Greg In The Desert

Since I’m doing a lot of traveling right now I pay extra attention to airline travel related news. I found this story about the name “Dean Martin” being on the Do Not Fly list.

This situation was found the hard way by the State Treasurer of Arizona Dean Martin. Who thinks it’s politically motivated because he doesn’t get along with the former Governor of Arizona Janet Napolitano. Janet Napolitano now runs Homeland Security who is in charge of the Do Not Fly list.

It seems odd that Homeland Security would put such a common name on their list. Actually the whole concept of the Do Not Fly list is odd.

I get over 150 comment spams a month and I have been using the highly effective akismet anti spam plug-in, which has identified 99% of the incoming spam. I’ve been getting some odd comment spam lately. All the comment has is a link to Google and a link to Yahoo. Perhaps they spammers scripts aren’t configured or they are testing for vulnerabilities. Because of this and site CPU optimization efforts, I thought I would try to keep spammer from even getting the opportunity to make a comment.

The first thing I stared doing was to turn off comments on posts which get the most spam. The “10 Interesting Links” posts are very popular with spammers, I assume due to the keyword density of the posts. There are also some very old posts which get spam comments. I turned off comments for those posts as I see comment spam appear but as soon as I do it seems there’s someone who makes a legitimate comment. With a small site such as mine, I would prefer to encourage comments where ever possible.

I started using the WP-Ban plug-in which allows me to ban IP addresses. This is a tool I wield carefully. I investigate IP addressees that I can see a pattern in the spam comments from. I do a whois check for that IP range and depending on where they IP is from.

I was surprised to find all most all of the comments are from a single network: Ripe Networks of Amsterdam. That doesn’t mean the spam is coming from Amsterdam, the IP itself is for some other country. Germany or Russia or somewhere not in the US. I then add the first two numbers of the IP address and wild card the last two.

In the last month that I’ve added IP addresses to the Ban plugin, It’s blocked about 160 IP addresses, most more than once (one 94 times). The Ban plugin allows me to include a custom message where I clearly state that the IP was banned due to spam and that they can contact me at my email address if it’s a mistake.

Slashdot has a mention of this story on CNet which talks about some “odd traffic” that has been showing up on the internet.

Since mid-May, security researchers and network administrators have tried to track down the source of odd traffic that they have been seeing on their networks. The data frequently attempted to connect to nonexistent servers or to services not offered by existing servers. The only common thread seemed to be that the data packet had a window size of 55,808 bytes and, in many cases, came from a nonexistent Internet address.

Very strange indeed. Is it a new Trojan or Worm? Is it the RIAA’s new tool for attacking P2P file sharing? Or is it a server from the future that is just trying to call home? Only time will tell.