We’re back on Akismet for the time being.

Things are still a bit wonky with Defensio so I gave Justin some data on the comments being falsely marked as spam as well as some spammy ones falsely marked as OK and he’s going to go do that voodoo that he do and hopefully fix it up right. Meanwhile we’re back on Akismet until the next go-round. I appreciate your patience as we help out a module developer.

Ain’t beta testing fun?

Comments are a little wonky at the moment.

[Update 2:] So I switched back to Akismet and forgot to put the API key back in. Comments should be working now.

As you know we’re beta testing the Defensio module for EE and, like any beta test, there’s bound to be some hiccups. Right now the module is marking every comment as spam and moderating it. This isn’t a huge deal as I just mark them as OK and publish them when I get the chance, but it does mean that your comment may not show up immediately after you post it. I’m working with the author to see if we can’t figure out what’s going wrong and get it fixed ASAP, but if it looks like it’ll be awhile then I’ll switch back to Akismet until a new version is ready. Just wanted to give you guys a heads up as to what’s happening with it.

Oh, and for those that have asked, the Defensio module for EE 1.xx will be free when it’s finally released. They’re not sure about whether or not they’ll charge for the EE 2.0 version as it’ll depend on how much work it takes to port it over.

[Update:] I’ve switched back over to Akismet for the time being until a fix can be found.

Testing out Defensio anti-spam system.

Justin Crawford of HOP Studios has created a new anti-comment spam module combo for ExpressionEngine that makes use of the Defensio service and we’re giving it a go here at SEB. It’s similar to Akismet in most respects, but gives a little more control over how comments are handled. So for the moment I’ve disabled Akismet and enabled Defensio and we’ll see how it goes. We get a fair amount of comment spam here so it shouldn’t be too long before we know if it works better or worse than Akismet.

As always, let me know if anything looks wonky or doesn’t work.

Fucking spammers.

Some twelve or so SEB members got spammed through our mail system today by someone going by the name of “lucie” and I would like to apologize for the inconvenience. Your emails haven’t been revealed as it was done through EE’s built in mail system which doesn’t reveal it to the sender. The person who did the spamming had to send each message individually so it took some time. They started around 7:14AM and sent the last message at 10:44AM. The spam itself was a variant of the classic Nigerian scam and the account has been banned.

Again, my apologies. On the bright side this method of spamming is slow and bothersome enough (thanks to captchas among other things) that the number of people affected remains low.

Spammer sentenced to jail escapes and kills wife, daughter, and himself.

This is just a weird story all the way around. Edward “Eddie” Davidson is consider one of the “Spam Kings” and he was finally brought up on charges, convicted, and sentenced to 21 months (less than two years) in jail and ordered to pay $714,139 in restitution to the IRS (compare that to the estimated $3.5 million he earned between 2003 and 2006). Apparently that was too hard a punishment for Mr. Davidson as he managed to plan an escape with the help of his wife which then took a deadly turn:

A teenage girl was shot in the neck and a baby was found unhurt in a car seat inside the vehicle where the three bodies were found, Arapahoe County undersheriff Mark Campbell said. The relationship between the girl, baby and the escaped convict wasn’t immediately clear.

The bodies of “Spam King” Edward “Eddie” Davidson, his wife, and 3-year-old daughter were found in an SUV parked in a farmhouse driveway in a rural part of Bennett, about 25 miles east of Denver. Authorities said Davidson was the apparent gunman.

“What a nightmare, and such a coward,” U.S. Attorney Troy Eid said. “Davidson imposed the ‘death penalty’ on family members for his own crime.”

It just doesn’t make any sense at all. The jail time was trivial and it was in a minor security prison, the restitution doesn’t come close to what he supposedly earned from his spamming activities, and he reportedly had cash stashed away in other accounts. Cool your jets for a few months, get our early on good behavior, and start investing some of that cash. Why the hell did he feel the need to shoot anybody?

I guess being the Spam King makes you a little nuts.

Spammer registers SEB account and attempts to post spam entry for “molepaste.”

You really have to admire the chutzpah of some of these assholes who push craptastic products by spamming the fuck out of every webstie they can find. Someone registered an account with the user name “” and then submitted the following bit of spam:

How I removed my moles and skin tags at home with this amazing paste- award winning ingredients!!!

It’s true, I had this huge mole near my eye. I had had it for over 30 years and no signs of cancer, it was just plain BIG!  This nurse friend who stapled my ear for weight loss also told me about this molepaste (#1 natural mole and wart remover) that you can get [craptastic URL removed]

Benefits:
You can do it at home
Less expensive than a doctor’s fee
only one 20 minute application then the area gets naturally cauterized
most won’t scar
natural ingredients

To see more before and afters go to [craptastic URL removed].

You’ve gotta be a major league asshole to think you’d be allowed to post a spam entry on the front page of a blog without being called on it. Perhaps if SEB hadn’t been updated in a year or two and was more or less a dead blog I could see someone trying this sort of thing, but on a live blog? That takes being an asshole to a whole new level.

Six Apart unveils TypePad AntiSpam.

The battle against comment spam on blogs is a never ending one. The cost to value ratio to the spammers is just too good to not take advantage of so they keep coming up with ways around the various tools we have to keep the crap comments out. Captchas help a bit, but the spammers have some programs that can crack them and others just pay people to sit down and type in captchas and legit-sounding comments to get around that obstacle. Add ons such as Bad Behavior and Akismet, the latter of which we use here at SEB, help quite a bit as well.

Now the folks at Six Apart, makers of the venerable MoveableType platform as well as TypePad and VOX, have joined in the fray with a new service called TypePad AntiSpam:

Calling all bloggers! We’d like to enlist your help in making TypePad AntiSpam the best, smartest, free antispam service available. We’ve launched this beta version in an effort to make the service smarter, and we’re counting on your feedback to provide vital information on how to defeat spam more effectively.

  • Use it for free. TypePad AntiSpam beta is free for any type of use, personal and commercial, regardless of how many comments you receive.  Plugins are available for Movable Type and WordPress.
  • Help make it better. Whenever you report unwanted comments, the TypePad AntiSpam engine learns from you, so that it can make even smarter and more effective decisions about spam in the future.
  • Get back to blogging. TypePad AntiSpam beta ensures that you see the legitimate comments you want and not the invasive comments you don’t.

It sounds like it’s somewhat similar to Akismet, it’s even 100% Akismet API compatible, and they’re making it available to everyone at no charge. They only offer plugins for MT3, 4 and WordPress at the moment, but they’re looking for folks to develop plugins for other platforms. Because of the compatibility with the Akismet API, though, any platform that has an Akismet plugin should already be able to make use of TypePad Antispam as well. In theory I should be able to sign up and switch the Akismet plugin I’m using now over to TypePad and have it work.

Also interesting is the fact that Six Apart has made the core part of the TypePad Antispam application Open Source and are offering to let other folks use it to run their own antispam services:

Interested in building your own antispam service? We’ve made the application framework behind TypePad AntiSpam available under an open source license (GPL v2, to be exact).

While we aren’t sharing all of the rules and logic that we run with our implementation of the TypePad AntiSpam engine (lest we arm spammers with too much information), we are open sourcing the core engine. This allows others to build and operate their own services—even competitive services—on top of our framework. We encourage developers who make use of the system to share what they learn with others who use the code.

Time will tell if this new service will help much in reducing the amount of comment spam that makes it onto blogs, but any additional weapons in the fight are always a welcome thing. Oh, and as always, they even have a blog to keep you up to date on new develops and plugins for other platforms.

SEB Mailbag: Second take on the FBI Nigerian email scam.

Today I received a second variation on the we’re-the-FBI-trying-to-help-you-get-money-for-free email scam. It seems the FBI is a popular organization with the scammers these days. Again I have to note with some amusement that the director of the FBI uses a YahooUK email address. This one takes a much more direct, threatening, and long-winded approach:

From: “Robert S. Mueller, III” (fbioffice88@yahoo.co.uk)
Subject: FEDERAL BUREAU OF INVESTIGATION

ANTI-TERRORIST AND MONITARY CRIMES DIVISION
FBI HEADQUARTERS IN WASHINGTON, D.C.
FEDERAL BUREAU OF INVESTIGATION
J. EDGAR HOOVER BUILDING
935 PENNSYLVANIA AVENUE, NW WASHINGTON, D.C. 20535-0001
Website: http://www.fbi.gov
DATE: 03/14/2008

ATTENTION FUND BENEFICIARY,

  THIS IS AN OFFICIAL ADVICE FROM THE FBI FOREIGN REMITTANCE/TELEGRAPHIC DEPT., IT HAS COME TO OUR NOTICE THAT THE C.B.N BANK
NIGERIA DISTRICT HAS RELEASED 10,500,000.00 U.S DOLLARS INTO BANK OF AMERICA IN YOUR NAME AS THE BENEFICIARY, BY INHERITANCE MEANS.

  THE C.B.N BANK NIGERIA KNOWING FULLY WELL THAT THEY DO NOT HAVE ENOUGH FACILITIES TO EFFECT THIS PAYMENT FROM THE UNITED KINGDOM TO YOUR ACCOUNT, USED WHAT WE KNOW AS A SECRET DIPLOMATIC TRANSIT PAYMENT S.T.D.P TO PAY THIS FUND THROUGH WIRE TRANSFER,THEY USED THIS MEANS TO COMPLETE THE PAYMENT.

  THEY ARE STILL, WAITING FOR CONFIRMATION FROM YOU ON THE ALREADY TRANSFERRED FUNDS WHICH WAS MADE IN DIRECT TRANSFER SO THAT THEY CAN DO FINAL CREDITING TO YOUR ACCOUNT. SECRET DIPLOMATIC PAYMENTS ARE NOT MADE UNLESS THE FUNDS ARE RELATED TO TERRORIST ACTIVITIES WHY MUST YOUR PAYMENT BE MADE IN SECRET TRANSFER , IF YOUR TRANSACTION IS LEGITIMATE,IF YOU ARE NOT A TERRORIST, THEN WHY DID YOU NOT RECEIVE THE MONEY DIRECTLY INTO YOUR ACCOUNT,THIS IS A PURE CODED ,MEANS OF PAYMENT?

  RECORDS WHICH WE HAVE HAD WITH THIS METHOD OF PAYMENT IN THE PAST HAS ALWAYS BEEN RELATED TO TERRORIST ACTS, WE DO NOT WANT YOU TO GET INTO TROUBLE AS SOON AS THESE FUNDS REFLECT IN YOUR ACCOUNT IN THE U.S.A, SO IT IS OUR DUTY AS A WORD WIDE COMMISSION TO CORRECT THIS LITTLE PROBLEM BEFORE THIS FUND WILL BE CREDITED INTO YOUR PERSONAL ACCOUNT.

    DUE TO THE INCREASED DIFFICULTY AND UNNECESSARY SCRUTINY BY THE AMERICAN AUTHORITIES WHEN FUNDS COME FROM OUTSIDE OF EUROPE, AND THE MIDDLE EAST, THE F.B.I BANK COMMISSION FOR EUROPE HAS STOPPED THE TRANSFER ON ITS WAY TO DELIVER PAYMENT OF $10,500,000.00 TO DEBIT YOUR RESERVE ACCOUNT AND PAY YOU THROUGH A SECURED DIPLOMATIC TRANSIT ACCOUNT (S.D.T.A). WE GOVERN AND OVERSEES FUNDS TRANSFER FOR THE WORLD BANK AND THE REST OF THE WORLD.

    WE ADVICE YOU CONTACT US IMMEDIATELY,AS THE FUNDS HAVE BEEN STOPPED AND ARE BEING HELD IN OUR CUSTODY ,UNTIL YOU CAN BE ABLE TO PROVIDE US WITH A DIPLOMATIC IMMUNITY SEAL OF TRANSFER(DIST) WITHING 3 DAYS FROM THE WORLD LOCAL BANK THAT AUTHORIZE THE TRANSFER FROM WHERE THE FUNDS WAS TRANSFERRED FROM TO CERTIFY THAT THE FUNDS THAT YOU ARE ABOUT TO RECEIVE FROM NIGERIA ARE ANTITERRORIST/DRUG FREE OR WE SHALL HAVE CAUSE TO CROSS AND IMPOUND THE PAYMENT,WE SHALL RELEASE THE FUNDS IMMEEDIATELY WE RECEIVE THIS LEGAL DOCUMENTS .
————————————————————————————————————————
  We have decided to contact you directly to acquire the proper verifications and proof from you to show that you are the rightful person to receive this fund, because of the amount involve,we want to make sure is a clean and legal money you are about to receive. Be informed that the fund are now in United State in your name , but right now we have ask the bank not to release the fund to anybody that comes to them , unless we ask them to do so, because we have to carry out our investigations first before releasing the fund to you. Note that the fund is in the BANK OF AMERICA right now, but we have ask them not to credit the fund to you yet, because we need a solid proof and verifications from you before releasing the funds.

  So to this regards you are to re-assure and proof to us that what you are about to receive is a clean money by sending to us FBI Identification Record and also Diplomatic Immunity Seal Of Transfer(DIST) to satisfy to us that the money your about to receive is legitimate and real money. You are to forward the documents to us immediately if you have it in your possession, if you don?t have it let us know so that we will direct and inform you where to obtain the document and send to us so that we will ask the bank holding the funds the Bank Of America to go ahead Crediting your account immediately.

  This Documents are to be issued to you from the World Local Bank that Authorized the transfer, so get back to us immediately if you don?t have the document so that we will inform you the particular place to obtain the document in United Kingdom U.K, because we have come to realize that the fund was Authorized by H.S.B.C Bank in London.

  An FBI Identification Record and Diplomatic Immunity Seal Of Transfer(DIST) often referred to as a Criminal History Record or Rap Sheet, is a listing of certain information taken from fingerprint submissions retained by the FBI in connection with arrests and, in some instances, federal employment, naturalization, or military service.

THESE CONDITION IS VALID UNTIL 18TH OF MARCH 2008 AFTER WE SHALL TAKE ACTIONS ON CANCELLING THE PAYMENT AND THEN CHARGE YOU FOR ILLEGALLY MOVING FUNDS OUT OF NIGERIA .

GURANTEE: FUNDS WILL BE RELEASED ON CONFIRMATION OF THE DOCUMENT.

————————————————————————————————————————————
FINAL INSTRUCTION:

60F CREDIT PAYMENT INSTRUCTION: IRREVOCABLE CREDIT GUARANTEE
61E BENEFICIARY HAS FULL POWER WHEN VALIDATION IS CLEARED
62 BENNEFICIARIES BANK IN U.S.A., CAN ONLY RELEASE FUNDS-
62 UPON CONFIRMATION FROM THE WORLD BANK/UNITED NATIONS.
64 BEARERS MUST CLEAR BANK PROTOCOL AND VALIDATION REQUEST
————————————————————————————————————————————————————————-

NOTE: We have asked for the above documents to make available the most complete and up-to date records possible for the enhancement of public safety, welfare and security of Society while recognizing the importance of individual privacy rights.. If you fail to provide the Documents to us, we will charge you with the FBI and take our proper action against you for not proofing to us the legitimate of the fund you are about to receive.

The United States Department of Justice Order 556-73 establishes rules and regulations for the subject of an FBI Identification Record to obtain a copy of his or her own Record for review. The FBI Criminal Justice Information Services (CJIS) Division processes these requests to check illegal activities in U.S.A.

  An individual may request a copy of his or her own FBI Identification Record for personal review or to challenge information on the Record. Other reasons an individual may request a copy of his or her own Identification Record may include international adoption or to satisfy a requirement to live or work in a foreign country or receive funds from another country (i.e., Diplomatic Immunity Seal Of Transfer, letter of good conduct, criminal history background, etc.)

                              FBI Director
                          Robert S. Mueller, III

That’s some funny shit right there. Still I have to wonder how many people fall for it. Probably more than I’d think.

SEB Mailbag: Interesting twist on the old Nigerian Email Scam.

The two email addresses I have through my websites, one associated with the SEB domain and one with Jenkins Online, attract a lot of spam and scam email every day. The ubiquitous Nigerian scam in all it’s myriad forms shows up almost daily and often on both email accounts within moments of each other, but today I got a new one I’ve never seen before. It purports to be from the FBI offering to help me to secure my inheritance from someone somewhere in Africa:

From: “FBI” (jschening@fulbright.com)
Subject: INHERITANCE CLAIM ADVICE FROM FBI

FEDERAL BUREAU OF INVESTIGATION FBI. WASHINGTON DC.

FBI SEEKING TO WIRETAP INTERNET

Dear Beneficiary,

During our recent investigations we found out that your inheritance transaction which originated from African is real and we advice that you go ahead by providing us with the required information so that we can work between you and Africa to make sure that as an American citizen that your entitlement is released to you without further delay.

Why we must be involved directly is that since the transaction is real, we must not allow the fraudulent activities of the African officials to affect you, so we are going to monitor all the procedures to the end and we will always advice you accordingly as we will not allow you to deal with the African offices directly. Every information that they need to pass across to you must be first received by the FBI before reaching you. This is to make sure that you do not loose a dollar carelessly.
You have to stop further dealings with any other office outside our office.

Fund Release Application Form

Reconfirm Your Information:
Name: ______________________________________________________________________

Marital Status: ____________________________________________________

Occupation: ______________________________________________________

MailingAddress: _________________________________________________________
___________________________

City: ________________________________________State:
______________________________Zip: ____________

Phone: __________________________Fax: ____________________________

Email:________________________________

Cell Phone: __________________________

By providing these information means that you have agreed to meet up all the required obligations as will be directed by the FBI concerning your fund transfer.

Long live America, long live her citizens.

ROBERT MUELLER

EXECUTIVE DIRECTOR FBI

Aside from the simple fact that the email address associated with this email doesn’t even come from a known FBI domain name — which would most likely be fbi.gov — the fact that whoever wrote it has a shaky grasp of English grammar is probably a big warning flag that this isn’t legit.

What I found fascinating is how it appears they’re trying to hustle someone else’s hustle. Consider that it assumes you’ve already received an email claiming you’re due an inheritance from someone in Africa and here the FBI is now telling you it’s not a scam at all, but you must let the FBI handle the transaction for you. In short they’re trying to steal someone else’s scam by convincing you to deal with them instead of the original scammers.

The actual routine will be the same. They’ll try to weasel as much personal information out of you that they can perhaps in hopes of getting hold of a bank account number or credit card or some other means of stealing your ID and, failing at that, they’ll tell you to send them money to cover various legal costs involved in getting the transaction completed and they’ll milk you for as long as they can.

Some of you people out there will actually be stupid enough to fall for it too because you lack the critical thinking skills that should have red flags popping up all over the landscape as soon as you saw the email.

Comment spam on the rise.

We’ve been getting hit with more comment spam than usual lately. A good chunk of it appears to be people actually taking the time to type in the captcha by hand, but there appears to be at least one automated system that’s bypassing the captcha. So I’ve gone ahead and re-installed the Bad Behavior plugin for EE in hopes of cutting it down a bit. I had stopped using BB because it in combination with Akismet was contributing to so lengthy comment posting times and getting in the way of some folks successfully leaving a comment.

Let me know if things get wonky and I’ll look into alternative solutions. As much as I’d hate to do it I’m considering just making registration mandatory at this point as it would make banning the spammers much more manageable. It seems the vast majority of comments we’re getting these days is from regulars anyway so it’s not like it’d be a big loss. There’s also at least one other captcha variant plugin available for EE that I saw a few days ago that might prove useful. I’ll have to see if I can track it down again.

Update: Looks like the Bad Behavior plugin doesn’t like AOL IP addresses so I’ve turned it back off for now. Will have to look into other options.