Gossamer Forum
Home : Products : Links 2.0 : Discussions :

German spammers?

(Page 2 of 3)
> > > >
Quote Reply
Re: German spammers? In reply to
The best way to get rid of all spammers is to install the "add-confirm" mod. Before I installed it I often had 50 (multiple) spam submissions per day. After it ZERO spam!


René Hasekamp
Find my Portal (Links 2.0) on
http://www.hasekamp.net/links/pages/
Quote Reply
Re: German spammers? In reply to
How would a confirm solve things? My messages are about 90% PURE trash!(sites that don't contain meaningful content, or are X rated, etc..., but have SOMETHING reasonable) Out of the remaining 10% about 2% are TAUNTS!(one day telling me that spams come from a site(where the authors email domain is an alias for that site), another day giving a bad phone number to call, and ANOTHER pointing to a bad URL on this site!)! About 3% are TOTAL garbage(like having fields with jdkdjdk in them). About 5% seem reasonable. OH YEAH. Duplicates are consistant, and obviously intentional. I was thinking about recording IP, PORT, TIME, attempting to filter input from that computer(via a cookie), and checking for duplicate submissions. Sadly, I've got ENOUGH to do right now!

Quote Reply
Re: German spammers? In reply to
Ich Auch! (er I would ALSO like in!) If I was CERTAIN of the origin, I would ALREADY have spammed a threat to their search engine! I wouldn't make them simple duplicates either!

Quote Reply
Re: German spammers? In reply to
I don't want to hurt HONEST submissions though. If I DID get listed in a submission program, and people were DECENT, that would be FANTASTIC. My dream was to have a GOOD site with GOOD and valid links. Heck, about 2% of the links go bad each month, and that is ENOUGH trouble for me in this venture.

Quote Reply
Re: German spammers? In reply to
Well, you walk a tightrope when you run such a directory. HECK, I run a domain registration site, and a LOT of design problems could have been solved by a user based registration system. Alas, that would complicate the original purchase, and I could likely lose customers.

I just added:

if ($ENV{'HTTP_REFERER'}=~m/searchup.de/i) {
print "Content-type: text/plain\n\nJERK! GET LOST!!!!";
exit;
}

Granted, it only works in this one case(I'll add a more flexible method later), and STILL doesn't get rid of duplicate entries.(I'll add that later), but it apparantly works HERE! I don't want to limit everyone else.

Quote Reply
Re: German spammers? In reply to
They are so stupid, that they probably just used simple submit, with a few minor changes. If they were smarter, they would exclude bad sites, and only submit ONCE!

Quote Reply
Re: German spammers? In reply to
Good idea, but I hope you are deriving the email address from the referrer. If you just use the entered address, they could have YOUR system spam someone else.

Quote Reply
Re: German spammers? In reply to
OK, Maybe we are talking about slightly different things. Robots can not pass the add-confirm. They just add. When I look at my server log, I still get every day 30-70 hits for add.cgi. These are the robots. But there are no (or just a few) records to validate. Conclusion: Robots are not humans, they do not wait for the confirm screen and hit <enter> again, they have fulfilled their task when they have added their SPAM to add.cgi.
Another useful mod is the one (forgot the name now) that gives an error when a site is already in the database or in validate.db. But I have noticed that that one does not work against robots.
Only after I has installed add-confoirm, my quiet life came back.
To give some figures: I now have around 450 serious links (maybe some were entered by robots anyway) but my ID for the next link is near 900. So I had to remove around 450 SPAM links by hand. It drove me mad! Now I only get serious suggestions, that can in most cases be accepted.

René Hasekamp
Find my Portal (Links 2.0) on
http://www.hasekamp.net/links/pages/
Quote Reply
Re: German spammers? In reply to
In Reply To:
So I had to remove around 450 SPAM links by hand.
You could've simply opened your links.db file via a text editor and deleted all the bad links and then reset the linksid.txt file to store the last record number in your links.db file rather than using excessive CPU in your server by using admin.cgi to delete the links.

Regards,

Eliot Lee

Quote Reply
Re: German spammers? In reply to
www.net-soft.de and www.searchup.de are hosted by Schlund & Partner (German Provider). All spammed webmaster should send a email to hostmaster@schlund.de:

==========================================================
TO: hostmaster@schlund.de

SUBJECT: Schlund & Partner hostet Spammer

Sehr geehrte Damen und Herren,

Sie hosten unter den Domain-Namen:

www.net-soft.de und
www.searchup.de

einen 'Suchmaschinen-Eintragdienst',
der automatisiert und unautorisiert weltweit
Linkseiten auf Homepages anspringt. Trotz
vielfacher Anmahnung auf Unterlassung werden die
Eintragdaten dieses kommerziellen Dienstes nicht
korrigiert.

Besitzer des Domainnamens ist:

person: Dirk Jaeger
address: Neckarstrasse 71
address: 76199 Karlsruhe
address: DE
e-mail: dirkhunter@aol.com
nic-hdl: DJ511-RIPE
changed: lastchange@denic.de 20000321
source: DENIC

Unsere/meine Domain >>>your-domain<<< wird
von Ihrem Kunden widerrechtlich gelinkt. Ich /
Wir fordern Sie als Provider hiermit auf, dem
ungesetzlichen Handeln Ihres Kunden die technischen
Moeglichkeiten zu entziehen. Wir raeumen Ihnen eine
Reaktionszeit von 48 Stunden ein und behalten uns
ggf. rechtliche Schritte gegen Schlund &
Partner vor.

Mit freundlichen Gruessen

>>>yourname<<<
==========================================================







Quote Reply
Re: German spammers? In reply to
Thanks for the tip. Anyway, I am free from those robots now!


René Hasekamp
Find my Portal (Links 2.0) on
http://www.hasekamp.net/links/pages/
Quote Reply
Re: German spammers? In reply to
You're right about that. Originally, I didn't know that THAT was what was happening. What moron leaves such a bug in a program when he goes full bore like this? I figured it COULDN'T be a "robot".

Quote Reply
Re: German spammers? In reply to
I ALREADY had a condition where the counter got messed up(and yes, the lock IS enabled). editing the validate.db file by hand is dangerous. As for deletion? I am trying to replace them with good links instead. Each link can take me several minutes. BTW, I am ALSO rechecking every other link. I don't want to be another Yahoo, etc...

Quote Reply
Re: German spammers? In reply to
The person there is a jerk. I updated my site, and then(as a test), sent a post from their site that said "IF you are being spammed, check out...". Then I did a stupid thing. I sent a letter, which probably had the same IP address, asking him to stop spamming me.

He accused me of doing a criminal act, and said his company is 100% above board, etc... He even threatened to sue me(claiming he has started). He even said my response should be in German or he would charge to translate it!

Hopefully, he is like a praying mantis that I saw as a kid. My bikes tire was near it(and I was going to get out of its way, as it could have gotten out of mine), and it took an aggressive position! Frankly, I had more respect for that praying mantis!

Quote Reply
Re: German spammers? In reply to
I am off his list now. I wrote to him and told him to remove m site immediatly and he did it. So taths not fine for me but it's closed for that time.

Mike

Quote Reply
Re: German spammers? In reply to
I utilized .htaccess to deny them access to my site. I also renamed the add.cgi script, just in case. I've written them two emails in the past and they never removed my site, so I had to take evasive actions.

I had previously used the "valid referer" option in the links setup, but it appears they managed to blank out their referer, either that or my site stopped reporting it.

One other thing I did is if someone who isn't on the valid referer list manages to auto-submit, I blanked out their submission information. At the very least they'll have to type it in again and this might be enough to get them to rethink whether they want to bother.

Quote Reply
Where can I find the add-confirm mod? In reply to
My search engine keeps getting spammed by bot submissions and I need it to stop! Where can I get a copy of the add-confirm mod? It used to be available at the following URL:

http://www.asan.com/users/phoenix/addconfirm.zip

But it is not there anymore. Is this the same mod that will stop the bot submissions?

Rob Bartlett
AAA Internet Publishing, Inc.
http://www.AAAInternet.com
Quote Reply
Re: Where can I find the add-confirm mod? In reply to
Hello,
I have found it in the thread "German Spammers" of this forum. The author was "nodeception". Hope you will be able to find it! I only printed it from the forum.

I also used a mod that I found on http://204.180.41.204/links2mod1.htm
Hope that one is still there! It prevents double enties in either links.db or validate.db.

And I used a mod to block certain URL's or domains, which is at http://lookhard.hypermart.net/links/links-mods/blockurls.html

I hope and believe I made no typing errors.
Installation of these mods is a bit confusing, but I am free from spammers at this moment!

Rene Hasekamp


René Hasekamp
Find my Portal (Links 2.0) on
http://www.hasekamp.net/links/pages/
Quote Reply
Re: Where can I find the add-confirm mod? In reply to
Thanks, I think I found the changes that will help. Guess I will have to wait and see...

Rob Bartlett
AAA Internet Publishing, Inc.
http://www.AAAInternet.com
Quote Reply
Re: German spammers? In reply to
I did everthing suggested here:

1)In ADD.CGI, under the sub process_form,

replace:
# Check the referer.
if (@db_referers and $ENV{'HTTP_REFERER'}) {

with:
# Check the referrer.
if (@db_referers) {

2) In LINKS.CFG at the Referers area
Add your domain, with single quotes as shown below. This will tell links2.0 to only accept submissions from your domain, ie. the add.cgi at your site:

# Referers -- which hosts are allowed to add to your database.
@db_referers = ('ezfriend.com','www.ezfriend.com','64.176.68.173');


And I am STILL getting bloody spam from the Germans, what a pain in the ass...

This time it all came from urbia.com. Is there any other way to stop this? Excluding certain domains won't really work since they appear to be coming from different domains all the time, not to mention that there is no trace back to any domain, other than through the form input. Here is a sample submission e-mail, aaaclipart.com [209.50.251.115] is the name of the server that the search engine is on:

Return-Path: <nobody@aaaclipart.com>
Received: (from robbartlett@localhost)
by bohrium.baremetal.com (8.9.1a/8.9.3) id GAA00293
for robbartlett@aaainternet.baremetal.com; Wed, 17 Jan 2001 06:10:09 -0800
Received: from aaaclipart.com (aaaclipart.com [209.50.251.115] (may be forged))
by bohrium.baremetal.com (8.9.1a/8.9.3) with ESMTP id GAA00289
for <rob@aaainternet.com>; Wed, 17 Jan 2001 06:10:08 -0800
Received: by aaaclipart.com (8.9.0/8.9.0) id EAA21261;
Wed, 17 Jan 2001 04:46:48 -0500 (EST)
Date: Wed, 17 Jan 2001 04:46:48 -0500 (EST)
Message-Id: <200101170946.EAA21261@aaaclipart.com>
To: rob@aaainternet.com
From: Rolf.Oppermann@urbia.com
X-Mailer: Mailer::1.0 (http://www.gossamer-threads.com/scripts/)
Subject: AAADesignList New Link: Flugzeuge, flugzeuge, flugzeug, Flugzeug, FLUGZEUGE
X-Envelope-To: robbartlett@aaainternet.baremetal.com
X-UIDL: 0d94197a085bba8c97d5b224d4fbb58d



The following link is awaiting validation:

Title: Flugzeuge, flugzeuge, flugzeug, Flugzeug, FLUGZEUGE
URL: http://schwanger.urbia.de/optimizeSearch/Flugzeuge.htm
Category: US Commercial
Description: Flugzeuge, flugzeuge, Urbia das grosse europäische Eltern Portal optimizeSearch Flugzeuge
Contact Name: Rolf Oppermann
Contact Email: Rolf.Oppermann@urbia.com

Remote Host:
Referer: http://www.aaadesignlist.com/


Do these same problems happen with Links SQL?


Rob Bartlett
AAA Internet Publishing, Inc.
http://www.AAAInternet.com
Quote Reply
Re: German spammers? In reply to
In Reply To:
Do these same problems happen with Links SQL?
Nope...based on the login process that is integrated into LINKS SQL...users are forced to login to add sites, and the login info is stored in a separate table than the LINKS table.

There are still ways to add duplicate records in LINKS SQL, but not spamming.


Regards,

Eliot Lee
Quote Reply
Low Tech German Spammer Solution In reply to
This german JERK has been a pain in my butt for the better part of a year now and despite my requests that he remove my site from his robot submission engine, he refuses. (MOST RUDELY I MUST ADMIT)

With that in mind I created a simple work around that easily keeps him off my site and doesn't create any extra steps for my users.

I changed all links to 'add.cgi' in my links templates to adsite.html. This is an html form that I created specifically for site submissions. This means that my submission page is static rather than dynamically created by the add.cgi script. Which is really no big deal.

This HTML form posts to what was formally called 'add.cgi'.

I changed the name of the script to submit.cgi. The script works the same way no matter what you call it. Every time I start getting submissions from Germany with no referrer site listed, I change the name of the script and point my html form to the newly named script.

Changing the name of the script and the 1 line of html code only takes 20 seconds and doesn't create any extra steps for people submitting to my site as some of the other mods and work arounds.

The way I look at it, if that Kraut wants to keep changing his code so that his users can submit to my site then let him knock himself out. I'll just keep changing the name of the script.

BTW, since implementing this work around in late November of 2000, I've only had to change the name of the script once.

You can check out my handy work at http://www.rightbot.com

Quote Reply
Re: German spammers? - Final Solution In reply to
I just ran into this problem. I run a small site dedicated to victoms of Spiritual Abuse and Bible Apologetics. So imagine my surprise this morning when I got submissions from about 10 German Porn Sites !-)

So, after reading all of your messages, I decided to implement the following changes.

First too links.cfg
# Referers -- which hosts are allowed to add to your database.

@db_referers = ('montrosebaptist.org','www.montrosebaptist.org','63.249.233.119');
# 6feb01 -- ban certain referrers
@db_ban = ('net-soft.ne','net-soft.de','195.20.225.110','searchup.de','dj-ufk.de','webnaut.ne','webnaut.de');

Now to add.cgi:
# Check the referer.
# 6feb01
# if (@db_referers and $ENV{'HTTP_REFERER'}) {
if (@db_referers) {
$found = 0;
foreach (@db_referers) {
$ENV{'HTTP_REFERER'} =~ /$_/i and $found++ and last;
}

if (!$found) {

# ----- 6feb01 ------------------
my($warref) = $ENV{'REMOTE_ADDR'};
my($warnung) = qq~<BR><BR><FONT COLOR="RED">Actung ! Nehmen Sie "$in{'Title'}" ($in{'URL'}) unverzüglich von der Liste. Sollten nach einer Reaktionszeit von 2 Tagen immer noch Seitenanmeldungen von <$warref> eintreffen, sind wir gezwungen rechtliche Schritte gegen Sie vorzunehmen.</FONT>~;
if (@db_ban) {
foreach (@db_ban) {
if($ENV{'HTTP_REFERER'} =~ /$_/i || $warref =~ /$_/i ) {
print "Content-type: text/html\n\n<H1>$warnung</H1>";
exit;
}
}
}
# --------------------------------

print "Content-type: text/html\n\n";
print qq~<P>
<H1 align="centered">Auto Submissions are NOT allowed.</H1>
<FONT COLOR="BLUE"><BR>Before you submit your url, please be aware that we are <B>ONLY</B> interested in sites that deal with Spiritual Abuse and Biblical Authority. This is NOT a generic search engine/site. If you are not sure whether or not qualifies, then we suggest you visit the
<A HREF="http://www.montrosebaptist.org">rest of our site <B>(montrosebaptist.org)</B></A> before making an entry.<BR><BR>
Warning! Continued attempts at auto submit $in{'URL'} will compel us to take all legal remedies available to us to make you stop.</FONT>
</P>
<P><FONT COLOR="RED">Wir drucken nicht kommerzielle websites aus. Wir drucken nicht generische Suchmaschinen aus. Kennzeichnen sollen, muß Ihre Site über Mißbrauch des Geistes. Oder Ihre Site muß über die Studie der Bibel sein. Alle weiteren Unterordnungen werden zurückgewiesen.</FONT>
$warnung
</P>
<P><FONT SIZE="-2" COLOR="SILVER">
Your submission from $ENV{'HTTP_REFERER'} ($warref) has been logged for legal/auditing purposes.
</FONT>
</P>
~;
exit;
# &site_html_add_failure ("Auto submission is not allowed in this directory. Please visit the site to add your entry.".$warnung);
# return;
}
}

Yes, it's a bit of a kludge, but it works !


Quote Reply
Re: German spammers? - Final Solution In reply to
Looks nice, you should just improve the German translation! Wink

Thomas
http://www.japanreference.com
Quote Reply
Re: German spammers? - Final Solution In reply to
And these "changes" have already been posted in this Thread and in other Threads in the support forums...not a real need to re-post the codes, IMHO. Wink

Regards,

Eliot Lee
> > > >