New book on WordPress Theme Development: WordPress Themes In Depth
spam
Tag Archive

How to Block IP Addresses with PHP

Figuratively speaking, hunting down and killing spammers, scrapers, and other online scum remains one of our favorite pursuits. Once we have determined that a particular IP address is worthy of banishment, we generally invoke the magical powers of htaccess to lock the gates. When htaccess is not available, we may summon the versatile functionality of PHP to get the job done. This method is relatively straightforward. Simply edit, copy and paste the following code example into the top of any PHP for which you wish to block access: Read more »

Ultimate htaccess Blacklist

For those of us running Apache, htaccess rewrite rules provide an excellent way to block spammers, scrapers, and other scumbags easily and effectively. While there are many htaccess tricks involving blocking domains, preventing access, and redirecting traffic, Apache’s mod_rewrite module enables us to target bad agents by testing the user-agent string against a predefined blacklist of unwanted visitors. Any matches are immediately and quietly denied access. There are many ways to obtain an effective htaccess blacklist. There are several excellent forums around the web that provide a plethora of priceless htaccess advice. Highly suggested. Additionally, after copying and pasting your […] Read more »

Take Good Care of the Puppy

Of all the bizarre, nonsensical, and pointless spam we have received so far this year, this one takes the cake. It was delivered to our designated spam account earlier this month as a plain-text email, which opens with an explanation. Apparently, "Bob Diamond" is "an Hiring Manager" looking to advertise a couple of important items. The first ad seems remotely realistic, but the second ad.. it’s like, "teddy bear features" out of nowhere — you can’t be serious. Also worth mentioning, the triple signature effect — Bob signs his name not once or twice, but three times. Check it out.. Read more »

Invite Only: Visitor Exclusivity via the Opt-In Method

Web developers trying to control comment-spam, bandwidth-theft, and content-scraping must choose between two fundamentally different approaches: selectively deny target offenders (the "blacklist" method) or selectively allow desirable agents (the "opt-in", or "whitelist" method). Currently popular according to various online forums and discussion boards is the blacklist method. The blacklist method requires the webmaster to create and maintain a working list of undesirable agents, usually blocking their access via htaccess or php. The downside of "blacklisting" is that it requires considerable effort to stay current with the exponential number of ever-evolving threats, which require exceedingly long lists for an effective response. […] Read more »

Industrial-Strength Spamless Email Links

In our previous article on creating spamless email links via JavaScript, the presented method, although relatively simple to implement, is not the most effective solution available. Spambots, email harvesters, and other online scumbags relentlessly advance their scanning technology, perpetually rendering obsolete yesterday’s methods. In the case of spamless email links created client-side via JavaScript, many spambots now are able to decipher certain email addresses hidden within the JavaScript code itself. Spambots scan JavaScript for keywords such as "email" or "mail", or even character strings containing ".com" or the "@" symbol. Spambots collect and decipher such data and return the favor […] Read more »

Disobedient Robots and Company

In our never-ending battle against spammers, leeches, scrapers, and other online undesirables, we have implemented several powerful security measures to improve the operational integrity of our perpetual virtual existence. Here is a rundown of the new behind-the-scenes security features of Perishable Press: Automated spambot trap, designed to identify bots (and/or stupid people) that disobey rules specified in the site’s robots.txt file. Automated disobedient-robot identification (via reverse IP lookup), admin-notification (via email) and blacklist inclusion (via htaccess). Automated inclusion of disobedient robot identification on our now public "Disobedient Robots" page. Imroved htaccess rules, designed to eliminate scum-sucking worms and other useless […] Read more »

Block Spam by Denying Access to No-Referrer Requests

What we have here is an excellent method for preventing a great deal of blog spam. With a few strategic lines placed in your htaccess file, you can prevent spambots from dropping spam bombs by denying access to all requests that do not originate from your domain. How does it work? Well, when a legitimate user (i.e., not a robot, etc.) decides to leave a comment on your blog, they have (hopefully) read the article for which they wish to leave a comment, and have subsequently loaded your blog’s comment template (e.g., comments.php), which is most likely located within the […] Read more »

Spamless Email Address via JavaScript

Let’s face it, spam sucks. Give spammers the figurative finger by using this nifty bit of JavaScript to hide your email address from the harvesters. Here is an easy “copy-&-paste” snippet for including a spam-proof email address in your web pages. Although there are a million ways of doing this, I am posting this for the record (and because I just can’t stand deleting usable code). This technique uses JavaScript, and therefore is not 100% ideal for all users. My advice would be to include a <noscript> element that contains an image of your email address. That way, users without […] Read more »

Phish Phight

I love reading these things.. Your online credit card account has high-risk activity status. We are contacting you to remind you that on March. 13, 2006 our Account Review Team identified some unusual activity in your account. In accordance with Chase Bank’s User Agreement and to ensure that your account has not been compromised, access to your account was limited. Your account access will remain limited until this issue has been resolved. We encourage you to log in and perform the steps necessary to restore your account access as soon as possible. Allowing your account access to remain limited for […] Read more »

Phish or Die

Ahh, the joys of stealing from people… Dear Customer Of The WellsFargo Internet Banking ? We Have Noticed That Your Wells Fargo Online Bank Account Needs To Be Updated, because we have made a new updates on our online banking service and we lost some information of our customer online banking accounts, we are sorry for that but you should update your Wells Fargo online bank account. To verify your online account and access your bank account, to be able to send and recive money online. please click on the link below to continue : simply sign on from Account […] Read more »

Pathetic Phishing Attempt

For a good laugh, consider the following email message: Subject: Attention! Several VISA Credit Card bases have been LOST! Good afternoon, unfortunately some processings have been cracked by hackers, so a new secure code to protect your data has been introduced by visa. You should check your card balance and in case of suspicious transactions immediately contact your card issuing bank. If all transactions are alright, it doesn’t mean the card is not lost and cannot be used. Probably, your card issuers have not updated information yet. That is why we strongly recommend you to visit our web-site and update […] Read more »

Latest Tweets New PDF Demo of WordPress Themes In Depth: wp-tao.com/WordPress-Themes-In…