Announcement 1: GoogleApp Engines mostly blocked
As some of you know, I recently began banning TOR connections. I’m doing this by reading the IPs of new TOR IPs and banning them at Cloudflare. Naturally, every spam/hack control attempt has a nearly equal and opposite reaction. I now see hack/crack attempts using other quite obvious anonymous proxies. These include connections using proxies set up on GoogleAp engine. (This has been named “CrapEngine” over at webmasterworld.) My method of thwarthign these is to ban any connection with “http://code.google.com/appengine; appid:” in the user agent except for whitelisted apps. There are two whitelisted aps are pubsubhubbub and s~feedly-social. Many other app-ids that have hit have clearly been proxies.
But the purpose of this post isn’t to complain about those. I’ve blocked them. My purpose is to ask for help in figuring out which google aps I should whitelist. To that end, does anyone know:
- Is there any central archive where I can learn what service any particular google app provides?
- Failing that, do you know of good google apps that I should not be blocking?
These things are often free. New ones are sprouting each day. Clearly, the only way to approach it is to block an app until it is proven “useful to me and my readers“. Any help identifying those would be welcome.
Announcement 2: Blocking speed demons commenters.
Commenting now uses cookies to compute the wait time on a page. You must turn them on to comment. (They are not required if you read only.)
The cookies are not so much to prevent spam (which as you can tell already doesn’t appear) as to kick off the bots that trigger the spam filter and then just try to add another spammy message over and over. Along with these feature there are some secret hidden comment forms sprinkled around the blog. Bots that fill those out are getting banned– and quite a few are filling them out.
As for humans: The comment filter will block you if you submit a comment less than 3 seconds after the page loads. Although it is possible for a human to refresh the page, scroll down fast, enter a 1 letter comment and hit submit in under 3 seconds, I don’t think anyone will accidentally trigger this here. You will probably be able to just use your back browser and hit “submit” again. But these infractions accumulate– and of course, it’s a PITA to fish people out of the spam bin. So please do not experiment with this just to see how it goes, you could end up banned at Cloudflare. That said: If you see the comment warning, let me know. If it’s catching actual humans, I want to know that.
Announcement 3: Anonymous Proxies and Forwarding
ZBblock previously only monitored the final IP in a connection that showed a number of IPs in the X-Forward headers. I have been experimenting with a few extra checks on those connections with more than 1 IP in the X-Forward headers. This has “caught” a few innocent people– mostly because I was a bit too strict on people in “spammy” countries (e.g. China, Thailand, Brazil, Ukraine etc. Note: Australia sometimes gets ‘caught’ because some of you guys are identified as coming from various parts of Asia. ) I’ve backed off on some of my boneheaded mistakes with forwarding– but I am still checking those more intensively than non-forwarded connections. I’ve also discovered some people using proxies don’t know they are using proxies! (This can happen at work and so on.)
If you are using a proxy you might see a “Ban” message it may be that you are — knowingly or unknowingly– using a proxy. The ban may kick in either because of your IP or because the proxy IP appearing in the X-Forward headers is banned. I ban many proxy services– especially the cheap 6euro/month anonymous proxies; they are a constant source of hack attempts. I mean hack– not spam. I’m sure they spam too though. So, if you have been using those to read the blog and no longer can read, you will either need to use your real IP address or find a proxy that is not blocked.
Open thread– talk about anything including Climate Change. 🙂
UPDATE
The word ‘slimy’ has been removed from the referrer spam ‘bad words’ and I will fish out all the people who tried to visit by clicking a link over at Bishop Hill’s ‘slimy’ article.
Update 2
I’m turning AKISMET spam filtering off for an hour as an experiment.
Update: My blog requires appropriate ‘referrers’ to be passed when you comment. The “appropriate” referrer that should be passed when you hit “submit” for comments on a post is the uri for that post. So: if you comment in this post, the referrer should be “http://rankexploits.com/musings/2012/three-admin-announcements/”. Passing this referrer is the default behavior of most browsers. But some people read (often bad) advice by “privacy” advocates and turn referrers off on their browsers. (It’s easy to turn them off.)
That said: If you are not passing an appropriate referrer, and you submit a comment the spam filter will think you are a spam bot. To fix this turn off the ‘fake-privacy’ filter you are using and pass a referrer. Because if my blog thinks you are submitting comment without visiting a blog post, it’s going to think you are a spam bot programmed to “post” to a variety of addresses without ever visiting posts or reading them. It will think this because that’s what spam bots do and you have modified your browser behavior to make it look like a spam bot.
Also note: It’s not just my blog. If you use “privacy” filters of any type and find you are having difficulty commenting at other blogs, it could be your “privacy” filters are making you look like a spam bot. Because — depending on the choices– it might just do that.
