azurelunatic: Cartoon woman with wild blue hair, glasses, black lipstick, and fanged grin.  (Azzgrin)
[personal profile] azurelunatic
FTC Shuts Down Notorious Rogue Internet Service Provider, 3FN Service Specializes in Hosting Spam-Spewing Botnets, Phishing Web sites, Child Pornography, and Other Illegal, Malicious Web Content
A rogue Internet Service Provider that recruits, knowingly hosts, and actively participates in the distribution of spam, child pornography, and other harmful electronic content has been shut down by a district court judge at the request of the Federal Trade Commission. The ISP’s upstream providers and data centers have disconnected its servers from the Internet.

According to the FTC, the defendant, Pricewert LLC, which does business under a variety of names including 3FN and APS Telecom, actively recruits and colludes with criminals seeking to distribute illegal, malicious, and harmful electronic content including child pornography, spyware, viruses, trojan horses, phishing, botnet command and control servers, and pornography featuring violence, bestiality, and incest. The FTC alleges that the defendant advertised its services in the darkest corners of the Internet, including a forum established to facilitate communication between criminals.

The complaint alleges that Pricewert actively shielded its criminal clientele by either ignoring take-down requests issued by the online security community, or shifting its criminal elements to other Internet protocol addresses it controlled to evade detection.

Thank you, US Federal Trade Commission!
azurelunatic: cameo-like portrait of <user name="azurelunatic"> in short blue hair.  (_support)
[personal profile] azurelunatic
There are three major tools Dreamwidth offers to help you protect your account from spammers: comment access, comment CAPTCHAs, and comment screening. These can be set individually, in any combination you like.

Visit the My Account Settings: Privacy page, and take a look at your comment options. (To set options for a community of which you are an administrator, pick the community name from the 'Work as account:' menu, then click the 'Switch' button.)

These options cover a number of groups of users: Everybody/anonymous users, registered accounts, your Access List, and nobody. (When working as a community, the Access List applies to the community's members.) These options do not treat the people that you are subscribed to but have not added to your Access List separately, nor any custom access groups.

You control the members of your Access List. As a general best practice, if you know a Dreamwidth user to be a spammer, you should not add them to your Access List.

Registered Dreamwidth users are not typically sources of spam. As Dreamwidth uses invite codes to create free accounts, this means a would-be spammer who wants to register a Dreamwidth account must either request an invite code from another party, or pay to create an account. Neither of these options are particularly attractive from a spammer perspective. (If you learn that another Dreamwidth user is a spammer, please do take action. If they have left you a spam comment or a spam entry in your community, select the option to report it as spam and delete it. If they have not spammed you, but you can establish that they are behaving in a way that is against the Terms of Service, contact Abuse.)

Logged-in OpenID users (such as LiveJournal or InsaneJournal users) who have logged in and set and confirmed an email address are classified with registered accounts. (OpenID accounts cannot join communities at this time.)

OpenID users who have not confirmed an email address are currently classified with anonymous users. However, Dreamwidth plans to change this behavior in the future.

Anonymous users include your friend whose browser ate their cookies again, a well-meaning user who does not want to take credit for a good deed, a well-meaning user who does not want to be associated with the information they have just shared, friends from other sites who haven't got their OpenID accounts working quite right, friends and/or relatives who haven't gotten into the whole blog concept, anonymous users without accounts, spammer-controlled zombie computers posing as legitimate anonymous users, and that person you banned (along with several of their friends).


Why does Dreamwidth allow anonymous commenting at all, when it can be abused so easily? Why not make all anonymous users solve CAPTCHAs?

Some people, particularly people with visual disabilities and people who use screen readers or other browsers that do not load images, have difficulty with CAPTCHAs. Anonymous commenting is useful because it has so many legitimate applications. Some people can't get or just don't want accounts. Some information wants to be free, and some of that information really shouldn't be associated with any kind of identity. Some games are more fun when played anonymously.

However, you personally may or may not have a reason to want anonymous commenting in your journal or community. If you are having anonymous spam problems, review whether you can use a CAPTCHA or screening to reduce or hide spam, whether you can leave anonymous commenting turned on for only short periods of time, or whether you actually need anonymous commenting turned on at all.


Enable Comments settings:


Nobody: This disables comments completely, and hides all old comments. This is not typically used to control spam.

Access List: Only people on your Access List are allowed to comment.

Registered accounts: Allowing registered accounts to comment is unlikely to allow actual spam.

Everybody: This allows anonymous comments (only to public posts).




Anti-Spam (CAPTCHA) settings:


Dreamwidth allows you to display a CAPTCHA to people leaving comments. This is in addition to any site-wide reasons that a user or IP address might be given a CAPTCHA, for example, if they are commenting very rapidly or if spam has been associated with the IP address in the past. (This setting is separate from the Enable Comments settings, so you are not stopped from selecting a silly combination like no one allowed to comment but everyone given a CAPTCHA, even though it will mean that no one is allowed to even try to comment at all.)

Keep in mind that CAPTCHAs may also be difficult for genuine users with accessibility issues to decipher, particularly people with visual disabilities, and people using screen readers or browsers that do not display images. If you know that your journal is read by these people, think carefully about whether you need to enable CAPTCHAs or not, and for whom.

Nobody: No one will be displayed a CAPTCHA on your journal, unless there are site-wide reasons to do so.

Anonymous commenters: When this level is selected (and when anonymous commenters are allowed to comment), all anonymous commenters will be displayed a CAPTCHA, but allowed to comment if they pass the CAPTCHA successfully. All other users will be able to comment normally.

People not on your Access List: When this level is selected (when people not on your Access List are allowed to comment), any anonymous commenters (if allowed) and any registered user commenters who are not on your Access List will be displayed a CAPTCHA, and people who are on your Access List will be able to comment normally.

All commenters: Everybody gets a CAPTCHA, including people on your Access List.



Comment Screening:


Comment Screening allows you to make potential spam less of a problem for your visitors by reviewing comments before they are visible to others. Once you have reviewed the comment and confirmed that it is not spam, you can unscreen it so your visitors can see it as well. (Note: you must delete spam in order to report it.)

All comments: This includes people in your access list. (This level is often useful for things besides anti-spam precautions.)

Comments from people not on your Access List: Again, the risk of spam from registered accounts is low; this level is often useful for dealing with potential harassment, rather than anti-spam. (Anonymous comments will also be screened.)

Anonymous comments: Legitimate anonymous comments will not be seen until you have unscreened them. Anonymous spam comments will not be seen, and you can delete and report them.



Questions? Comments? Ask away!

You may also want to check out the FAQ or contact Support, depending on what you want to know.
azurelunatic: A glittery black pin badge with a blue holographic star in the middle. (Default)
[personal profile] azurelunatic
Found via Slashdot, the Washington Post has an article, The Scrap Value of a Hacked PC, which examines a number of malicious uses that your home computer can be put to if someone compromises it.

The malicious uses include being used as a zombie machine to spam websites (including comment spam to places such as Dreamwidth), and being used to solve CAPTCHAs.

So, while it's a very far outside chance that a virus on your computer personally could be leaving spam comments in your journal, keeping your computer and software updated, keeping a firewall between you and the internet (your router may already have one), keeping an antivirus program on your computer, and practicing safe browsing habits and avoiding phishing scams can help keep the internet a less-spammed place.

Snopes has useful information from telling good computer security advice from computer security myths.
invisionary: "When I give food to the poor, they call me a saint.  When I ask why the poor have no food they call me a communist." (Default)
[personal profile] invisionary
Welcome to [site community profile] dw_antispam!

This community is open only to members of the spamfighting team. Please see the community profile for more information about the team, fighting spam, and joining us.

If you are looking to make a spam report, use the "Delete and Mark As Spam" function on the offending post or comment. We will get it immediately and be able to take prompt action - contacting members of the team or posting for assistance here will not get results.

If you are looking to report other forms of abuse or need support for other parts of Dreamwidth, please visit http://www.dreamwidth.org/support/ .

If you are currently a member of this community but not set up with appropriate privs to work or are not on IRC, please contact me or [personal profile] azurelunatic so we can get you set up. In the next week or two we'll be doing some housekeeping of the community.
azurelunatic: (_modhat)
[personal profile] azurelunatic
This community is for organizing and coordinating the Dreamwidth Anti-Spam effort.


State of the Anti-Spam

Right now, Dreamwidth is getting a scattering of anonymous comment spammers. If you get one, please delete its comment and mark it as spam when deleting it. This will make it and its IP address show up in the spam queue, so when it tries to spam again it will be caught.

Spam volume is very low, now that the initial backlog has been cleared, so there is no massive call-out for volunteers.

The Handling Spam Reports wiki page has more information on the process.