Apoligies for the scamming b*stards using my site

software development

#1

Hi all,

I’ve noticed a few scam emails floating around which contain short urls generated on one of my websites.

Naturally, i’ve not been involved in any of this, but apologies if you received any of the emails with ZipURL shortened links in them.

I’ve looked at the url submission logs, and there’s a handful of scam/spam associated ones, all of which were added manually by the looks of it.

I immediately banned the short urls that were submitted for spam, and have blocked the 255.255.255.0 netmask of the IP addresses used (they were all in the final octet, so i’ve banned the entire range). The IPs resolve to Philippines, and it’s the first even traffic i’ve had in 10 years of development from Philippines, so i think it’s safe to block those 255 addresses.

Are there any other measures you think i should take other than manual screening, IP blocking, and url domain blocking?

Bear in mind these have been added manually, so a captcha interface wouldn’t help me, although i am going to set one up to cover more exploit avenues.

I’ve looked at TinyURL, SnipURL, etc, and they all have these spam links and have not done anything to disable them on their side… are they not interested in removing their affiliation with spam, or am I just overly protective??

Cheers,
Karl

web design, development & seo by DigitalVibe


#2

Yeah, I think most are ‘set and forget’ sites.

Good job forbidding spammers the use of your service, although like you said it’s going to be tough if there’s real people actively submitting their spam links via your forms, CAPTCHA or not. As far as IP blocking is concerned, you might find some relevant ranges by looking thru the bluetack, safepeer, and peer guardian “spammer” lists.


#3

Great advice, thanks. I’ll get onto it :slight_smile: .

I think as regards keeping on top of it, it’s a matter of looking for any abnormal visitor trends, and just blocking any IP ranges that crop up as suspect.

I’ve added a “ban” flag to each entry in the database, so the records will always exist incase of any legal proceedings, and of course for my own analysis should the need arise.

Cheers,
Karl

web design, development & seo by DigitalVibe