Bryan Ruby


Thoughts, Words, and Deeds

Spam

As Facebook Removes Fake Accounts, Spam Industry Charges More

Fake News  - Pixabay CC0 Public Domain

NBC News recently posted an interesting article where the author notes that the spam industry follows the same Law of Supply and Demand as any capitalist-loving business does. As social networks crack down on fake accounts and fake news, the spam industry is able to charge their customers more to establish such inauthentic accounts.

Facebook shut down as many as 30,000 fake accounts in the past week — but that's unlikely to hurt the multi-million-dollar spam industry.

In fact, since Facebook's post-election housecleaning, it's become even more lucrative for spammers to pump out "inauthentic accounts." The asking price on the black market for 1,000 fake accounts used to be $20, but security changes by the social network giant only succeeded in driving up prices.

"If you go to the underground markets where they sell fake Facebook accounts, you can buy 1,000 of these for $300 to $400," Damon McCoy, a New York University computer science professor specializing in cybercrime, told NBC News.

Fighting inauthentic accounts and inauthentic activity is not new to social networks. In recent years, Facebook has put a lot of effort into reducing such activities by closing accounts responsible for fake likes and fake news. Last week, Shabnam Shaik, Facebook's Security Technical Program Manager, acknowledged  the recent efforts of his security team to fight the spread of misinformation on their social network.

Denial of Service on an Apache server

Last week was a very frustrating time for me. For whatever reason, an unusually number of botnets decided to zero in on my Drupal site and created what I call an unintentional  Denial of Service attack (DOS). The attack was actually from spambots looking looking for script vulnerabilities found mainly in older versions of e107 and WordPress. Since the target of these spambots were non-Drupal pages, my Drupal site responded by delivering an unusually large number of "page not found" and "access denied" error pages. Eventually, these requests from a multitude of IPs were too many for my server to handle and for all intents and purposes the botnet attack caused a distributed denial of service that prevented me and my users from accessing the site.

These type of attacks on Drupal sites and numerous other content management systems are nothing new. However, my search at Drupal.org as well as Google didn't really find a solution that completely addressed my problem. Trying to prevent a DDoS attack isn't easy to begin with and at first the answers alluded me.

I originally looked at Drupal for the solution to my problems. While I've used Mollom for months, Mollom is designed to fight off comment spam while the bots attacking my sight were looking for script vulnerabilities that didn't exist. So with Mollom being the wrong tool to fight off this kind of attack, I decided to take a look at the Drupal contributed model Bad Behavior. Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots then blocks such access and logs their attempts. I actually installed an "unofficial" version of the Bad Behavior module which packages the Bad Behavior 2.1 scripts and utilizes services from Project Honey Pot.

As I had already suspected, looking for Drupal to solve this botnet attack wasn't the answer. Pretty much all Bad Behavior did for me was to take the time Drupal was spending delivering "page not found" error pages and use it to deliver "access denied" error pages. My Drupal site is likely safer with the Bad Behavior module installed, but it was the wrong tool to help me reduce the botnets from overtaxing Drupal running on my server. Ideally, you would like to prevent the attacks ever reaching your server by taking a look at such things as the firewall, router, and switches. However, since I didn't have access to the hardware, I decided it was time to look at my Apache configuration.

Mollom: A solution for comment spam

Passwords, user accounts, email verification. I have never liked requiring my website's visitors to register before they can leave a comment. There is a large segment of people that like to submit quality comments online, but they don't want to be required to leave their personal information there. So from the beginning, I have always allowed anonymous commenting by unregistered visitors and for the most part, they quality of the comments haven't suffered. However, allowing for anonymous comments also invited my site into a war against comment spam. My latest weapon to do the fighting for me in this war is Mollom.

Mollom LogoI was first introduced to Mollom in the Fall of 2007 as a beta tester. Prior to Mollom, I had been using a number of techniques, modules, and services with limited success in blocking unwanted spam. While some of these filtering methods did help me filter out unwanted content, I was still spending quite a bit of my time moderating the comments for potential spam. Worse, in long absences from the site I had to disable anonymous commenting for fear that I would come back to a site riddled with ads for the latest popular pharmaceutical drugs or some girl that wanted to be seen for a price. That's when Mollom entered the picture and helped stop most of the spam from entering my site.

Proof spammers are no good

Screen shot of Akismet Filter in Wordpress 2.x

A few months ago, I posted that I use Akismet in both Drupal and Wordpress. Akismet is a spam filtering service that can be used in content management systems via plug-ins and modules. The Akismet plugin ships with Wordpress 2, but some setup is required.

While visiting my Wordpress site I noticed the specific number of comment spams the Akismet filter had caught so far and made sure I took a screenshot. The image below was taken by me and I assure you that no altering of the photo was done. I'll let you be the judge whether you agree that spam through site comments represent the evil the number shown implies.

I do use Akismet to filter out the spam that is posted through comments here at CMS Report. As most of you know by now, my content mangement system of choice for this site is Drupal. The Akismet module for Drupal is now at version 1.1.2 and available at phpMiX.org (Open Source experiments).

Akismet Anti-Spam Modules for Drupal and phpBB

For our Wordpress 2.0 sites, we have been using the Akismet plugin to fight off the spam thrown at us through our comment pages. We've been impressed with the results with over 550 spam filled comments blocked since early 2006 and only two spam comments slipping by Akismet's filters. With these impressive results, we have been hoping to see an Akismet Drupal module also developed. Now both Drupal and phpBB users have access to an Akismet module for their CMS.