Need overview about XRumer software?
There. Now let's wait a week for Google to index this, and see what the log drags in. Thank you very much, and I now return you to your regularly scheduled programming.
When I initially posted the XRUMER and you post, I thought that XRUMER probably used the text I posted (which I had found on a forum I frequent) to identify spammable fora -- those for which moderation is not performed.
Later, I came across the theory that this post was in fact some pretty clever viral marketing. By pretending to ask the forum's members about XRUMER, the XRUMER marketer could induce at least some people to search on it and link it, causing Google to rate it highly without actually themselves spamming. Neat.
But for whatever reason, my post caused Google to rate me third on searches on the term XRUMER -- and instead of XRUMER, I'm seeing a lot of traffic from people obviously interested in stopping it.
As am I.
But I don't have access to a forum affected by XRUMER (or at least, I can't tell for sure that I do.) My own Toonbots forum is an extremely low-traffic venue running on antiquated WebBBS code. I get spam there, and this week managed to block it all (so far), but my problem is decidedly minor.
I can only assume that if you're reading this, you have a major forum spam problem. If this is the case, I need your help. I'd like to try out some ideas about forum despamming -- building on the working concepts in my own low-traffic venue. But to try these ideas out, I'd need access to a forum. Your forum, if you're interested. And that essentially means access to the underlying storage (whether filesystem or database), a way to run Perl on your box, and access to the Web access logs in real time.
Depending on your own traffic patterns, the access logs can provide a great deal of information about whether a post is legitimate or not. Of course, you can also make a lot of valid judgments based on the post content, but I hesitate to block on things like "too many links," as satisfying as that heavy-handed approach may be. Legitimate users can often have legitimate reasons to post lots of links. Granted, they're generally not about Cialis or mortgages or hot xxxxxxx Asian lesbian pr0n, but still -- any interference with your actual users is something you want to avoid at all costs. I regard information about post content to be one factor in a good, well-rounded spam elimination strategy.
Traffic analysis correlated with forum activity can be a powerful tool, and in my own case it's working 100%, with no examination of content at all, but my traffic is so low that I can't judge how complete a strategy it might be. If you add your forum to the mix, I can improve the techniques.
So anyway, all you desperate forum admins with XRUMER problems -- if you want me to give it a shot, drop me a line. I'm working for free and during an initial phase my scripting can simply recommend post deletion instead of making any automated changes itself. Interested? Tell me.
So hey, kids, I'm still alive, and now posting from the lovely Caribbean island of Puerto Rico for the foreseeable future.
After the move, and after some confusion on the part of the cable company involving losing my order, I have blessed, blessed broadband again, without having to cadge the neighbors' WiFi from the rooftop terrace, which would be a great place to work were it not for the tropical proximity of a horrible huge ball of blazing nuclear explosion hanging over my head, plus the necessity of placing the laptop in a precarious position on the railing, four floors above concrete, to get good signal.
But now things are good again, and I have 9000 emails to go through (yes, as a guy with a spam filter, I should probably be filtering my spam, but, well, it's a long story and look, shiny thing!). And lo! within those 9000 mails were two from hapless forum operators who are getting fed up with manual despamming.
So sure, I'll be seeing what I can do in that regard, but it piqued my interest in forum spam again. And so I checked my logs for instances of XRumer, and wow -- somebody actually linked my XRumer blog keyword in response to ... a new instance of the XRumer forum bomb. Dated April 5, as it so happens. This one contains the novel text "Also, do you know when XRumer 4.0 Platinum Edition will be released?" and it's posted by AlexMrly. Google either the phrase or the name, and you'll see a whole lot of forum spam. Hey, XRumer guys -- thanks! What we all want is more forum spam!
Now I have that off my chest. I'm going to reiterate my offer to anybody listening -- I'm going to see what I can do to combat forum spam around the world, and I'm not charging anything for it. So far, I'm just in it for the interest, just like email spam in 1999. Get in touch. I'll be here. Well -- I might actually be at the beach. But I'll be back soon.
Sorry that this post isn't really all that programming-oriented. I hope to be making that right, in the next couple of days. Blocking XRumer is fun, and so easy even a child could do it! No, seriously: if you want to help me stop XRumer, all I need is your data.
Second post in a day... Turns out that the WaPo posted on XRumer back in January. The article is here, with comments. Note that the comments are, except for four, all by Russian spammers. Who are tagging the Washington Post with high-fives because they've caught the attention of the mainstream.
If that doesn't blow your pretty little mind, I'm not sure what will. I love this century!
So again: I'll help you block XRumer if you want. Just drop me a line and we'll talk. This ought to be fun.
In the predictability department, one of my forum spam traps just pulled in an interesting post: yeah, it was posted (presumably) by XRumer and certainly fits the profile -- but it's advertising a crack of XRumer.
"Greate new XRumer4.0 platinum edition and crack DOWNLAUD".
I wondered how long that cash cow would last -- looks like about, what, November to April? Actually, it took longer than I expected.
In case you're wondering whether this is a good idea, well, given that you therefore think spamming is a valid business technique, then: sure, go ahead. Download a crack from Russians and give them control of your machine.
In related news, I have doubled the number of forum sites I am despamming. (If you're paying attention, that means, yes, I now have one that isn't my own site.) And I decided to try a notion that's really paid off in spades.
See, XRumer uses a vast database of known HTTP relays to post spam. This makes it much more difficult for human admins to block by IP -- since a single spammer may have hundreds of IPs available, how can you block?
Well -- unintended consequence time! Thanks to the explosion in use of these proxies, we now have a reliable way to find them out without human intervention at all. Count the number of times Google indexes an IP, and you have an incredibly effective way to determine whether it is on the list of known proxies used by spammers. Granted, you have the lag between the time it becomes a proxy and when Google starts indexing the references to it on forum posts around the world. But this one test for spam blocks about 60% or more of forum spam, sight unseen.
It won't last. But then again, neither will XRumer, not in its present form.
Just to help you out, I've provided a simple Google hit counter: go here and type in any phrase, not just an IP address, to see how many references to the phrase Google has indexed. When I've got a little more timeframe behind it, I'll even put in autorepeating queries of the good ones, with gnuplot graphs to show googlecount over time.
And of course, I'll be putting the code up; it's about ten lines of Perl -- the only reason it's that long is that it caches results in a database so repeated queries don't pound Google. Not that Google can't stand the pounding, but I don't really want a bunch of Perl script threads hanging around waiting on Net latency.
So, a common refrain lately: more later.