Spam

Preventing Spam Calls to Businesses

Telemarketers interrupt the workday and prevent genuine customers and business partners from getting through, affecting the bottom line. That’s why companies should block spam calls. Here’s how to do it.

How Can Companies Know if a Call Is Not Legitimate?

Businesses often can’t tell which calls are legitimate since people can spoof numbers and fake caller identification. The most common way to prevent this is by listing work phone numbers on the Do Not Call registry. Still, some organizations already engage in illegal calling practices and will continue to attempt contact.

Badly Trained Spam – Only A Quarter of Brits Train their Spam Filter

6 February 2020, London: British email users want to have as little to do with spam as possible! Only a quarter of Brits (25%) mark suspicious emails as spam or move them to the ‘Spam’ Folder, while the majority (55%) delete potential spam unread. Nearly seven percent (7%) read the email first and then delete it and four percent (4%) simply leave the spam unopened in their inbox. Fewer than 1% of users say that they reply to the spam. These are the findings of a representative survey of 2,000 people in the UK commissioned by German email service providers GMX.

Unknown danger: 74% of Internet users unaware of QR Code Spam despite growing problem

27 November 2019, London – Seventy four per cent of British internet users have never heard of QR code spam, according to a recent representative survey commissioned by European email provider GMX. This is despite a significant increase in QR code spam being detected by GMX email security experts. They analysed how spammers change their methods by running so called ‘honey traps’, which are special email accounts without spam filters which aim to attract as much spam as possible. The analysis of the contents of these traps show that QR code spam is trending in 2019 top spam methods.

An End of an Era: Mollom End-of-Life Announcement

Sometimes I get too nostalgic over computers or software that I once used in my daily life. I remember my first computer (the Commodore Vic-20), I remember my first programming language (BASIC), and I remember my first spam filtering software for user generated content (Akismet). But nine years ago, a new spam filtering service originally intended for Drupal called Mollom emerged and I quickly forgot about the other spam blocking software.

RiskIQ Researchers Identify New Threat Actor NoTrove Delivering Millions of Scam Ads

London, UK – 26 April, 2017 – Earlier this year, RiskIQ, the leader in digital threat management, reported an eight-fold increase in internet scam incidents that deny the $83 billion digital advertising industry millions of dollars. Now, researchers at RiskIQ have identified NoTrove, a newly discovered and major threat actor that is delivering millions of scam ads that threaten consumers and further undermine the digital advertising industry.

As Facebook Fights Fake Accounts, Black Market Prices Go Up

NBC News recently posted an interesting article where the author notes that the spam industry follows the same Law of Supply and Demand as any capitalist-loving business does. As social networks crack down on fake accounts and fake news, the spam industry is able to charge their customers more to establish such inauthentic accounts.

Facebook shut down as many as 30,000 fake accounts in the past week — but that's unlikely to hurt the multi-million-dollar spam industry.

We Hear You: Our spam filtering needs to be improved

Like most website administrators, I have a long history of fighting spammers and protecting my sites from unwanted content. Over the years I've used a lot of tools and services to block spam from reaching the pages of my sites. In recent years, the service I've relied on most heavily is Mollom.  Mollom is a web service that helps you identify content quality and, more importantly, helps you stop spam on your blog, social network or community website

Overall I've been very happy with the spam filterering Mollom provides for my sites. Mollom LogoHowever, occasionally Mollom can be too aggressive and remove legitimate story and comment submissions. And when I say "remove" I most definately intend to use the word in the literal way. You see, up to now, Mollom had an "all or none" approach to rejecting or accepting spam. When your stories or comments were rejected, the content submission was simply discarded without review by a human.

If you've ever submitted good clean content to CMSReport.com or another site only to only have it identified and discarded as spam, you have every right to be upset with spam filters. Over the past couple months, I've had a number of people upset that the spam filtering CMS Report has been using rejected their story submission. This may not be all the fault of Mollom either as I was also using the Bad Behavior module too. My apologies to everyone that has gone through this experience when they've submitted legitimate comments and stories to this site. Unfortunately, without spam filtering the content on this site would not be good to view. Spam filtering is a necessary part of maintaining a site open to the public.

Luckily, there has been some improvements in the Mollom for Drupal module that should keep your posts and comments from getting discarded while continuing to protect this site from spam. The module has now been improved to to retain spam comments as unpublished posts in a site's moderation queue. So we're giving the new module a try. I won't promise that your content will not be identified as spam, but I do promise you that every intent is being made to review your comments and stories for publication.

Denial of Service on an Apache server

Last week was a very frustrating time for me. For whatever reason, an unusually number of botnets decided to zero in on my Drupal site and created what I call an unintentional  Denial of Service attack (DOS). The attack was actually from spambots looking looking for script vulnerabilities found mainly in older versions of e107 and WordPress. Since the target of these spambots were non-Drupal pages, my Drupal site responded by delivering an unusually large number of "page not found" and "access denied" error pages. Eventually, these requests from a multitude of IPs were too many for my server to handle and for all intents and purposes the botnet attack caused a distributed denial of service that prevented me and my users from accessing the site.

These type of attacks on Drupal sites and numerous other content management systems are nothing new. However, my search at Drupal.org as well as Google didn't really find a solution that completely addressed my problem. Trying to prevent a DDoS attack isn't easy to begin with and at first the answers alluded me.

I originally looked at Drupal for the solution to my problems. While I've used Mollom for months, Mollom is designed to fight off comment spam while the bots attacking my sight were looking for script vulnerabilities that didn't exist. So with Mollom being the wrong tool to fight off this kind of attack, I decided to take a look at the Drupal contributed model Bad Behavior. Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots then blocks such access and logs their attempts. I actually installed an "unofficial" version of the Bad Behavior module which packages the Bad Behavior 2.1 scripts and utilizes services from Project Honey Pot.

As I had already suspected, looking for Drupal to solve this botnet attack wasn't the answer. Pretty much all Bad Behavior did for me was to take the time Drupal was spending delivering "page not found" error pages and use it to deliver "access denied" error pages. My Drupal site is likely safer with the Bad Behavior module installed, but it was the wrong tool to help me reduce the botnets from overtaxing Drupal running on my server. Ideally, you would like to prevent the attacks ever reaching your server by taking a look at such things as the firewall, router, and switches. However, since I didn't have access to the hardware, I decided it was time to look at my Apache configuration.

Mollom: A solution for comment spam

Passwords, user accounts, email verification. I have never liked requiring my website's visitors to register before they can leave a comment. There is a large segment of people that like to submit quality comments online, but they don't want to be required to leave their personal information there. So from the beginning, I have always allowed anonymous commenting by unregistered visitors and for the most part, they quality of the comments haven't suffered. However, allowing for anonymous comments also invited my site into a war against comment spam. My latest weapon to do the fighting for me in this war is Mollom.