Comment spam is a pest. This site, running 4 different installations of WordPress, is protected by Aksimet, which daily catches a few hundred automated spam comments. I just couldn’t make do without that kind of protection. Now, project Honeypot, otherwhise known for their somewhat unorthodox ways of tracking IP-addresses involved in classic mail spam, has decided to take action against blog comment spammers as well.

Conventional wisdom about comment spammers is that they are from China, Russia and Korea, but on Project Honeypot’s stats over recently caught spambot IP addresses (as shown on the right), I see more IP addresses located in the US. But then again, conventional wisdom is seldom completely wrong. USA tops the list of active comment spammer IP’s, but closely followed by Korea, Russia, Japan and China. All according to Project Honeypot’s main stats.

Today I received the following mail from them, and I think it sounds excellent. This page already has a few of my very first Quicklinks. Hidden to human users, but quite visible to comment spam bots.

Dear Nikke Lindqvist:

Tuesday is day two of the Five Days of Project Honey Pot Announcements.
Yesterday we announced QuickLinks which allow even more people to help
with the Project. Today we are announcing that Project Honey Pot has
begun tracking a new kind of online beastie: Comment Spammers.

If you’re not aware, comment spammers crept up from the depths in the
last few years. They are robots are running around the internet leaving
their comments on feed back forms, blogs, and forums. The purpose is not
only to drive traffic to the sites when people visiting the forums click
the links, but also to increase search engine rank by increasing the
number of back links to their site.

To learn more about how we’re tracking comment spammers, please visit:

http://www.projecthoneypot.org/5days_tuesday.php

We turned the system on only a little over a week ago and already have
caught more than 600 unique IPs engaged in comment spamming. We expect
that number will dramatically increase over time. If you haven’t done so
already, install a honey pot or add a QuickLink to help trap comment
spammers. If you’ve already installed a honey pot there’s nothing you
need to do. The form traps necessary to catch comment spammers are
likely already being delivered to your honey pot. Login to your account
and check out your Dashboard to see what comment spammers you’ve helped
catch.

As always, if you’re prefer not to get these updates, simply login to
your Project Honey Pot account and switch off notification emails under
the settings tab. Stay tuned for our big mid-week announcement tomorrow.
Until then, make sure to let your blogging friends know there’s a new
way to track comment spammers and we need their help!

The Project Honey Pot Team

=============================
Project Honey Pot
c/o Unspam Technologies, Inc.
1901 Prospector Avenue, Suite 200
Park City, UT 84060

I must, to my shame, admit that it was quite some time since I last gave Project Honepot any attention whatsoever. I had even forgot about this site’s active honeypot, located at www.lindqvist.com/scripts/pleasedliable.php

Share This

A visitor by the name of Michael, posted the below mail from the eLoterie’ International in a comment to another post. The e-mail is signed by the name of Stewart Wallis from Wallis & Gallagher Consulting, a company name that up to this point has been impossible to find on the web.
Thanks Michael! My spam filters has evolved enough that I don’t get these anymore.

First, Michael’s very direct comment about the mail he got:

THIS IS MY REPLY TO THE SCAMMERS
The email below is what was sent to me, all number you requested are available. One question… why are there so many misspellings and miss use of proper English? Are you possibly trying to scam me? If so, I cant wait for the part when you tell me there are some sort of taxes I have to pay upfront or shipping, please please please lets get on with it. What did I win, when will I receive payment?

If you check in again Michael, don’t hesitate to post any followup mails from the scammers to your reply. They would of course be really stupid to reply to such a call-out, but intelligence is rarely one of these scammers’ strong sides. Thick headedness is though, so they might just as well try to convicne you that you have actually won something…

And so on to the actual sting email from the scammers sending out winning notifications regarding the eLoterie’ International:

eLoterie’ International 2007 ™
Rue S. J. Bemdenlaan 121
3220 Edegem, Belgium
REF. NUMBER: eLI/3072215/03/07
BATCH NUMBER: 04-82-BE10

ATTN: Sir/Madam,

RE: NOTIFICATION

We are pleased to inform you, about the release to our first international promotion program (eLoterie’ International), held on the 25th of January 2007. Organised, to promote and encourage international participation, in our international first high stake lottery program.

In the 1st series, which was drawn from a pool of €2,460,000.00 (Two Million Four Hundred and Sixty Thousand Euros), playing with five numbers 15-26-2-34-11. Your email address, attached to ticket number 351, won in the 4th category and was awarded €517, 200.00 (Five Hundred and Seventeen Thousand, Two Hundred Euros only) in cash.

Please be informed that all names entered in the lottery program have been selected randomly through a computer ballot system with millions of entrants sourced through our international department, in conjunction with world residential white pages, and humanitarian organisations, with the help of chambers of commerce of countries.

To file for your claims please contact the designated accredited agent(s) below:

Stewart Wallis
Wallis & Gallagher Consulting
London, England.
EMAIL: wallisgallagherconsulting@yahoo.co.uk

All winnings must be claimed not later than two (2) weeks of receiving this notice. After this date, winnings that remain unclaimed would be returned, and late entry penalty requirement must be met before entry claims might be considered.

All correspondence must be directed to our authorized agent(s). Should there be any change of address, or wrongly spelt name, make sure you contact your assigned agent as soon as possible.

Thank you.

Yours faithfully,

NOEMIE THIBAUT (Ms)
Promotions Manager
eLoterie’ International.

Again, a Yahoo! email address. When will Yahoo! make an attempt to clear out these users?

Share This

Even if the below mail, is quite similar to the previously published Dayzers Lottery scam, it is also very different, and needs a post of it own. Thanks to Gita, who submitted it in a comment. The Dayzers Lottery does in fac exist, but they don’t have any free-for anyone e-mail ballots. They even have a waring about these types of scams published on their website at http://www.dayzers.nl/informatie/waarschuwing.jsp

Unfortunately, the warning is only published in Dutch, a language that most of the victims for this type of scam don’t understand.

In this case, the scammes have used the official name of the Netherland state lottery: The Netherlands Staatsloterij, the Dayzers lottery brand name, as well as the official looking name Sweepstakes International Lottery Promotion Program.

There is no doubt that the below email is a scam (the main tell-tale, again being that an official lottery with it’s own domain wouldn’t use an aim.com email address for it’s communication). If you received a similar one, don’t hesitate to call the Dayzers Lottery in The Netherlands, they speak excellent English, German and French, and can tell you that you, like many others have been exposed to a sting operation.

!!!!!!!THE NETHERLANDS STAATSLOTERIJ:
Dayzers Nederland:
Paleisstraat 5, 2514 JA,
The Hague, The Netherlands.
Website: www.dayzers.nl

Dear beneficiary,

Following the official publication of results of the e-mail electronic online Sweepstakes organized by The Netherlands Staatsloterij Corporation held on Monday, the 16th of April, 2007 in The Hague - The Netherlands, wherein your electronic e-mail address emerged as one of the fifty online winning emails in the 1st category, out of a total of 500,000 e-mail addresses that were entered for the E-mail Lottery Ballot and has therefore attracted a cash award of One Million Euro only. This is from a total cash prize of Fifty Million Euro only, shared amongst the fifty winners in this category. Your electronic e-mail address attached to our Lottery payment order, has the following details: (I) Ticket Number: DZRS/STLOTT/837-3845/2007: (ii) Lucky Numbers: 07, 25, 31, 49, 54, 66, 72: (iii) Batch Number: 11/621/2PDH /DZRS/NL/07: (iv) File Reference Number: DZRS/82283922/2007:. No tickets were sold.
We write to officially notify you of this award and advise you to contact our Claims Department immediately on receipt of this message for more information concerning your identity verification, processing and eventual payment of the above prize to you.

For your identity verification, please contact our Claims Department:
Tel; +31 64 191 2354 ; e-mail: dayzers07claim@aim.com; Contact Person : Dr. Jerome Coles - while quoting: (i). Your full name(s) and Nationality; (ii). Batch Number and (iii). Reference Number:

The payment authority of your prize - One Million Euro only - already paid and insured in your name with our Paying bank will be issued to effect immediate/swift transfer in the mode you will prefer and nominate, upon satisfactory report on your identity verification and validation recommendation by our Claims Department. E-mail addresses registered with false names are not eligible to claiming this prize.
The Staatsloterij Award is sponsored by a consortium of software promotion companies i.e. The Intel Group, Toshiba, Dell Computers and Microsoft Corporation to encourage the use of the internet and promote computer literacy worldwide. We are proud to say that over 20 Million Euro are won annually in more than 150 countries worldwide, as a result of our promotional programmes.
All winnings must be claimed not later than 10th of May, 2007. After this date, all unclaimed funds will be withdrawn and remember to quote your reference and batch numbers in all correspondences.

Once again on behalf of all our staff, Congratulations.

Yours faithfully,

Mrs. Brenda Wolfgang
Lottery Coordinator
Sweepstakes International Lottery Promotion Program.

Share This

A new brand of the online lottery scam has opened. This time said to be based in Malaysia, and under the name of Asia Online International Lottery. It’s a scam for sure, and my faithful server-side spam filter has stamped it as spam, but let it through anyway. It’s a weird detail that these scammers has sent it out with a blind carbon copy to my address. A true givaway that this was not intended for me only. How many others got it?

From: wins_claims@yahoo.com.hk
To: wins_claims@yahoo.com.hk
Date: 2007-mar-31 10:38
Subject: *****SPAM***** Call For Claims

ASIA ONLINE NOTIFICATION DESK.
GOVERNMENT ACCREDITED LICENSED!!
ASIA ONLINE INTERNATIONAL LOTTERY
IS REGISTERED UNDER THE DATA PROTECTION ACT OF;
(Registration Z720633X).
(24hours)CUSTOMER SERVICE
WINNING NOTIFICATION:Registration Z720633X
WINNING NOTIFICATION LETTER

We happily announce That the draw (#966) of Asia Online Lottery Raffle Draw held on 31st March 2007. Your e-mail address attached to ticket number: 56475600545 188 which subsequently won you one of the Thunder Ball Prizes.

You have therefore been approved to claim a total sum of (One million two hundred thousand Dollars ) ($1,200,000) in will be released to you by any of our payment offices in Malaysia.
To file for your claim, please contact our fiduciary agent:

Claims Department
contact our fiduciary
Mr. Wong Vanfrant,
Tel:+60173564103
Email:wins_claims@yahoo.com.hk

VERIFICATION FORM
1.FULLNAME 2.E-MAIL ADDRESS 3.FULL ADDRESS 4.SEX 5.AGE
6.OCCUPATION 7.TEL 8.COUNTRY 9.AMOUNT WON 10.ID
INDICATE YOUR MODE OF PAYMENT:
**VIA COURIER DELIVERY……………………….
**VIA BANK WIRE TRANSFER……………………..

Good luck from me and members of Asia Online International Lottery
Mrs.Rita Tung Po
Online Co-ordinator
Asia Online International Lottery
Copyright ?1994-2007 The Asia National Lottery

Well. Even with a Hong-Kong Yahoo address they won’t be able to fool that many people with

Share This

Some really smart people at the University of Illinois in Chicago have written an application that can keep conversations going with scammers of all kinds in order to make them use up all their free time in endless conversations without end.

The robot can even simulate different personalities to make the mail exchange more convincing.

Here’s a really great example between the spamalot robot personality Arthur and a scammer:
http://acm.cs.uic.edu/~lszyba1/arthur.html

Two presentations from MIT SpamConference 2007 last Friday:
(The sound is really bad but gets better after a minute or so).

1. http://www.youtube.com/watch?v=QZwqq3aweHI
2. http://www.youtube.com/watch?v=plIK8tMKS1A

This is a really great idea! Well worth my personal Nobel Prize.

Share This