A way to strike back at the scum spamming my guestbook?

[Spike]

I've had a great deal of trouble with a particular spammer lately on my ardguest.php guestbook.

Because of this, I've looked at a few ardguest.php guestbooks on the web, and the only one I found that was spam-free was renamed. lol

naturally, I've just done the same, and replaced the original page with a redirect to a page explaining the issue.

Most of this spame seems to come from some sort of spam robot at www.umax-se.com, and uses the email address freeyaho@freyaho.com, or variations of it, which a little bit of googleing suggests is a CWS domain.

Now, I should have my problem solved for now, but I'm feeling vindictive and vengeful and stuff. I currently have about 23 GB of bandwidth going spare each month. Is there any way that anybody can think to use that bandwith to go some way to clogging up their servers each time they try to access the page where my guestbook once was (www.*******.com/ardguest.php)?

 

[Mictlantecuhtli]

Make love not spam?

That "fight fire with fire" mentality isn't going to work, in my opinion.

The best (if not the only) thing you could do is to try to contact the spammer's ISP if you can find it out.

 

[Spike]

Yes. you may well be right. The trouble is that I have a feeling from what I've seen in my website referral logs that it's a variety of spammers using some kind of submission robot, and I haven't as yet been able to find the IP of the server.

I can't say how safe or unsafe these sites may be, but this is what I'm seeing...

http://dimattic.com/uni.cgi
http://umax-search.net/post/uni.cgi
http://umax-search.net/post/umax.cgi
http://www.mywebsearch.com/jsp/GGmain.jsp
http://umax-search.net/post/post.cgi

Even if I can find out, it could just as easily be a server running from a DIY ISP, especially if it's related to something as big as CWS at it's root. That thought kinda sucks.

I guess I just don't like the idea of sitting around and having to just accept that these spammers rule supreme over those that create the websites they target. Not a nice thought. Maybe that's just how it is though.

 

[RealBlackStuff]

Perhaps you should use a better/different name for the guestbook-page. They (the spammers) may trawl the net for any pages with the word "ardguest" and the likes in either title or text.
By calling it something inconspicuous such as "con_tacts.php" or "rea_ctions.php", and removing or altering the "Powered by" name to e.g. A_r_d*g_ etc., you should be a lot less less vulnerable.
Sticking a blank in the original name is not helping (much).

 

[Spike]

Thanks RBS, that's pretty helpful. I'll get onto that now. I hadn't thought of that.

 

[thepreacher]

Reporting spam

Hi,

I had the same experience with my ardguest guestbook. Renaming does indeed help a lot.

From what I can see, the owner of these sites is either responsible for the spam or is facilitating it. The sites contain scripts that are designed to spam a variety of guestbooks.

I have complained to the web hosting company (Everyone's Internet). Here's the email I sent. I would suggest you and anyone else who is affected, complain about this.

From: <email address removed>
Subject: Guestbook/forum spamming
Date: 15 February 2005 12:57:13 GMT
To: abuse AT ev1.net


Hello.

There are a large number of forums and guestbooks (mine included) that are being filled with adverts for <url removed> and <url removed>. All the sites are owned by someone called Sid Wongvorakul and seem to be hosted from within your network.

Is there anything you can do to shut this character down please?

Kind regards,

<name removed>



I did honestly try to contact the owner of the sites but there is no contact information. Even if the owner is not deliberately spamming, I find it hard to believe that he doesn't know about the multitude of scripts hosted on his sites.