It was waiting to happen and it has.

Regular readers would have read a few rants about my internet connection.
I have a “broadband” connection with Exatt.

It works using PPPOE and am assigned a dynamic IP everytime I login.

That is fine, but of late I have been noticing that the IP Addresses are all blacklisted in Spam Databases!

The first time I noticed it was with the latest version of Bad Behavior, when I got blocked out of my own blog. Had to downgrade.

And, today I noticed it with Digg.

A spam database lookup for my IP at DNS Stuff finds it in a good number of Blacklists.

I can’t blame Exatt here however, because I am sure that these IPs have been abused by stupid spammers and users with infected computers

I’ve been initiating removals of my IP Address from these lists. But, is there a solution of removing blocks at one shot?

Don’t ask me to contact Exatt for this, because they suck in Customer Care. I don’t think they even know if there is such a thing called Customer Care.

Update:
I wrote to Digg today about the IP address problem. Seems like I was totally mistaken about the reason I was blocked. The reason I was blocked was because I gave UserSubmitter a shot and after a single set of diggs itself, my Digg account was blocked. Digg was kind enough to let me off this time with a warning.

Lesson learnt. Am posting it out here so that all you folks out there will be careful before using such services like UserSubmitter.

I have faced a good deal of problem with sploggers.

While I had one who just stole every post of mine, another kept picking up all my posts because it had the content “copyright”!
And that is because my feeds include a copyright notice.

Owen has released a new plugin title AntiLeech which helps fight sploggers.

AntiLeech does not prevent the splogger bots from accessing your site. It produces a fake set of content especially for them that includes links back to your site (and mine, too, ok?) and sends it only to them. When they steal this content, it appears online just like normal, except now you’ve turned the tables on them and have provided them with useless content.

Read more and download the plugin »

I have seen a lot of emails from African scamsters and most of these usually land up in my Bulk box.
Today, my dad today received a similar scam email. However, what was surprising was the nature of it’s customization.

Firstly, the subject of the email addressed my dad by his first name.
Secondly, my Dad is in the Gulf and the “merchant” also happens to be from there (or so he claims). Mere coincidence?
Thirdly, my Dad is also very active religiously, and the person in the email is rather repents.

However, the contents of the email remain similar to most scams. Person being diagosed with cancer, has a lot of money, wants to give it to you … blah … blah …

Hello dear,

I am Mr. Lawson Rhodes, a merchant in Dubai, Arab Emirate. I have been diagnosed with Cancer which was discovered very late, due to my laxity in careing for my health. It has defiled all forms of medicine, Right now I have only about a few months to live, according to my Medical Doctor. I have not particularly lived my life so well, as I never really cared for myself but the oil business. Though I am very rich, I was never generous, I only focused on my business as that was the only thing I cared for. But now I regret all this as I now know that there is more to life than just wanting to have or make all the money in the world.

I believe when God gives me a second chance and heal me I would live my life a different way from how I have lived it. I have sowed a seed for my healing I have willed and given most of my properties and assets to my immediate and extended family members and as well as a few close friends.

I want God to be merciful to me and accept my soul and so, I have decided to give arms to charity organizations and give succour and comfort to the less priviledged of the Tsunami Victims, as I want this to be one of the last good deeds I do on earth. So far, I have distributed money to some charity organizations in India and Malaysia. Now that my health has deteriorated so badly, I cannot do this my self anymore. I once asked members of my family to close one of my accounts in Saudi Bank and distribute the money which I have there to charity organization and to the less priviledged in Bulgaria and Sudan Africa They cashed the money but kept it only to themselves. Hence, I do not trust them anymore, as they seem not to be contended with what I have left for them already.

The last of my money which no one knows of is the huge cash deposit of twenty two million dollars $ 22 million that I have in the Vault of a Financial company in europe for safe keeping.

I want you to collect this deposit on my behalf and disburse it to the Tsunami EarthQuake victims in Asia for the less priviledged.

I will set aside 20% for you for your time and efforts. I need your urgent reply so that I will not have to go on sourcing for a credible person to handle this project.

If you are okey with the condition, do not hesitate to send me mail so that i can furnish you up with all the informations needed.

I wish to hear from you soon.

God bless you.

Mr. Lawson

—————————————————————
Universia – Esse e o seu Universo.
www.universia.com.br

Please note that this is a scam and if you receive something like this delete it immediately.

I had realized that a site CrazyFactor.com run by John Comokaz has been scraping my RSS feed for quite a while and publishing the content as his own.

He has been using a software by Elliot Back for this purpose.

I got a notification from a visitor that John is now trying to sell off CrazyFactor on SitePoint Auctions.

Being stuck in India and I am absolutely sure I can’t do much, I got down to writing to Feedburner support, many of the authors whose content is being stolen (including Robert Scoble), the host Bitesites (whose support is so crappy I am sure I won’t even think of hosting with them) and Sitepoint (where the auction is being held).

I didn’t receive a reply from any of the authors, though I did find a post by Robert Scoble (not sure if he found out because of my email or just otherwise).

I haven’t received a reply from SitePoint. I guess they don’t even bother looking at emails from small folks like me, even if illegal sites are being sold on their Auctions. A bid has for $50 has been received for the auction. Guess there are buyers for illegal sites as well!

As for the host, I received one reply and after that none. CrazyFactor continues run even today and I guess not only will it run, but it will also be sold!

From what I notice about John Comokaz, his entire business deals in scams and splogs. By using RSS Scraping software he builds sites and then sells them off.

I would like to compliment Feedburner support for their quick and helpful response. They have even gone to the extent of offering to give me any kind of log data to help prevent the theft. However, my latest posts haven’t been appearing on CrazyFactor (possible because I banned the host servers in my .htaccess).

I’m hoping Robert succeeds in doing something. You need people with more influence to work their magic!

Any suggestions on what should I do? (Legal action isn’t really an option)

Update 1: I have also written to Google Adsense. But, I don’t know how much they will do since the ads have been removed from the site.

Update 2: I received a reply from Sitepoint Marketplace Support saying that they can do absolutely nothing about this!

Hello,

Thank you for contacting us about this.

Unfortunately, SitePoint is unable to offer assistance when a dispute such as this arises between two members. We don’t act as an intermediate party in any transactions and therefore cannot vouch for the reliability of any member or items for sale. We encourage participants in our Marketplace to do as much research as possible before conducting any transaction.

While I would like to follow this up for you, we really don’t have the resources to do so or the qualifications to make judgements about what is and what isn’t stolen content.

Our Marketplace does not currently have a feature allowing members to leave negative feedback about other members. Since leaving negative feedback in a comment is not allowed, this is an issue we are currently looking into.

Best regards,

I am extremely surprised to receive such a response from the Sitepoint team. Then again, aren’t they getting a cut from every sale? X(

Maybe if they understood that it wasn’t a dispute between just two members and that I wasn’t giving negative feedback they would understand the gravity of the situation.

They may probably sit up when a similar splog steals the content of their articles and publishes it as its own.

Update 3: The site and the other blogs in the account that scrapped content have been suspended. Thanks to Tailor Made Servers for their prompt action.
And this wouldn’t have been possible without Duncan‘s help.

While I do have Bad Behavior and Spam Karma 2 running, I have always wondered on how to track down and stop spammers.

I asked Spamhuntress on how she finds spammers by going through her site logs and she was kind enough to write a detailed article on how to.

I too admit the entire procedure is quite complex, but I am going to give it a good shot.

Blog spam is something that every blogger fears. Spam appears in different forms. It can vary from trackback or pingback spam, comment spam, deliberate harsh comments to email harvesting and spam resulting from it.

Spam cannot be stopped. But by following a few good steps you can protect yourself from it.
This tutorial will teach you how to protect your WordPress blog from spam.

Before they hit you

This should be the first thing you do to prevent spam. I have found two very effective plugins which do the job very well. One is Bad Behavior and the other is Referrer Karma. I am currently using Bad Behavior on my blog. Optionally, you can add my Bad Behavior Stats Plugin to display the number of blocked attempts on your blog.

Yet another step to prevent bad bots and spam is to use your .htaccess file to block them. JavaScriptKit has a good tutorial on Blocking bad bots and site rippers (aka offline browsers). Simply copy-paste the code they give you into your .htaccess file and your ready.

As and when they hit you

Unfortunately the steps above alone will not protect you completely. Though the plugins above do an excellent job, I will admit that spammers are smart and they find a way to get through and you will suddenly see your blog filled with spam comments.

Some spammers do get through the above protection, and then you gotta take another step to protect you.

To prevent this one of the most effective plugins I have found to date is Spam Karma 2. It provides many checks and drastically reduces the amount of comment, trackback and pingback spam.

Once again, though SK2 effectively blocks most of the spam, it does struggle when a spammer personally enters the comment on your blog. On the surface it may appear rather innocent but infact is just another spammer in disguise pointing links to his site. And they rarely appear again on your site.

So, the next thing I did was install the Moderate Plugin for SK2. This plugin will ensure that new posters will land into moderation for your approval. So even if a person gets through Bad Behavior and Spam Karma 2, you can choose whether you want to approve this comment or not.
Remember though for this to effectively work you need to ensure that these two options are checked
1. “An administrator must approve the comment (regardless of any matches below)” (under Options ? Discussion)
2. “Comment author must have a previously approved comment” ( also under Options ? Discussion)

I have found by following the two steps above I have remained spam free for a long time now.

WordPress now comes bundled with an anti-spam plugin called Akismet. Akismet works in a different manner from SK2. Here, when a new comment, trackback, or pingback comes to your blog it is submitted to the Akismet web service which runs hundreds of tests on the comment and returns a thumbs up or thumbs down.

When the plugin catches something as spam it saves it in the database for 15 days in case you want to check it out manually and then automattically deletes it. In the unlikely event something gets incorrectly identified as spam you can correct it and it submits the “false positive” back to Akismet for analysis and improvement of our system. If a spam comment happens to get through and you mark it as spam within WordPress, it does the same thing. Akismet becomes more effective the more you use it.

Using Akismet is very easy. Download the plugin and enter your WordPress.com API Key.

You also have an Akismet Worst Offenders Extension that pre-processes the spam comments and identifies the worst offenders in terms of the domain that?s being advertised, or (perhaps more usefully) the IP Address of the spamming computer.

And to get the best of SK2 and Akismet get hold of the Spam Karm 2 Akismet Plugin. It is a plugin for SK2 that checks the comments with the Akismet web service and thus just making SK2 better.

Yet another plugin is WordPress Hashcash 3.0. Every four hours, your blog picks a random large number (close to 32 bits). Whenever a visitor visits your permalink pages, an ajax call is made which retrieves some javascript. This javascript first decrypts itself, then executes itself again to retrieve the secret value, which it sets in the form. Then it enables the submit button. If a comment does not have this value, it is rejected. If a comment is rejected more than four times, the user is blocked for a specified period of time.

Email Spam

In addition to protecting your blog from comment spam you can take one extra step and protect yourself from email spam from your blog.

The first and most important thing to remember is that putting a mailto: link on your website is an open invitation to spammers.

The best and highly recommended method to let visitors get in touch with you is to use a contact form.
Two popular contact forms for WordPress are PXS Mail and WP-Contact Form.

And if you really want to use your email address on the site then you can make use of either Transpose Email Plugin or EmailShroud Plugin. Both of these use javascript to obfuscate your email address thus prevent email harvesters from getting hold of it.

The former requires the user the manually enter in the code on their blog which is more work but won’t mess up your site.
The latter does this automatically but your links problems could be damaged.

Additional resources:

• Combating Comment Spam
• Spam Tools
• Tackling Comment Spam
• WikiPedia’s Spam in Blog

So what do you do to protect yourself from spam? If you have any suggestions or recommendations please do comment.

If you like this tutorial, please do digg it.

Have been getting a lot comment and trackback spam both on this blog as well as the blog of my friend Melody.

My blog is powered by WordPress, but I have b2evolution running for her.

Have added a lot of spam words to her block list of b2evo and it seems to have currently stopped. I guess b2evo has much better spam handling capacities than WP, especially since it has Central Blacklist.

For WP 1.2.2, I have a lot of plugins and hacks enabled.

For one I use the Comment Preview hack for comments which blocked my comment spam.

However, that’s when I started getting hit by Trackback Spam. Even Kitten’s Spaminator wasn’t enough.
Have finally installed the Auto Shutoff Comments plugin to shutoff comments after a 14 day period. This should stop a good amount of Trackback spam usually targets posts which are more than that period.

Another good solution is to disable Trackback only:
Do this in the SQL field of phpMyadmin

Update wp_posts
set ping_status = "closed"

or

Update wp_posts
set ping_status = "closed"
where post_date < "2005-01-05"

if you want to disable trackbacks before a certain date.
Ofcourse, edit the date and run this regularly.

Seems to have stopped the spam as of now. I’m sure they will find a way around it. I’ll be waiting…