[pmwiki-users] sample blocklist for blocklist2

[Neil Herber]

At 2005-08-11  08:26 AM -0700, Dr Fred C is rumored to have said:
>For the truly paranoid/concerned, eventually there may be a need to 
>provide blocklists to be encrypted.  This is because, it seems to me that 
>as time passes, some on the block list may figure out how to search google 
>for blocklists with their name/id on it and then create workarounds...

I don't like providing any help or clues to spammers, but I don't see a 
need to encrypt the blocklist.

If the blocklist includes an IP address or range, the spammer can not do 
too much to get around it.
1) If they are at an internet cafe, they could move to another one with a 
different IP range.
2) If they are piggybacking on an open wireless connection, the need to 
move to a different network.
3) If they are logged on from home or work through an ISP that issues 
static or dynamic IPs, they can't do too much to control the IP number. 
Many high speed services will reissue the same IP each time the user connects.

If the block list includes a URL fragment, they need to get a new domain. 
For example, the recent pmwiki.org spammer used this string:
[[ http://www.ultram.joy.by/ ultram ]] [[ http://www.buy-viagra.joy.by/ buy 
viagra ]] [[ http://www.viagra.joy.by/ viagra ]]

The common item there is "joy.by" and by putting that in the blocklist you 
defeat all variations of the subdomain.

The least effective block is for particular words, such as "viagra" which 
can be refashioned by the spammer in endless ways and still be human 
readable. But if the post has been blocked because of the link URL, it 
doesn't matter how they spell "v1agra".

On my wikis I block entire IP ranges and URL fragments. I don't bother too 
much about individual words, other than those that are common swear words, 
and I only include them to prevent foul language posts.


Neil

Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668