Tag: Referrer-Spam

Monster apologise

I received a phone call this morning from James Mailley, the Sales Director of Monster.ie. James is John Burns’ boss.

James was extremely apologetic about what happened over the last couple of days and said he would like to email me a formal letter of apology.

I told him that I would publish the letter of apology on the blog and he was happy with that. Here is the email I received:

Hi Tom,

Thanks for taking my call this morning – I appreciate you taking further time to discuss the recent events with me.

As I said on the phone and wish to reiterate, I apologise for the issues surrounding the e-mail that was distributed and also for the amount of your time being spent dealing with this situation. Having thoroughly investigated all the aspects of the original mail, I have discovered that this was an error that occurred through the enthusiasm of a brand new recruit who did not understand the policies and practices of the company.

Monster has a strict policy regarding unsolicited emails, and all Monster employees are forbidden from sending such emails unless the individuals or companies in question have specifically opted in to receive group emails of this nature. I reiterate that the email in question was sent by an individual in contravention of Monster’s policy on unsolicited emails, and that Monster in no way authorised or condoned this behaviour.

On behalf of Monster please be assured that we will do everything we can to avoid incidents of this nature occurring again in the future.

Kind regards


James Mailley
Sales Director

James was also looking for suggestions on how to make this right. I made a couple of suggestions to him which he promised to look into but if anyone else has any suggestions they’d like to add, feel free to leave them in the comments or email them to me and I’ll pass them onto James.

Monster steals email addresses and spams it@cork membership

This morning one of it@cork‘s members forwarded us an email conversation he had with John Burns, Monster‘s Business Development Manager in Ireland. We were incredulous when we read it.

It started with an email from Monster’s John Burns to 189 recipients and CC’d to our member (!). Our member replied to John that this was spam and

…coming from Monster, most unprofessional. Worse, you exposed everyone’s email address to one another without their permission

Unbelievably for someone working in an online organisation, Monster’s John Burns seems to be unaware of the data protection legislation and responded to this saying:

These email addresses are part of a networking list from http://www.itcork.ie and are all available for everyone to see.

I do appreciate your concern chris, (i will keep my eye out for the bloggers!!!)

The legislation surrounding this kind of behaviour is very clear, data can only be used for the purposes for which it is obtained. We in it@cork were obviously naive in publishing the members directory (since taken offline) but that doesn’t confer on anyone permission to harvest that address list and spam them.

The Irish Data protection Commissioner takes a very dim view of this and has the power to levy fines of up to €3,000 per address spammed (so potentially €570,000 in this case).

it@cork is a not-for-profit, IT professionals networking organisation, based in Cork. I am on the steering committee of it@cork, helping out with the running as much as I can in a voluntary capacity.

Using .htaccess to minimise comment and referrer spam

I have been using my .htaccess file to stop comment and referrer spam on this site and it has been surprisingly successful (so far!). How do I create a .htaccess file capable of greatly reducing comment and referrer spam?

Firstly, I use Awstats to analyse visits to my site daily and I use Spam Karma to help control comment spam. Both applications give me information on spammers visiting my site.

Awstats gives me a list of the referer sites – this list contains those sites which are trying to spam my referrer logs. I monitor those sites and as new ones appear I add them to my .htaccess list in the form:
RewriteCond %{HTTP_REFERER} \.domain\.tld [NC]
where .domain is the domain trying to spam my site (psxtreme, freakycheats, terashells, and so on) and the .tld is the top level domain the site is registered to (.com, .net, .org, .info, etc.).

So, for instance, in the case of the spammer coming from the smsportali.net domain, I have added the following line to my .htaccess code:
RewriteCond %{HTTP_REFERER} \.smsportali\.net [NC]
This will stop accesses from all subdomains of smsportali.net (spamterm.smsportali.net) to the site and the NC ensures that this rule is case insensitive.

In the case of comment spam, I have configured Spam Karma to email me every time it deletes a spam comment – this is becoming rarer and rarer as the .htaccess file becomes more and more effective. I have configured Spam Karma to include the server variables and request headers of a comment that is not approved in the email – this is one of the configuration options of this plugin.

Scanning these emails, I can see the User Agents being employed by these spammers – armed with this information, I added the following lines to my .htaccess file:
RewriteCond %{HTTP_USER_AGENT} Indy.Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Crazy\ Browser [NC]
RewriteRule .* – [F]
and this has greatly reduced the amount of comment spam coming through.

Also, Cindy alerted me to the fact that adding:
RewriteCond %{HTTP:VIA} ^.+pinappleproxy [NC]
RewriteRule .* – [F]
Will also catch a lot of the spammers.

I have a copy of my .htaccess file available for review (it is in .txt format).

For each set of rules in your .htaccess file, you need to finish with a RewriteRule – RewriteRule .* – [F] will give a 403 (page forbidden) to the spammers. Your last set of rules should end with RewriteRule .* – [F,L] – the L telling the RewriteEngine that this is the last line and to stop processing the rules here.

the .htaccess file is a very unforgiving file. It has the power to make your entire site unavailable to anyone. It is strongly advised to read up on Regular Expressions and Mod_Rewrite (the Apache module which processes these commands in a .htaccess file) before creating a .htaccess file or modifying an existing one.

Log file and Blog comment spam

I use AwStats to monitor traffic on the tomandpilar.net site. I monitor the traffic regularly and recently started to notice that my site was apparently being linked to by some very strange sounding sites – Online Poker sites and Online Pharmacies!

A quick bit of investigation (and a quick word of explanation from FrankP) told me that I was the victim of Log File Spam. The idea behind Log File Spam is that Log File analysers, like AwStats, often create html based reports including hyperlinks to referrers. Therefore, if someone appears to come to my site from genericlogfilespammer.com, there is a link to that domain automatically created in my AwStats file report.

If the report is not password protected, then this is found by search-engines and it increases the page-ranking of the spammers’ site.

How do we combat this?
Luckily there are a few simple steps we can take to combat this. The first and most basic, is to password protect the Log File analyser folder.
As added protection, a line can be added to the robots.txt file instructing search engines not to look in the log file analyser folder. Add the following line:
User-agent: *
Disallow: /Insert Logfile Analyser folder path here/

After a little further digging I found an article on how to modify my .htaccess file to exclude the majority of offenders. I modified my .htaccess file follwing the tips on this site and using some of Joe Maller’s sample .htaccess file data .

This was my first time modifying an .htaccess file by hand so I am interested to see how it will work out for me. If you would like to check out a copy of the .htaccess file I created – click here

I am also plagued by Blog comment spam. I have always moderated comments on my blogs but it is still a pain to be receiving emails about spam comments daily – which then have to be deleted. Hopefully the .htacess modifications will eliminate a lot of this too.

UPDATE – The link to Joe Maller’s .htaccess file above appears to be re-directing to microsoft.com. I have emailed Joe to ask if this is expected behavour. In the meantime, if you find yourself unable to access it, feel free to browse my own effort – a lightly edited version of Joe’s file.