News

Hi, this is just a short note about referrer spam and the problem I've had with it and the Visitor Stats plugin by Tom Willet and John Huges, I believe... My site, www.justrage.com gets loads and loads of referrer spam for some obscure reason, and I've always had a hard time doing htaccess magic. So here's what I do and it works for me.

Assuming, of course, you have the Visitor Stats plugin, go to your /plugins/stats directory, open functions.inc and find the following line:

if ($host == 'geeklog.sourceforge.net') {
  $host = 'geeklog.sf.net';
}

And then add the following new line under it:

if (ereg("word", $host)) {
  $host = '';
}
// the '' are single quotes, not a double quote

Change "word" to a specific string in the referring URL you want to block. For instance if you want to block http://something.ne.com you chould change "word" to "something" or "ne" or "com" or even "ne.com". What happens is that the code will simply rub out ALL the referring urls that contain "word" anywhere in it. It will only rub out the URL from the Stats phpblock, though, not the stats pages themselves. Which works fine for me anyway.

Add as many lines under it for as many "words" you need to block.

To my knowledge and experience, SpamX only blocks comment spam, and htaccess is just too complicated for me. So this is what I simply do to resolve my referrer spam issues. Hopefully, in the future someone could update the Stats plugin to include an easy way of doing it from its admin frontend.

Well, we've had spam for porn, pills, and poker - but contact lenses?

Last week, someone actually registered with several Geeklog sites only to post comment spam for contact lenses. I actually thought that was somewhat amusing, but it seems there's more of this coming.

We are now seeing referer spam for a site advertising contact lenses:

Spamvertized site:	contact-lenses-x7 DOT com
Domain registered with:	Names4ever.com
Site hosted at:	72.9.234.170, Global Net Access LLC, Atlanta
Referer spam came from:	63.247.74.90, Global Net Access LLC, Atlanta

It doesn't look like the two incidents are directly related, though. Last week's spam was for:

Spamvertized site:	lens DOT excellentoffers DOT info
Domain registered with:	DirectNIC
Site hosted at:	216.195.42.217, APS Telecom

I don't have the IP address of that spammer any more, but it belonged to an ISP in Hong Kong.

The excellentoffers site is apparently registered to some Alex Antuacesko in Romania, while contact-lenses-x7 is registered to some Marlon Santos in Seattle, WA. Both addresses may be fake, of course, but at least the Seattle address looks legit.

Anyway, it can't hurt to add both domain names to your Personal Blacklist. And throw in a few key phrases like "contact lens" (so that it also matches "contact lenses"), too, while you're at it.

Comment spam is a huge problem for a lot of sites these days. And since geeklog.net gets its share of comment spam, we thought we'd give you some information about the spam that hits geeklog.net so that you can use this to protect your own site.

The most persistent wave of spam that's been hitting us for months now comes from two brothers, nicknamed The Bulgarians.

Have you been getting waves of comment spam for poker / casino sites, alternating with spam for pills / drugs, and finance / mortgage sites? Then you're most likely on the Bulgarian's list.

Ann Elisabeth Nordbo has collected some background information on these two. An interesting read (and I highly recommend her other site, Spam Huntress, which is dedicated to fighting comment spam).

Fortunately, there is a very effective method to block these particular spammers. If your webhost lets you edit your own .htaccess file, see Cindy's spampop for the recipe. Cindy also used to keep a list of all the domains that the Bulgarians have registered (over 2500), but had to take it down due to heavy traffic. Ann Elisabeth is now keeping track of the recently used domains.

If you can't create your own .htaccess file, then you should feed your personal blacklist (in Geeklog's Spam-X plugin) with a few typical phrases and keywords from the comment spam you may see. We will also be releasing an update to the Spam-X plugin soon that will include a filter module that lets you apply the "spampop" method from within Geeklog.