TFBW

Apparently I picked a ripe moment to start hosting a forum. Forum spam has been a problem for quite a while, but it seems to have hit a new pitch this month. Perhaps the automated spamming tools with imaginative names like “Forum Poster” have hit the mainstream. These generate a maximum amount of damage (in the euphemistic name of “search engine optimisation”) with a minimum amount of user interaction.

Fortunately I’ve managed to fend off the spam for now. After one or two attempts with limited success, I’ve found an approach which neutralises the bot-generated spam without noticably impacting normal operation. I’m using phpBB, but this technique isn’t specific to that software.

The technique involves adding one line of Javascript to the main template for the forum, and a couple of lines of Apache “.htaccess” configuration (or equivalent). The one line of Javascript sets a session cookie. It doesn’t really matter what the cookie is called or what value it holds: make something up. The Javascript code looks like the following.

document.cookie = 'foo=bar;PATH=/';

In this particular case, a cookie named ‘foo’ obtains the value ‘bar’. Next, create or modify the “.htaccess” file for the forum (assuming that it’s served by Apache) to deny POST operations except where this cookie is present. The configuration might look like the following.

SetEnvIf Request_Method "^POST$" posting
SetEnvIf Cookie "foo=bar" javascript
Order Deny,Allow
Deny from env=posting
Allow from env=javascript


If a client attempts to POST anything to the server (as it would in leaving a message or creating a user account), it will receive a “403 Access Denied” response unless the appropriate cookie is set. This should filter out anything that lacks Javascript support, including the forum posting spamware (at this point in time). If the technique becomes widespread, the arms race will progress, and the spamware authors will adjust accordingly. Such is life. It’s an excellent measure to take right at the moment, however.

While I’m on the subject of forum spam, I’d like to blow a big raspberry in the direction of “TOT Corporation” in Thailand for the netblock 203.113.13.0/24, and “Telefonica de Espana” in Spain for the netblock 80.58.205.0/24. Several addresses in these ranges are, at this time, using (or proxying) forum spamming software which is blocked by my filter. Given that they hit my forum on the order of ten times a day, I hate to think how much crap they generate on a global scale. A quick Google search for “203.113.13.” shows it to be a notorious source of Wiki and guestbook spam as well.

Food for misanthropy.

Further updates on this subject can be found in a dedicated thread in the forum itself. There you can see what abuse has occurred since inventing this technique, and what additional measures have been necessary. Also, you can comment there. Guest posting is enabled.

Do a Google search for “Domain Registry of America”, and the top listing is likely to be the company of that name. The rest consist primarily of people complaining about them: accusing them of being scammers, slammers, crooks, and other similar terms of disapproval. I don’t have anything nice to say about them either.

I’d refrain from saying anything at all if it weren’t for the fact that I too am on their hit-list of people to con. Like many other domain name registrants, I get snail-mail from DRoA to notify me that my domain name is going to expire soon. Like most of those others, I have no business dealings with DRoA at all. Their “Domain Name Expiration Notice” is junk mail dressed up to look like something important and official.

No doubt their manifest lack of business ethics has been profitable, even if it has gained them an ill reputation and made them the target of court action from time to time. It’s easy to see how a person unschooled in the ins and outs of domain name registration could form the mistaken belief that this “notice” was somehow official, and had the force of an invoice rather than a solicitation. No rational actor would buy DRoA’s overpriced services if they were properly informed of the facts and the abundance of cheaper registrars.

But it’s not just their disingenuous advertising methods and inflated prices that make me think ill of them. The stereotypical “fine print” on the back of this junk-impersonating-a-notice contains such unconscionable gems as the following condition relating to transfer of a domain away from DRoA to another registrar.

You… agree to pay any and all fees that may be charged by DRoA to effect the transfer.

What a nice little poison pill that is. If you figure out that you’ve been had, and that you don’t need to keep paying DRoA’s high prices, they can sting you on your way out the door with a fee of unspecified magnitude.

Domain Registry of America is a company rank with misdirection. If all the above doesn’t demonstrate the substance of that assertion, then consider the letterhead on this “Domain Name Expiration Notice”, which incorporates part of the US flag. DRoA is based in Ontario, Canada. And ultimately they are not even an ICANN-accredited registrar, let alone a registry.

“Domain Registry of America?” Bah! Humbug!