One of the great features that we added was a comment page so that citizens could leave feedback about how we are doing. We get tons of feedback on a large variety of topics, ranging from the web site to the ban on pets in our city parks.
As a security measure, we track the IP address, reverse DNS lookup, time and date of each piece of feedback. We also use Server.HtmlEncode() when displaying the feedback on our Intranet site and when forwarding the feedback to prevent malicious code from being introduced to our custom-written CMS.
Anyway, on Sunday, we got our first piece of comment spam. (The new site has been up since mid-December, so going eight months without comment spam can be considered a good thing.) They were advertising various drugs for allergies and impotence.
First thing I did was notice that the CMS was reporting:
(From 65.7.182.245 : adsl-065-007-182-245.sip.bct.bellsouth.net)
Now, I'm in Utah, not in Florida...so this wasn't a local guy.
Then, I checked the server logs. They showed that the user didn't browse to the page. It was either keyed in directly (unlikely), purchased (more likely) or Googled (most likely).
So, when I went into work on Monday, I sent off a complaint to abuse@bellsouth.net about the spam. I included a copy of the spam and a copy of my server logs.
Then, I decided to get a little sadistic. I checked all of the domains in the spam, and noticed a trend. All were registered through GoDaddy.com, and all were registered to the same individual: Damie Mait, 2175 N.W 157 St, Miami, FL 33167.
The fact that the DSL line was coming from the Miami area, as was the domain registration, well, it was too much for me to write off as coincidence. GoDaddy's terms of service specifically forbid the use of comment spam, so I wrote another E-mail to abuse@godaddy.com with all of the information included.
Since Monday was my 30th birthday, I felt that acting to rid the world of a spammer would be a good thing. It would have been if BellSouth and GoDaddy had acted. Tuesday evening, the spammer struck again...with the same message, the same IP address and the same fake Hotmail address.
So, I complained again this morning. I'll keep blogging as I find out more, but here is the DNS entry for the company in question.
Registrant: Damie Mait
2175 N.W 157 St
Miami, Florida 33167
United States
Registered through: GoDaddy.com (http://www.godaddy.com)
Domain Name: ********.COM (Not giving free advertising here)
Created on: 13-Jan-04
Expires on: 13-Jan-05
Last Updated on: 13-Jan-04
Administrative Contact:
Mait, Damie dmcommerce@yahoo.com
2175 N.W 157 St
Miami, Florida 33167
United States
8005398569
Technical Contact:
Mait, Damie dmcommerce@yahoo.com
2175 N.W 157 St
Miami, Florida 33167
United States
8005398569
Domain servers in listed order:
NS1.MYDOMAIN.COM
NS2.MYDOMAIN.COM
NS3.MYDOMAIN.COM
2 comments:
Do you need to allow links in your users comments? That is what the spammers are really going for, the association of their words to their links so that google and kin will pick it up.
Not all community sites need links to be allowed in comments. Take that away and the spammer has no use to spam your site.
Just a thought :)
(Paul Watson from Code Project)
Our comment page posts to an internal site, but only allows plain-text entry. However, legitimate feedback we have received has contained URL's.
Post a Comment