Spam River Dammed Again

I tried using a new comment form that included a “human verification” bit in it. But, for some reason, it wasn’t working. The form works well as a Contact form, but I couldn’t talk it into being a comment form. I tried to fix it but decided, for various reasons, that it wasn’t worth it.

So I dumped that and now have am trying a new plugin “Math Comment Spam Protection“. It doesn’t seem to be supported very well by the designer but it does work. The idea is to stop spammers from even submitting a comment and clogging the database and site resources.

As an example of this, I took down the cforms version and put up the one I had been using for years. I uploaded and turned on the new plugin. In that span of time, maybe two minutes tops, I got THREE spams. THREE. What a mess. Luckily, SpamKarma caught them and dumped them with glee but still, geez people, get as freakin’ life!

Please let me know if the form works for you or not. If it does not, use the contact form to, well, contact me about it. Or email me if you know the address.

Dam the Spam River

Okay, what happened the other day tried to happen again today. But, I happened to be one step ahead of the bastids!

I had already changed the comment form over to one that has a simple pre-filter installed. In the midst of making it look purty, I got the File 500 error again. I checked the webhost’s resource chart and while it said it was still within limits, the time-stamp said it was 45 minutes old. So I went to the database and SpamKarma’s log was stuffed full again. Nearly 700 spam just in the past 24hrs. So I deleted them all and the File 500 errors went away. Yay me!

I set the Settings>Discussions to turn off all Trackback/Pingbacks but all that does is uncheck the box for all future posts/pages. I went to WordPress’s Extension list and found what I needed. “Auto-Close Comments, Pingbacks and Trackbacks” is a plugin that allowed me to turn off ALL comments and trackbacks to ALL posts and pages. I could even leave open one that gets regular valid comments.

The comment form I am using now is called cforms and while the look of it is kinda gross, I do like the built in pre-filter. By pre-filter I mean it stops spammers from even submitting a comment. It doesn’t make it to the comment moderation where it clogs up the pipes. I opted to not go with the captcha images because I hate them myself and wouldn’t want to inflict them on others. Instead, it has a set of simple questions that the commenter must answer before the comment will move on. The questions are simple stuff (what is two plus two?) BUT they work. Yes, spammers can make their way around it eventually. But Shirley To Shit they aren’t that driven for this little known blog!

If anyone has any trouble with the comment form, let me know. I’ve not checked the accessibility issues of it (Elena?) yet and hope all is well on that front.

Oy! What Happened?

I don’t really understand what happened. All of my sites are on a private server with my webhost. It makes tracking problems down quite simple since errors mean it is either on my end or theirs. No middle folks to deal with. One of the things I can do with the server is set the amount of space my websites can use. More space than it is using means the sites run faster. Less space and everything slows to a crawl or stops altogether. My space prior to yesterday was a mere 235mb. The most I had used was around 150 or so but with Mike’ new site, that had been slowly rising. But at some point yesterday, the memory usage spiked to over 450mb. And the sites shut down. All of them. But I didn’t even think to look there when I first found out the sites were down.

I contacted tech support and checked out the forum and some other places but really had no clue what was wrong. I put up a “site down” message so that folks wouldn’t wonder if they had a problem on their end. I got an answer from tech support and he pointed out the memory usage as well as a huge memory usage within the databases. Spammers were smacking one or two of the sites hard and all their blocked messages were being stored in the database. I raised the memory usage to 500mb, made some changes to the .htaccess files (which I had never ever touched before), and made a “robots.txt” file and put it on all the main directories. I went to the databases and “dropped” all the stuff in the SpamKarma tables. I left the blacklist alone, though.

Within a few hours, the extra memory was gobbled up. I waited. I checked the error logs again. I added another IP block or two to the .htaccess file. I waited and finally gave up and went to bed. We had things to do today and I didn’t get a chance to check anything until this afternoon.

So now, there it is. Everything is working. And I learned a few things. While the problem was with just one site (this blog, actually), the memory usage downed them all. I now know that when all of them is down, then there’s a few places to look first.

Spammers are the armpits of the internet, aren’t they?

UPDATE: Holy shit! I just got finished deleting well over 10,000 spam comments! All of them porn crap (surely Asian teens have more to do?) or prescription meds for men.

Contact Form Updated

I had been getting a plethora of spam via the contact form. I’ve had it turned off for several months now.

On Mike’s site (“Mike’s Doghouse“), I’d started using a plugin called “cforms” and decided to do the same here. It looks ugly at the moment but making it look pretty is not a priority at the moment. For now, it works so, hey, there you have it.

I’ll be putting up the same thing over at the main website, “It’s Only Words…” later today.

Lottery Winnings

No, I’ve not won the lottery. Gotta buy a ticket first and, frankly, I’d rather put my dollar with the others in the Mason jar out in the back yard. Dang, I told y’all where it was and now I gotta move it.

Anyway, this post is more about Spam than anything else. That and gullibility.

I use Mozilla’s Thunderbird for my email accounts. The junk/spam filter on it is pretty good and it learns quickly. I set up other message filters to get rid of the obvious ones. If the spam filter thinks it has a spam, it sends it to the Junk folder where I then can check it out and delete it. I have it set up so that anything I say is spam is sent directly to the trash folder which is emptied each time I close down Thunderbird.

I have an idea for a really good junk/spam filter: have a spell check built in. If the subject line contains a \ or ! in the middle of a word, chuck it out.

Lately I’ve been getting a lot of lottery emails. It’d be funny except I know people actually believe those things. So, here’s some hard facts: If you won a lottery in the Netherlands or somewhere in Africa, do you really think they’d let you know via email? Or if someone has umpteen thousands of dollars stuck in some sort of political shift and need your help with it, again, do you really think they’d contact you via email? Or would they, like, I dunno, go to an embassy?

Thunderbird has this column where if I click in it, the email is marked as Spam and away it goes. That way I don’t have to open the email and then hit delete. If your email program doesn’t have this kind of option, try to right click on the email and select delete from there. Opening an email from someone you don’t know or that you know is spam can cause some mean things to happen to 10 people you know. Okay, just kidding on that last bit.

Here’s some other random email advice:

– When the real PayPal sends out an email, they don’t have any links in it. Sometimes, for a real transaction, they will have a transaction number link, but that’ll be it. Why? Because spammers, crackers, virus, and malware folks love to use PayPal to scam folks. The real PayPal says things like: “go to our site, paypal.com” without using a link. Good for them!
– In connection to the above, if you don’t know if you should trust the email, put your cursor over the link. Don’t click on it, just put the little arrow over it. Now, most email programs will then show you the actual URL of that link in the bottom of the window somewhere. Check to see if the URL is the same. Usually, it’s not.
– If a greeting card website sends you an email message and all it says is “a family member” sent you this card, don’t click the link. Legitimate notices of e-cards will say who it is from and often has a short message from them. If you get an e-card and don’t know who it is from, delete it. So for my friends and family: don’t send me e-cards. Yeah, some of them are cute and cool and excellent examples of the artistic uses of flash player, but, really, spend the freakin’ few cents and send me a real card, okay?
– Just ’cause Oprah says it is good don’t mean it is. And just because an unsolicited email says Oprah says it is good, really really means it isn’t good. Delete that.
– Do you really want to order a prescription medication from someone who can’t spell the name of that medication? I don’t care if it does make your man-part stand at attention for hours on end, if they can’t spell it, don’t buy it!
– Same goes for any other penis oriented emails. Do straight women really want big huge penises on their partners? Frankly, it sounds painful. I get more penis email than I do lottery emails. And I don’t do either one of them!

One more thing and then I’ll let you get back to whatever you were doing. Let’s say you get a really cute email from someone. It has cute pictures of puppies, babies, kittens, and any combination thereof. I admit, I am a sucker for those things, too. You decide to forward it to everyone you know because it is just so freakin’ cute. Fine. But, after hitting forward and before hitting Send, do a few simple things first. Take a look at that email. Now, how far do you have to scroll down before you get to the cute puppy? Even scrolling a pixel or two if too much. All that information space is usually taken up by the email addresses of all the others who also thought it was a dang cute puppy. Forward after forward after forward. You know, if you send it to me, I’m going to embarrass you something awful. ‘Cause I’m gonna hit Reply All and tell everyone you sent it to that I thank you for giving me more email addresses to sell to spammers! Not just the addresses of everyone you sent it to, but aaaallll those other email addresses, too! I’m gonna make a fortune! Seriously, I’d never do that but it is tempting. (I once tried to count them all and stopped counting at about 120 email addresses that was included in a single fwd-ed message) Delete all that gooble-goop at the top of the message. It’ll take but a second or two. Send the cute picture to everyone you know but use Blind Carbon Copy (BCC) instead of To or CC. This means that no one will know who else got the picture but it also means my email address remains with you and not your Cousin Phil, Uncle Ernie, and your college roomie from ’88. Over the years, I have seriously lost two “friends” because I kept hitting Reply All and thanking them for more email addresses to harvest. And, frankly, if the subject line has more than one Fwd in it, I’m not going to bother reading it anyway. So delete those, too. Don’t send me anything about chain letters or online petitions. My name at the bottom of the loooong list won’t mean crap ’cause it has to be a real signature to count in anything legitimate anyway.