• Of 11,000 suspected spam domains registered through them, NONE were taken down in a 6 month period.

• Approximately 100 new spam sites per day being registered.

• A “significant” number of those domain registrations have apparent bogus contact information

What makes matters worse is that there appears to be some interesting langauge in the ICANN agreement that registrars are supposed to comply with:

“Registrar shall, upon notification by any person of an inaccuracy in the contact information associated with a Registered Name sponsored by Registrar, take reasonable steps to investigate that claimed inaccuracy. In the event Registrar learns of inaccurate contact information associated with a Registered Name it sponsors, it shall take reasonable steps to correct that inaccuracy.”

Reasonable steps? A little vague don’t you think? It will be interesting to see if ICANN does something here. Why does the prhase “Stop or I’ll yell Stop again!!!” come to my mind here?

–Chris

Technorati Tags: ICANN, Spammer, Xinnet

Apparently the spammers must have not got the traction with PDF spam they had hoped. It is possible that the countermeasures are working well for PDF spam. I saw a post recently talking about a Spam Assassin solution that works with OCR (Optical Character Recognition) technology to read PDF’s and score them as a normal text email.

There must still be money out there for the spammers to make.

–Chris

Technorati Tags: spam, fdf, pdf

I just looked and I have blocked over 20,000 pieces of spam on my blog thanks to Akismet. I wish my email spam solution worked as well as Akismet does on my blog, but that’s a different discussion. The rate of spam has actually gone down for me by over 700% in the last 90 days. Why, you ask? Simple, I blocked an entire Class C network range from Russia. When I originally was trying to decide whether or not to block the entire Class C I looked through the logs carefully. What I found that this kind of activity was coming from 5 or 6 IP’s consistently but pretty much the entire Class C network was involved. It’s amazing how much comment and trackback spam this range was responsible for. This move has made my life so much simpler, blog wise.

Going through my server logs today I noticed something new these spammers are trying. Ok, it’s new to me anyway. I saw this entry from my friends in Russia:

81.95.144.68 - - [03/Feb/2007:10:07:38 -0700] “POST /security/2006/08/how-many-devices-reporting-to-your-sim-sem/trackback/ HTTP/1.1″ 403 370 “-” “Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)”

Intersting…apparently Google has one of their bots coming from a Russian IP…..probably not. As this next entry shows:

81.95.144.66 - - [03/Feb/2007:10:11:48 -0700] “POST /administrative/2006/07/tonights-podcast-may-be-late/trackback/ HTTP/1.1″ 403 359 “-” “Mozilla/5.0 (compatible; Yahoo! Slurp; help.yahoo.com/help/us/ysearch/slurp)”

Wow….Yahoo has a bot in the same Russian IP range as well. Nice try. Apparently the spammers have figured out that some web servers treat HTTP requests that look like SEO bots differently than they do regular HTTP requests. By changing the HTTP referrer to make it look like an SEO bot (from Yahoo, Google, etc.) they can evade some filtering techniques. I did some checking and these IP’s show up in various “naughty” lists and 100% of their HTTP requests are looking for URL’s that have /trackback in it.

–Chris

Technorati Tags: Spam, trackback, SEO bots, Akismet, comment, Information Security