Re: [IUG] spam in the suggestion box

["Sue E Boggs" <boggs at ups dot edu>]

Interestingly enough, there wasn't any today. We are a turnkey site so I don’t have access to the root directory. How are you able to see which IP's are the source of your suggestion box? I can go into the non-local access attempts allowed to see which IP's logged in around the time of the suggestion but that is the best I can do.

Sue

Sue Boggs
Cataloging & Library Technician
Technical Services
Library
University of Puget Sound
1500 N. Warner St. #1021
Tacoma, WA 98416-1021
(253) 879-2667
boggs at ups dot edu
 
 > -----Original Message-----
> From: innopac-bounces at innopacusers dot org [mailto:innopac-
> bounces at innopacusers dot org] On Behalf Of Cherry, Ed
> Sent: Saturday, May 10, 2008 10:20 AM
> To: IUG INNOPAC List
> Subject: Re: [IUG] spam in the suggestion box
> 
> Sue,
> 
> You are seeing comment form spam being sent by a robot through many routes.  If
> you check, I'd guess that the sources of your suggestion box spam are
> anonymizers/open proxies.
> 
> I keep a log of the IP addresses which generate my comment form spam, and block
> them if they appear too often.  A simple stanza that looks like this at the top
> of .htaccess in your web server's root directory will stop them in their tracks:
> 
> Order Allow,Deny
> Allow from all
> Deny from xxx.xxx.xxx.xxx
> 
> I block these anonymizers because I also see attempts to crack passwords on my
> ezproxy server from these same IP addresses.
> 
> I also watch to see if any robot/crawler activity which ignores my robots.txt file, and
> block them as well.
> 
> _____________________
> Ed Cherry
> Systems Librarian
> Samford University Library
> Birmingham, AL 35229
> Phone: 205-726-2506
> Fax: 205-726-4056
> 
>  Please consider the environment before printing this.
> 
> 
> 
> 
> -----Original Message-----
> From: innopac-bounces at innopacusers dot org [mailto:innopac-
> bounces at innopacusers dot org] On Behalf Of Sue E Boggs
> Sent: Friday, May 09, 2008 10:50 AM
> To: IUG INNOPAC List
> Subject: [IUG] spam in the suggestion box
> 
> Hi,
> 
> 
> 
> I'm curious if anyone else has been getting something like this. I check
> the suggestion box via character based every day after initializing the
> backup tape and for the past month every day there has been what I've
> taken to calling "Haiku spam" (actually I did some research and realize
> it is more properly termed sestet spam). Here was yesterdays:
> 
> 
> 
> 001 02:25PM 05-07-08 Terminal 800
> 
>      MobiDick
> 
>      YbdmjAoAupdy
> 
>      uSXHTmFMVGCJbjUnGK
> 
>      tkusuDyDHvjBnnm
> 
>      mwEvtrWerzTiZpRkWJo
> 
>      MobiDick
> 
> 
> 
> It always has the same word (different each day) as the first and last
> line and four lines of nonsense in between. It is too regular to be
> random, it seems to me. I've checked the non-local access attempts
> allowed for around the time period of the message and haven't seen a
> consistent IP it is coming from. It also isn't consistent in time. It
> has run the gambit from early morning to late at night. It isn't filling
> up the suggestion box or anything (if it wasn't for this we'd never get
> a suggestion) but it is getting a bit annoying to have to remove
> everyday.
> 
> 
> 
> Sue
> 
> 
> 
> Sue Boggs
> Cataloging & Library Technician
> Technical Services
> Library
> University of Puget Sound
> 1500 N. Warner St. #1021
> Tacoma, WA 98416-1021
> 
> (253) 879-2667
> boggs at ups dot edu
> 
> 
> 
> 
> 
> 
> 
> 
> 
> --- StripMime Report -- processed MIME parts ---
> multipart/alternative
>   text/plain (text body -- kept)
>   text/html
> ---
> --
> This message was distributed through the Innovative Users Group INNOPAC list
> Public replies:  INNOPAC at innopacusers dot org
> Update your subscription options: http://innopacusers.org/mailman/listinfo/innopac
> 
> --
> This message was distributed through the Innovative Users Group INNOPAC list
> Public replies:  INNOPAC at innopacusers dot org
> Update your subscription options: http://innopacusers.org/mailman/listinfo/innopac