February 01, 2005
spam attack
This weblog was under sustained massive comment spam attack on the weekend. I have had to close down commenting, but this has just pushed the spammers to Trackback. There is now a massive trackback attack under way.Junk for code is a link-spam vulnerable blog. So every form of feedback within this blog has become a target.
The spam problem has intensified in the past couple of weeks, with most of it coming from the US. Australian spammers have gone quiet I've had lots spamming about pills, porn and casinos flowing onto on my free outlet, which is then exploited, to pump up the search engine rankings of particular sites.
Clearly money is being made from selling Viagra, porn, and online poker. A lot on money is being made because the consumer demand is there. So the entrepreneurs and marketers see email and comment spam as bulk advertising. So my incoming email traffic consists of approximately 24% legitimate email and 76% spam.
An interview with a spammer.
These link spammers are using my bandwidth and blog space and they are abusing it by putting their commercial messages there. That should be illegal as it represents an invasion of my property.
Spaming has become a production line activity as this diagram of the architecture of a spam attack shows:
It uses zombie networks with the master computer in the circulatory system located in a safe offshore locations (China?)Zombies are personal computers compromised by viruses (or Trojan Horses) that allow the perpetrator to remotely control the machine and direct the attack, often through a botnet. When the network of Zombies receives instructions from its Master, each individual Zombie begins generating a flood of malicious traffic aimed at a single target/victim machine or network. That is the architecture of a distrubted denial-of-service attack.
The tools to increase the sophistication of these sorts of attacks are being developed by programmers. The next step is to control, or take over the servers, that can be used to launch attacks so that a vast inventory of well-connected Internet reflection servers can be obtained and managed. The end user is vulnerable to this reflection server attack since the heavy packet flow will no longer be discernible, as it will have diffused into neighboring routers rather than following a single path.
The heavy packet flow will no longer be discernible because it will have diffused into neighboring routers rather than following a single path.
Is there a design flaw in the old network technology of the internet?
That last diagram reminds me of 'Knowledge Nation'
Posted by: Guido on February 3, 2005 03:06 PMThe diagrams look quite interesting, and reflect what I've been observing in regards to comment spam on my own blog.
At one point in time early on when I wasn't getting that many comment spam, I investigated recording the IP addresses of the spammers, they actually looped after a certain number.
Using WordPress' builtin spam comment moderation filter, I haven't had any comment spam, including trackback spam actually get past the moderation queue.
Although there are some legitimate comments stuck in there sometimes, it's usually worth the extra trouble doing it this way.
Guido,
I was always fond of knowledge nation. I reckon that Barry Jones was trying to give a network acccount of it. From memory the media and political mockery was about the diagram not the ideas.
Posted by: Gary Sauer-Thompson on February 3, 2005 09:40 PM