Trejkaz, have you ever heard the saying “It’s better to keep quiet
and have people suspect you’re a fool, than to open your mouth and
have it confirmed”? It’s a brilliant quotation. One of those that
really helps in life.
That’s harsh eh? But I can’t believe how ridiculous you’re being.
On 14 May 2006, at 23:25, Trejkaz wrote:
… On the other hand if you’ve worked for a spammer, then fine, you
have more authority in this respect.
So you’re suggesting I’ve worked for a spammer because I know what
I’m talking about? A public accusation no less. That’s libel
sunshine. Would you like me to point you to news stories where
people have been sued for that? Don’t worry I’m not litigous, I
think you’re stupid, but not so stupid that you’d ever repeat
anything like that ever again without being able to back it up.
You’re not in the playground now so be careful what you say … but
let’s descend to that level eh? Let’s pretend it’s the 80’s again
and it’s usenet. Using that same flawed logic - because I know how
to attack a server that makes me a hacker or someone who’s worked for
one?
It didn’t cross your mind that to know how to prevent spam, or how to
secure a server you need to know how it’s served and how they are
attacked? It has nothing to do with the years I’ve spent tracking,
understanding and reporting spammers? You visited my site and
checked out all my ‘spamcombat’ posts eh? It’s got nothing to do
with the fact that I need to know how to secure systems so I need to
know how they can be hacked? All the experience I have working on
security projects count for nought? It’s got nothing to do with the
fact that I started off as a programmer and network engineer light
years ago when we still hand dialed BBS and waited for the tone …
and that, in that time, I’ve might have picked up a nugget of
knowledge or two?
Are you kicking yourself now? Are you thinking “Doh! I didn’t think
of that, the fella has a point?” Are you feeling ridiculous? Or
should I just take it that you were being petulant because your ego
was hurt? Are you feeling as smug as when you sent that email? In
real life this is where you’d try and salvage as much dignity as
possible and leave the room … I know I would. It’s the 'Please let
the ground open up" scenario. But in the same way people feel safe
enough in front of their PC’s to spout drivel … you get to read the
rest.
strategy firewalls use which detect scans against one port and
up after
trying WordPress.
If I hadn’t mentioned wp-comments then it wouldn’t have been up for
discussion. You’d only know it was there if you looked in server
logs … but by the way feel free to explain how you have a different
picture from your logs. Especially the entries where spammers are
trying multiple URLs to find how to comment … because seeing
something like that would really be one for the wall. Some of my
friends and myself would marvel at that. I’m being serious.
Your firewall analogy is comparing two entirely different things and
stinks of something just thrown together from buzzwords:
This is basically the same
strategy firewalls use which detect scans against one port
and then
use that logic to block other ports.
That makes no sense whatsoever. Explain which firewall actively
creates logic for port scanning as compared to all those that just
log it and ignore it? Pretty resource intensive firewall you must
have there. Port scanning hits - both the legitimate and dodgy kind
- happen every couple of minutes on the net. Anybody running
Zonealarm (or any firewall really) just needs to turn on notification
of everything to see how often it happens. Firewalls just passively
log it and log it. There’s no need for logic.
Of course it’s a different matter with incoming traffic … that
needs rules. Did you mean that instead of port scanning? I’d say
it’s always easy to confuse the two … but I’d be telling lies.
- If we add them to a global blacklist, then we even help
people who
are running WordPress.
What? Grasping at straws now eh? Have to try and find a legitimate
point for your argument? We’re starting a blog ‘Better Neighbour’
programme now? How the hell do we help them? Because let me tell
you the spam protection for Wordpress is light years ahead of
anything Typo has.
Maybe we should gather all IP’s that hit our Typo sites in a dodgy
way and pass them on to the guys behind Spam Karma? But wait, that
would be really dumb and ineffective and you end up with large blocks
of IP’s blacklisted. All those open proxies that serve a legitimate
service? … to hell with them they’re blocked because - surprise -
spammers use them too. So when I use a dial up connection or a wifi
connection that a spammer has used I can’t access my site because
it’s a blacklisted IP? Or are you going to explain how else you
blacklist? Because there’s only three bits of info you can use and
the only one that’s guaranteed to be there is the IP. Internet
cafes, libraries, schools, colleges, universities - all blocked
because at most of them some little scrote has had a go at spamming.
For anybody else wanting to learn something you should only block
by IP when you’re getting a huge wave of traffic from a specific IP
or range that’s making your server unstable (DoS or DDoS). In the
long term IP blocking is senseless unless you know the specific
target of the block will stay at that IP … and spammers certainly
don’t. If you block by IP always review it at a later date. I only
have about five IP blocks … all specific companies that I’ve banned
from the site. This is why we use baysien filtering and regex to
combat spam of every kind.
When I suggested that this might be a good idea due to #1, you
basically said
“no it wouldn’t”, which is equivalent to saying that spammers give
up after
trying WordPress.
Ah now you have me there. You see it’s hard to carry on a discussion
when the other person guesses what I mean. Silly me I went and WROTE
what I meant. You’d be better off quoting me Trejkaz … the beauty
of discussion lists that. Even if you deleted the mail look it up in
the archive. I’d actually replied to Mortens post that blacklisting
wouldn’t be a good idea IMO. He first suggested it, a very good and
legitimate point as well. Just to refresh you:
On 13 May 2006, at 20:41, Gary S. wrote:
never know anybody was trying to comment spam your Typo site from
wp-comments unless you look in your logs. So there’s no real
reason to worry about it.
Then you’d jumped on the bandwagon in direct response to that,
completely missing the point I’d made:
On 14 May 2006, at 01:59, Trejkaz wrote:
Not really. The spammer will hit multiple URLs until they find the
one that
works for the blog. If someone hits wp-comments.php, then instantly
blacklisting them would prevent their comment working later on,
when the bot
does use the correct URL.
And what I said wasn’t quite “No it wouldn’t” but more along the
lines of
On 14 May 2006, at 11:10, Gary S. wrote:
They do not hit multiple URLs, for most blogs they only need to try
four. There’s no point anyway because there are enough blog
spamming apps out there that come pre populated with thousands of
blogs and the attack vector that’s needed for each one. If they
want to gather any more they just use spiders. If somebody needs
to update an app to include Typo blogs they only need download the
source to discover the vector needed.
Oh and I also told you it was utter rubbish and to stop guessing at
what happens. So was that where you decided I must work/have worked
for a spammer? Was that where your ego went “Ouch”?
I’m having difficulty getting where I (or anyone else for that
matter) said that spammers give up after trying wordpress, I know
you’re saying I didn’t say it LITERALLY - but even the suggestion is
hard to see. But maybe it was my fault because I should have just
replied highlighting the key elements of
“Anybody trying to attack through the wp-comments vector is always
going to fail … You’d never know anybody was trying to comment
spam your Typo site from wp-comments unless you look in your logs.
So there’s no real reason to worry about it.”
But I didn’t see it as that confusing for people when I wrote it you
see. It seemed REALLY clear.
That’s it from me Trejkaz - I’m done with you on this subject.
There’s nothing new being shared here. If it’s sensible and
intelligent then fair enough, but what you’ve written so far has been
guesses and conjecture based on not a lot. Everybody else has had
legitimate suggestions and questions. You just brought your ego and
nothing else to back you up, coupled with an inability to accept you
might not know as much as you think. Restraint is a great virtue …
something I haven’t demonstrated here but it might make you think
twice before you post.
So are you still feeling secure and smug sat at your PC? Or are you
realising now that you’re dealing with real people here? I also
strongly suggest you don’t make baseless accusations about people
in a public forum. Think about your response - 'm sure you’ll have
one. Bear in mind if it’s to me that I’ll use this to judge it:
[If you’re adding nothing new or you can’t back it up, I’m not
interested]
Cos I’ll just cut and paste that.
</ incredulous rant>
You’re an active member of the discussion list Trejkaz. That adds
value. Just don’t be an ejit.