Kimler Sidebar Menu

Kimler Adventure Pages: Journal Entries

random top 40

May & June SPAM Stats

May & June SPAM Stats

July 4th, 2007  · stk

Randsco SPAM stats for May and June. Over 45,000 visitors and nearly as many SPAM attempts. Some were successful. Graph, tables & a few oddities that stand out in the crowd are presented. See who broke through the defenses and why.

Barbarians at the Gate

We apologize for May's late SPAM report and we thank those that emailed us, asking about it. We were busy sorting out server problems, because the Randsco website was hit or miss for over a week. SiteGround (our hosting provider) was trying to fix hardware problems on their server. Finally, they bought a brand new server, moved everyone across, then told us we were consuming too many resources! Eye-veh!

Despite technical glitches, Randsco readership hit new highs during May and June, with each month logging over 20,000 visitors! Now that the website is stable again (fingers crossed), we have time to post the monthly SPAM stats. We'll cover the last two months - May and June - in this one report.

In April's report, we said that our perfect, SPAM-free record was broken by a single SPAM message. (Poor Bridget, desperate for human contact, left us a comment in which she said, "I want sex".)

May and June both, have yielded additional SPAM messages, though none quite as compelling as Briget's. By comparison, it seemed like the SPAM floodgates were open. It turns out that it was partly webmaster error and partly spammer success.

Does this mean our blocking methods don't work? How bad was the damage?

To see who's laughing now and why ... read on ...

 

May's Mishaps

IP Address SPAM Attempts
82.146.57.30 1,994
87.118.106.4 404
82.146.62.66 286
60.208.64.177 181
216.246.79.5 173
216.246.79.4 153
66.128.43.58 117
81.177.22.111 102
66.225.201.42 97
83.211.3.16 80
62.231.243.136 67
195.225.177.39 66
65.254.77.129 65
195.175.37.71 64
165.228.130.12 63
165.228.128.11 62
87.236.197.249 60
165.228.132.11 58
195.175.37.8 58
81.177.14.5 55
165.228.131.12 52
195.175.37.70 50

During the month of May, 18,234 SPAM attempts, from 7,300 unique IP addresses were blocked. It's about a thousand more than were blocked during April and by all measures, it would appear that the SPAM-stopping success continued.

The problem is that 11 SPAM messages made it onto the blog during May. A couple of tentative SPAM comments came on the 23rd and 24th, but 8 were deposited on one day - the 25th!

WOW! What a flood!

"What the heck is going on?" I thought.

It turns out, as we do from time-to-time, we had tweaked the algorithm that we use to determine if a comment is "spammy". We did that on the 22nd. In my haste to add additional checks, I had inadvertently removed an older (and apparently quite effective) method. :oops:

I wasted no time in correcting the problem. As a result, we only received one more SPAM message in May, on the very last day of the month.

Several conclusions can be drawn from this incident:

  1. There's a very thin line between "SPAM-free" & "flooded with SPAM"
  2. When you find a method that kills SPAM - it's astonishingly effective.
  3. SPAM-killing is a moving target because spammers are always changing their methods.
  4. Killing SPAM is simple, ALWAYS killing SPAM a challenge.

Nearly all the SPAM messages that made it through were about buying "cheap meds online". None were very entertaining, although one spammer was courteous enough to say, "Thank's[sic] the site owners [for allowing my SPAM messages on your website and putting profit into my pocket]".

Maybe spammers wouldn't be such a nuisance if they paid site owners a percentage of their profits, kind of like Google-Ads?

Anyway, the bottom line is that 11 SPAM messages got through in May, but 18,234 were stopped at the gate (that's a 99.94% success rate at blocking SPAM). Not a "perfect" record, but still pretty darned good, I'd say!

Of course, the persistence of some spammers (who, despite obvious failure, continue to try and leave SPAM messages) astounds me. There were some 22 spammers who tried 50 times or more, during the month, to deposit their silly messages on Randsco. The most persistent of the bunch tried nearly 2000 times! What a fool!

 

 

June's Jewels

IP Address SPAM Attempts
82.146.62.66 1,861
66.232.101.20 1,042
87.118.106.4 375
62.231.243.137 204
216.246.79.4 170
62.231.243.138 170
216.246.79.5 169
66.232.100.181 157
195.2.114.1 153
195.225.177.34 105
195.225.177.39 76
62.231.243.136 76
87.106.12.174 63
69.159.192.24 54

June's SPAM total was slightly higher than May's. During June, 18,552 SPAM attempts, which came from 8,075 unique IP addresses, were snuffed out without wasting many server resources, using our fancy SPAM-busting defenses.

Also like May, several successful SPAM comments were deposited on our Randsco blog and had to be manually deleted (just as they had to be manually entered). Five such messages arrived during the month. Four of them landed on this popular post (which just confirms my suspicion that once spammers find a post to SPAM, they tend to return to that post again and again).

Spammers switched up their messages in June, pushing pornographic websites, rather than cheap online medications. One SPAM message was particularly interesting, because it led to a legitimate WordPress blog at Earth911.com. Spammers had hacked the WordPress installation and posted their porn directories as blog posts, then spammed other blogs with links to the hijacked blog posts, which - in turn - linked to a variety of pornographic websites. What a tangled web, eh?

I wrote the folks at Earth911 and told them what was going on. They were very thankful for the message and said they'd only recently switched to WordPress and were still "working out the bugs". Security holes are pretty big bugs in my book! (Earth911 folks wasted no time in closing their WordPress security hole and the hijacked posts were deleted, some time ago).

There were 14 spammers in June that tried to leave 50 or more SPAM messages on Randsco. This is substantially lower than the 22 the month before. Are the spammers getting the message? I think not. With June's top spammer knocking unsuccessfully on our door over 1,800 times, it's clear that they lack the ability to get the message that "spamming Randsco is a fruitless endeavor". They buy a computer for a thousand dollars, shell out a few hundred for some automated SPAM software like this, pop a beer and sit outside, letting the computer SPAM websites (those that allow SPAM) across the globe. Heck, they might even make money doing it, though I'd sure like to find a way to turn THAT table around. :D

 

 

The Spammy Conclusions

Randsco Comment Policy

  1. ANYONE can comment
  2. Links are allowed
  3. Immediate publishing
  4. No hoops to jump
  5. No .htaccess black lists

With readership records breaking, every month seems to hit a new high, we're noticing that Randsco is seeing a corresponding increase in SPAM attempts. Both in terms of the total number of attempts and the number of unique IP addresses. This trend is shown in the corresponding graph, which we'll continue to update, each month.

Fighting SPAM is an ongoing effort and although it's relatively simple to stop, the challenge appears to be stopping it consistently, as spammers change up their slimy tactics. Besides making an effort to stay several steps ahead of spammers, we're noticing that the number of barbarians at the gate continues to rise. We'd like to put a stop to this.

We're formulating a plan to put some "teeth" into the mix. After all, the best defense is a good offense! We know that we're successful when, like bloggers, spammers will keep a blacklist of websites that shouldn't be spammed! We're striving to have ours FIRST on that venerable list of sites just 'not worth the hassle'.

We'll continue to report from the trenches about our successes and failures. Hopefully, we'll see the numbers dwindle, as time goes on. In the meantime, feel free to make use of the top spammers lists, to help keep these barbarians outside of your gate, where they belong.

As always, we'll be holding down the fort by allowing wide-open commenting, on this website. With over a 99.9% success rate at blocking SPAM ... we continue to laugh in the face of the onslaught.

(Permalink)
Views: 13572 views
5 Comments · GuestBook
default pin-it button
Updated: 5-Jul-2007
Web View Count: 13572 viewsLast Web Update: 5-Jul-2007

Your Two Sense:

XHTML tags allowed. URLs & such will be converted to links.


Subscribe to Comments

Auto convert line breaks to <br />

1.flag Gary Comment
07/06/07
Hi Scott,
Not sure if my emails are getting through to you. If they are then please ignore this.

...but a very big thanks you for all your help finding the bug in my css.
It was nice of you to help me, I owe you one :-}

Gz
2.flag stk Comment
07/06/07
No worries, Gary. Glad I could help out.

-stk
3.flag Glenn Comment
09/03/07
Scott how do I go about setting up what you have for SPAM protection, I got a email today that had my @siegnet.us with some crazy user name in the front. I thought I saw a article you did can you hook me up with a link to said page.
4.flag stk Comment
09/03/07
Glenn,

Are you talking about SPF records? (Seems like that's what you're needing, rather than anti-SPAM).

Check out the article on SPF records and, if so, follow the links to stop spammers from sending their SPAM in your name!

If not, then let me know.

Cheers,
-stk
5.flag Ruud Comment
11/12/07
How about the quotes? It seems you need to enclose the SPF records in quotes.
  Here I still have trouble with Hotmail; I don't even get bounces back but the mails sure also don't arrive. :(