Social Media Dynamics

By Sharon Hill

Still dealing with the spammers from Russia. I did make progress but I have one pesky fellow named Vadim.

I have my WordPress/Settings/Discussion set to:

I do not want to add an entire country to the blacklist, so I have tried the @domain.ru as a compromise. In my case, it was @fesin.ru. This worked until Vadim started spamming.  I tried several different versions in my blacklist.

Prior to Vadim, WordPress and Akismet were doing their jobs because I was not seeing any more spam from the domain @fesin.ru.  In fact, I only received 2 Russian originated spam comments in a period of 3 weeks.

Then along comes Vadim. So how do I know it is someone named Vadim?

In the email you receive, information is provided such as:

Author : lipitorw (IP: 81.30.187.197 , 81.30.187.197.dynamic.ufanet.ru) E-mail : dxxdxxdxxs1111@gmail.com
Whois  : http://ws.arin.net/cgi-bin/whois.pl?queryinput=81.30.187.197

Use this link:  http://www.db.ripe.net/whois and input the IP address (in this case 81.30.187.197)

This way you can get to the source:

person:          Vadim Gxxxxx
address:         deleted for blog
address:         deleted for blog
address:         deleted for blog
phone:           deleted for blog
fax-no:          deleted for blog
e-mail:          vadim@ufanet.ru

Now I can add vadim@ufanet.ru along with previously added @ufanet.ru and @dyanmic.ufanet.ru in my blacklist.

You also receive the link in the email where the spammer wants to send you.  I actually went to the link imbedded in the comment.  It is a stumbler at stumbleupon.com.  Sure enough this stumbler is all about the online pharmacy site.  I check another email and go to another link.  This one is at a forum for collaboration.  The links are member pages or member forums that look like something real until you scroll down and see the ad to buy the prescriptions.  In one case, it appeared to link to a member site and instead went to a landing page (ad).  In checking with these sites, I did not find anything specifically against terms of service except no commercial spamming allowed and no posting that promote businesses.  It is not always intuitive how to contact the sites to register a complaint.  Most of the social media sites expect members to police themselves.

I realize that not many folks would not take the next step.  I called the online pharmacy and actually spoke to someone letting him know that our blog was being spammed from Russia with links to their company website!  I emailed the Whois information along with our blog URL address. I received a nice automated reply.  The pharmacy is located in England.  I do not expect any real action.

So far I have received spam by way The Netherlands, Russia and The British Virgin Islands.

In the RIPE database there are two fields labeled mnt-by and referral-by.  By clicking on one or both you should be able to find the abuse@ address.  I sent one to the British Virgin Islands and received a response.  No more email from that spammer!

In my email accounts, I have been extremely proactive in responding to spam and have been quite successful.  I plan on taking the same approach with comment spamming.

With email spammers, I use the unsubscribe link,  then spam it and then block or filter it.  In addition, if they are in violation of the CAN-SPAM Act http://www.ftc.gov/bcp/edu/pubs/business/ecommerce/bus61.shtm I cut and paste the relevant portion along with the link and email it back.  Locally, when someone in just trying to make a buck and harvests emails from an association, I have called them, and while being polite, have let them know that there are laws regarding sending unsolicited emails and offer to send them the link.

There is a much grumbling about spam and I admit that I have grumbled too.  Since we are the recipients of spam it is difficult to be proactive without be overly restrictive.  Go the extra mile and learn about how your blogs are being spammed.  Understand the underlying activity and set a course of action, then do the work.

@social_dynamics