambots killer with bogus emails to harvest these are encoded links to protect the good bots, these links are made from javascript, sooo if you have java turned off, the links will not work. I also have a little script that feeds the bots some yum yum lol and hopefully crashes it.
Well that should do it, I have the robots.txt, htaccess, meta: NOFOLLOW NOINDEX, rename files, renamed folders, password protected folders, captcha, encode links and email addresses, fake forms, links to anti spammer sites, a honeypot, a javascript Menu, so they can't see the links I don't want them to see or at least a bot can't see, give them fake message pages, well my work is done, ya right, it is a line of defense that has to be monitored all the time. You have to keep up with how things are evolving with the Internet, it is a lot of work and I do this as a hobby, crazy comes to mind, I must be crazy to keep doing this, yes it is a lot of work, but I think it is interesting, frustrating, challenging and a good learning experience, stimulates your mind, oh boy does it do that. lol
I'm thinking and looking at Comment Forms, I know a Form, Mike=ARE YOU CRAZY MAN, lol. My reasoning is this, my email address is still open to individual spammers, with the Comment Form I would no longer have any address on the site, hmmm. A Safe, Secure and Hack proof Form that protects my email address and the users address, that is the challenge, I'm looking at one that seems to meet the criteria, just a WEE BIT Nervous about forms, lol. It uses Captcha, so Spambots for now, are out, only sends the mail to me and does not save any addresses on the server, a plus! Oh Oh I got another spam message in my inbox Woot, err, it will only accept comments from MY website, cool, no other ( another spam in inbox) website can access the form and use it, yes they try and do that, to send spam to us using my Form, nice huh. If I install it and test it and decide to use it, (as a nervous chill goes through my body), I will have it listed under Message in the Main Menu, if and that is a BIG nervous if, why so nervous, because I had one a few years back and the form was used to send out other BAD websites mail and I had to remove it fast. Oh Oh another spam in inbox, shakes head! You can go to The Spamcon Foundation to find out more information about, what they are doing to protect our rights and some info on what we can do to stop spammers. Another site that lists some information is Spam Abuse they have links to report fraud, fake stock promoters, child porn, missing children and more.
I installed the Comment Form it is located under Message in my Java Menu, so far it is working. spammers could still send spam manually but none have yet, lol. I removed an old calendar script and replaced it with a non input java calendar. The hackers and spammers are attacking websites with a vengeance, so I'm trying to stay one step ahead of them. They are attacking any input forms and are trying to hack the scripts on the servers. This is getting pretty wild, it is like they are trying to remove any interactive content on the web, granted, most are spammers trying to drop links to websites in forms, to increase the ranking of that individual website, particularly poker and porn related sites, they have actually turned their attention to the web verses your inbox, because of the ease of running a spambot to achieve their goals. I'm really not sure where this is all going, I have blocked access to my site to some spammers, but they continue to bang on the door. Websites with limited resources might end up with non interactive content only on their websites, that would be a real shame. Well the story is unfolding, only time will tell and by the way, the bad people know all this stuff and more, it is us trying to stay ahead of them.
If you have a comment or question, use the Contact Mike Form under Message.

New exploit, no, there can't be more, yep, a Spambots or individual spammer is spamming the Email Chess Game form, unbelievable, the links do not even display on the site, only in a file on the server, I delete the files and the next day or so, spammed again, shakes head, sooooooooo I had to write a script and added it to the chess board script, to limit what could be inputted onto the form. I also remove the Old Calendar, old script and the upgraded version is no longer free-90-free, so to stop the script from being Hacked, I removed it for security reasons. Looking for an alternative calendar that is free and users can input special events, like my anniversary, dang I miss that calendar, dates ya I remember, oops forgot dear, ouch, anyway's, Thanks Spammers, you ever thought about Golf or maybe some kind of legitimate line of work. For now I have a non input calendar, oh well, at least we will know what day it is. At the rate this page is growing, I may have to do the page 1 2 3 4 link thing. 3:02 AM 8/26/2006 Spammer 1 Mike 0, hmm, spammer person was able to post the links, not from the form though, hmm, remote form perhaps, well next strategy, guess the new file names spammer!
5:30 pm 8/26/2006 New exploit from referrer spambots. Now they are putting website addresses in their fake referrer information, (yes I know referrer has 2 fs, but it has become the standard in regards to spamming). They are actually putting in real website addresses they always have an address, these are not redirected or hopping from one to another, they go right to the site, anyway's it seems, to be the address, there is a popup window behind them, maybe they are hijacked pages of sites. Most are now about car insurance, what next, the web is changing because of a few bad apples, you will have to jump through a lot of hoops to be able interact with a website. Even though on my site access on folders they are trying to access is forbidden, they still just keep pounding on the door, their bots are wasting precious time, trying to access information that no longer exists, do the words, Hey Stupid, Hellooo, your bots can not get to those files anymore, move on to an easier target, jeepers creepers, duh! So the saga continues, if you run across spam links on a website, please do not click on them, you will be rewarding these people by clicking the link or should I say multiple links, if we all work together, maybe we can make it unprofitable to spam. Cheers!
8/31/2006 All is quiet, shhh, whispering, they are still banging on the door *hear them lol* seriously, no new exploits, WOOT, lol. Well maybe now I can try reinstalling the Message Board, the only draw back would be, that in order to keep them off the messages, the board would have to be a completely private message board and to be truthful, I do not think I have that many users that would be interested in it, if any actually, it is just not that kind of site. The board did have over, if I recall correctly, 1500 post about computer help questions, that is a lot, but that was with a public posting open type board, which would be spammed to death now. Even a just plain old auto registration type board would get spammed, I would like to use Discus again, so I can reinstall all of the old post, but they are still trying to figure out how to combat these spammers, they have added captcha, but the message data bases are still accessible to the spambots unfortunately, unless you go with the private forum. Heck the Guestbook/Message board I have up right now, no one has used, I think most people have converted to XP or Linux and to be honest, XP runs pretty much trouble free, good job MS : ). Once you have XP tweaked the way you want and for how you use it, it just purrs like a kitten. Just do not forget to run Scandisk and Defrag every so often. I would have put this on my Blog, but lol, when I enable users to make comments, yep! spammer time. I really wonder why the ISPs do not somehow, disallow changing the referrer headers, so these spammers could be tracked or at least be suspicious of a WHOLE lot of activity from a user, I know some of the spammers have their own servers and are working out of open machines (they dropped a worm on some persons computer) and then spam from those computers. You know what that means, use antivirus software, if you can't afford it, use AGV free addition it is running on all of my computers and have had O problems with it and run Malwarebytes Anti-Malware free it will get rid of the spyware. Well enough of my babbling, Happy Computing : )
09/10/2006 All is quiet on the spammer front, they are still pounding on the door, wasting time, but otherwise quiet. : )
09/23/2006 Still no attacks on anything on the website, still pounding on the door, but are Forbidden Access. They have now switched to Home Insurance, they just do not give up.
10/15/2006 Still quiet, still hitting the Old Message Board folder and they are still denied access, I am beginning to think that the Spammer is a little short in the brains department, the spambot is wasting time trying to access those files, apparently it does not log the fact that it is receiving a 403 Error or the spammer is just trying to use up my Bandwidth.
11/12/2006 They are still trying to access the one folder and are still denied access. My error log files are filled with these error requests, it really makes no sense to me why they continue to slam that folder, the latest log file had 1253 403 denials to that folder they went from [Sun Nov 12 05:27:19 2006] [error] to [Sun Nov 12 19:12:38 2006] [error] oh well, I guess spam and spambots are here to stay and will probably never go away.
05/27/07 They have finally stopped trying to access the message board folder, has been quiet for a long time (mike knocks on wood table).
10/01/2009 I have moved to a new web hosting company on 04/2008 and they are really good Branzone support is second to none, they have anti virus and a spam filter setup at the server level which really cuts down on spam and viruses getting into my email box. They also are very aggressive with their firewall to block spammers getting to their clients sites. I have not been bothered by any spammers or hackers for a while now ( knocks on wood ) but then I have aggressively locked down all input scripts on my site. On my Forum they use Re CAPYCHA which has 2 words that need to be imputed, seems to work good, but I also ask another question. I also use different names for folders and files like "akdunche" and do not have them indexed by the search engines. I also only have links to them in a Java Menu which are not scanned by bots. To keep track of passwords and names for password protected folders, Mysql data bases, Bank Accts, etc, I use Password Safe it will generate very secure passwords for me and I only need to remember one. You can also put a link to a login page and the safe will open the page for you. Another great thing about it is that I have it on a USB Flash Drive so nothing is on my computer and I can access it from any computer that has a USB port. You can check it out here PassWord Safe.
05/25/2010 Have not had any problems with spammers or hackers. I have removed some software that was not beinging maintained and updated and replaced it where possible with newer, maintained software. Most software now days is written with PHP which is much safer then the older languages, you can chmod all of it to 644 and does not need to be in the cgi-bin. It is very important to keep all your software up to date with all the latest version and or patches. If the author nolonger supports it stop using it, remove it and install something that is supported. Some software also has conversion tools for coneverting your database info to the new software.
If all of a sudden the website goes down and then a few seconds later, poof, back up again, it is only me adding something new to my htaccess file and oops! I coded it wrong, Sorry :- (
If you have a comment or question, use the Contact Mike Form under Message.

 


Copyright © 2007, Mikescomputerinfo.com, All Rights Reserved.
Reproduction of information on this site, is prohibited without written permission.
Microsoft is in no way affiliated with, nor offers endorsement of this site.