This blog is retired.


Introducing topics and adding improvements

October 10th, 2007

The blog is alive for four month, it contains a significant number of posts. Till recently, all the posts were under the category “Uncategorized”. It was ok for a new blog, but it’s bad for a growing blog. Therefore, I spent significant efforts (more about it in my personal blog: “invent categories and tags easily“) and assigned the topics to each posts. So far the categories are:

Read the rest of this entry »

Spam and the Commercial Malware Industry

October 3rd, 2007

Evil spammers and renegade programmers aren’t who you think they are. Sure, both types of Internet abusers can trace their origins back to random individuals who weren’t commercially organized and whose actions didn’t really cause a huge ripple effect across the ‘Net. But all of that has changed.

Today’s virus attacks are written by professional software developers who charge fees to buyers who want to release their own spam, virus or Trojan horse attack. Developers sell plug-and-play “instant virus outbreaks” and root kits that can be purchased and downloaded online. Organized crime cartels from around the world have sunk their claws into the Internet and they’re making billions of dollars per year running their spam networks and phishing sites.

Read the rest of this entry »

Too Bad You Can’t Look Spammers Up In The Telephone Book Part II

September 30th, 2007

In my last post I told you about some BB anti-spam protection schemes out there that rely upon third-party spam reports to build a list of know spammers who frequent the forum community and blogosphere. I also wrote about why this method of protecting your site from spam wasn’t as good an idea as it seemed from a technical point of view. Today I want to tell you about a few legal issues you may face if you choose to utilize a blacklist.

One of the biggest legal obstacles is that UK webmasters are subject to fines and penalties if they transmit sensitive user data to any organisation that is not subject to the UK Data Protection Act.

Read the rest of this entry »

Too Bad You Can’t Look Spammers Up In The Telephone Book

September 26th, 2007

Wouldn’t it be great if you could get access to an automatically maintained list of forum spammers and simply check each new member against it before you allowed someone to register or create a new post? Well you kind of can do that, to some extent, but you may not want to. Here’s why…

Read the rest of this entry »

How does Advanced Textual Confirmation work

September 23rd, 2007

Many people, including me, believe that security by obscurity gives a false sense of security. Any security tool must be available in source code, even to bad guys. But Advanced Textual Confirmation (ATC) is encoded. Why?

It’s all about the business. If I deliver the tool as is, some “alternatively smart” programmer can copy/paste the code in a few minutes and start selling the clone. This is my worry: “alternatively smart” programmers.

To satisfy those who are against security by obscurity, I’m diclosing the ATC internals is this post. Warning: to understand the text in full, you have to be a web programmer.

Read the rest of this entry »

Evil Idea: Make money from spammers!

September 16th, 2007

Last week I wrote about the “Spamper” phpbb MOD that used SPAM posts against the spammer. As I mentioned, the idea died because too many people thought that it amounted to a Distributed Denial of Service Attack (DDOS). No one wanted the legal liability that could result from what I believed was a great idea.

Well, I got to thinking… Maybe Spamper was a bad implementation of a good idea. So, I took the idea one step further. What do you think of this?

Read the rest of this entry »

The best defense is a good offense. Or is it?

September 12th, 2007

Sometimes there is nothing more satisfying than giving a bad guy a dose of his own medicine. That was undoubtedly the idea behind the “Spamper” phpBB2 MOD that was ultimately removed from the phpbb.com and phpbbhacks.com sites shortly after it was posted by its author.

Read the rest of this entry »

MOD Textual Confirmation Rises From Pit of Despair

September 9th, 2007

True Story:

I became so irritated from using phpBB2 Advanced Visual Confirmation, which ended up causing me more trouble that it was worth, that I finally did something about it.

After thinking that I had wrapped a spammer-proof wall of security around my forum, I discovered that spammers were having an easier time decrypting my captcha images than my authorized members were. In fact, I often ended up having to manually register new users who I thought weren’t smart enough to decipher the image that was sitting right there in front of their face. It was only after I tried (and failed) to register one particular user 5 times that the truth hit me:

When it comes to default captcha decoding skills: Computers win, humans lose.

Read the rest of this entry »

OK, here’s a cool CAPTCHA tool I can actually get behind

September 5th, 2007

Every now and then a smart anti-SPAM solution comes along that’s actually worth taking a close look at. ReCAPTCHA™ is one of those tools.

Everyone who reads my blog already knows that standard CAPTCHA utilities have been hacked. And you already know that the best form-based anti-SPAM tools require a modicum of human intelligence to unlock the comments form and allow a comment to be posted.

And that’s why I’m so excited about ReCAPTCHA. Not only is it human intelligence-based, but it’s free as well. And to make it even better, if you use ReCAPTCHA, you’ll actually be helping to spread literacy around the world.

Here’s how it works:

Read the rest of this entry »

Hot captcha, or CAPTCHA with fun

September 2nd, 2007

CAPTCHA or not CAPCTHA… Any anti-spam protection disturbs your visitors. But folks at HotCaptcha.com found a nice trick to compensate the irritating proof-you-are-a-human step. What they do?

Read the rest of this entry »