Message Board

Tracking Harvesters/Spammers

Older Posts ]   [ Newer Posts ]
 Reporting comment Spammers
Author: H.User1325   (8 Oct 10 2:56pm)
Let me try again.
How do I report what appears to be 'comment' spammers? I am not running a blog, BB or forum where most comment spammers appear. But associated with part of my domain I do have a form requesting comments.

Until lately the spam has not been an issue. However, on 4 Oct they left 4 spam, 2 on the 6th and 2 more today, the 8th. Its getting to be a pain.

The only option I see is making a comment about the IP used to leave the comment/spam. Somewhere I found some guidance about leaving a comment when I identify a spammer's IP. What information would be helpful when commenting on the IP that is the source of comment spam?

We of course have links to my honeyPots and quicklinks peppered throughout the pages on my domain. This is different. Someone(?) is taking the time to fill in "First name", "Last Name", "email address" and a "comment" then pressing "Send."

In my stats I see "Comment spam posts to your site(s): 0." I find the "0" irritating. How do I change it?
 Re: Reporting comment Spammers
Author: H.User1325   (10 Oct 10 10:24am)
With 2 more on the 9th, all 10 IPs show up as comment spammers. The contribution today, the 10th, is:

email =
name1 = eqdkddghy
surname = eqdkddghy
comment = 9TfjFs <a href="">bisjhrvvgifs</a>, zgtbzzdyrdpo, [link=]jlzrhsecsuvf[/link],

Not sure which parts of the comment amount to:

noted on other reports.
 Re: Reporting comment Spammers
Author: A.E4   (27 Nov 10 10:06pm)
Only spammers who fall into honeypots will be counted. Some spam will always get by if they ignore the honeypot and go for your form and fill that out. Some spam is done by humans and some by robot programs such as Xrumer.

I read this yesterday but now don't know the link .. it was good info tho.

It said something along the lines of:

One type of spammer will be a spam bot spamming random links and not knowing which form to put what into unless it is the typical name first, then email, then website and then comment.

Another type it where a human being goes and checks out the questions and makes a template for another set of spammers to spam without ever actually going to your site but just sending their robot programs to do all the work. They just put in the data where it goes and off it goes to your form.

Another type is a human who at first will test imputting random stuff (words that make no sense and seem to be complete gibberish in any language) just to test your security or see if the form is not moderated and if they can get away with spamming and have it not cleaned up (a lot of forum have been abandoned and these are the ones that they end up selling the links to spam lists for other spammers to buy off them).

Sounds like you might have a human spamming gibberish to test your security so keep on it. If you can, up your security. Research what kind of software or code your form uses and see if you can implement some kind of ant-spam security into it.
 Re: Reporting comment Spammers
Author: H.User3345   (3 Dec 10 12:27am)
An interesting reply, thanks for that. On one of my sites - joomla powered, I have a guestbook. It is moderated and protected by captcha. Over the last couple of weeks or so I have received a lot of spam on it which, of course, I have deleted before it could appear on site.

The puzzle has been, it appears to be written by a human, because of the captcha, but has all the characteristics of bot spam - varying IPs random message body based on variations of names of different meds, random usernames etc.

I assumed that it was a bot with some clever way of bypassing captcha. I'm getting about 20 or so a day, they take just minutes to delete, but I would love to find some way of trapping them for project honeypot.
 Re: Reporting comment Spammers
Author: F.Collingwood2   (6 Dec 10 1:47pm)
The problem is that the for comment spam, the honeypot takes all or nothing approach.

What I mean by this is follows:

1. The harvesting bots scrape your blog/gallery/whatever, looking for comment submission forms.
2. They then save the URL for use with a spam bot
3. They spam the crap out of your forum/gallery/whatever.

If you are like me, and you have tweaked your blog/gallery/installation to trap spam, and process it differently to legit comments, you're screwed. Here's why:

1. The spam bots don't follow redirects. So if your form handler detects incoming spam and redirects it to the honeypot script, nothing happens.
2. If you use the honeypot script as the form handler, ALL comments get submitted as spam, as you're not allowed to alter the script in any way.

So there's no real way to make sure the spammers spamming the crap out of your blog/gallery/whatever go to the honeypot, while legit comments get through

There's some way to go before the honeypot is useful as a tool to submit comment spam
 Re: Reporting comment Spammers
Author: H.User1325   (6 Dec 10 7:52pm)
Interesting, except something must have been overlooked because some users report a number >0 "Comment spam posts to your site(s):" and/or "Comment Spammers You've Helped Catch"

Oh well.
 Re: Reporting comment Spammers
Author: F.Collingwood2   (8 Dec 10 8:25pm)
OK, well I added the honeypot script name in an HTML comment (Making it look like a real submission form), and munged the REAL comment submission form tags using javascript.

Nett effect is that the bots pick up the honeypot script name, and happily submit comment spam using it, while legit (Human) posters submissions are handled by the genuine comment submision script.


Even though Project Honeypot SHOULD now be getting lots of comment spam submisions from the honeypot script, judging by my server logs, I see the following on my stats page:

Comment spam posts to your site(s): 0.

The Project Honeypot backend is obviously unable to understand Coppermine comment submisions, so I'm thinking of dumping it and going with a bunch called "Stop Forum Spam". Having a look at the Honeypot script, it does submit all of the POST vars it's invoked with, so the problem is not my side........
 Re: Reporting comment Spammers
Author: D.Sprague   (23 Dec 10 12:00pm)
we're running an old phpbb2 forum that has been heavily modified to deal with most bot registrations - and we seem to be on a list somewhere. we see 60 plus registrations in a 24 hour period. you can see the results at
 Re: Reporting comment Spammers
Author: A.Support9   (11 Apr 11 1:24am)
You may want to consider the HP Host script to protect online forms, forums and other facilities. While ProjectHoneypot is great for trapping bots that follow redirects, other DNSBL's actually allow manual submission of spam incidents. Depending on your requirements, you can decide which DNSBL's to query with the script before allowing a visitor access to your online form and if a reCaptcha is required during submission.

The HP Hosts Script also query ProjectHoneypot. See example at

The script can be integrated with most forums, blogs, cms, etc and presumably in Coppermine as well.


PS: Please continue using your honeypot and keep on increasing your spamtraps at all your your facilities. The bigger the honeypot "dragnet", the better.
 Re: Reporting comment Spammers
Author: G.Jennings   (21 Apr 13 9:40am)
> 1. The spam bots don't follow redirects.

My logs show that some do.
 Re: Reporting comment Spammers
Author: R.Minter   (11 Dec 13 11:30am)
I also would like to submit a list of hacker IP's I have been collecting, both comment spammers and dictionary attackers. I have a couple thousand I can add to your list. I'm happy to discuss with anyone how I collect them, so you'll know they are really hackers.

I need like a bulk upload tool. I can upload the IP address, when they attacked, how many times, content of comments if you like. Usernames they used to try to log into servers, etc.
 Re: Reporting comment Spammers
Author: J.Guiya   (9 Apr 14 12:22am);u=246329;u=246329;u=143417;u=246329
 Re: Reporting comment Spammers
Author: K.Morse   (10 May 14 8:30pm)
I'm in the same boat as R Minter.

I have dozens of comment spammers IP addresses but no way of reporting them.
 Re: Reporting comment Spammers
Author: L.ROCHE2   (22 Jul 14 3:02am)
More people on the boat !

I, too, would like to report comment spammers IP addresses (like R Minter & K.Morse and like people on another thread -

Let us know how we could do this !
 Re: Reporting comment Spammers
Author: H.User1325   (22 Jul 14 9:04am)
Go back and read the third post in this thread by A.E4

"Only spammers who fall into honeypots will be counted. Some spam will always get by if they ignore the honeypot and go for your form and fill that out. Some spam is done by humans and some by robot programs such as Xrumer. "

There are many tools on the net dealing with spam. Each tool has a different focus, for example the ones I use are:

1. Project Honey Pot - focuses on email harvesters, validated by the chain of events starting with one of their honey pots, hosted on supporter's domains and linked to from supporter's webpages.

2. Stop Forum Spam - who deal only with comment spam, reported only by forums that use double opt-in email and supported by spammy post or sig (signatures).

3. SpamCop - and (their user-to-user support forum) Their focus is on maintaining a dynamic Black List of current email spammers and notifying up stream providers. Secondarily, they deal with the links in reported spam. In addition to user spam reports they also used honey pot email addresses.

4. KnujOn - (yes that is No Junk backwards.) There objective is to "follow the money." The opposed of SpamCop, KnujOn's primary interest is the links advertised in the spam and they don't deal with the source of the spam at all. Where as the first three above have block list to help stop spam from getting to your inbox or forum, KnujOn deals with ICANN to get the drug/porn/phishing/etc domains off the internet. Their thought being if there is no money to be made the spam will stop. KnujOn accepts any and all spam for users.

I report all comment spam received at the forums I manage to 2 and 4 above.

 Re: Reporting comment Spammers
Author: L.ROCHE2   (23 Jul 14 2:07pm)
Ok, then.
I did read that.
I am blacklisting the ones going through anyway, and maintaining a list. I just thought other users could benefit from my list, like R. Minter & K.Morse and other people.

No worries. Thanks for that great project.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–17, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email