Browse > Home / General Updates, Marketing, Web-Dev-Design / Combating BookMark Site Spam - Scuttle BookMarking Script

Combating BookMark Site Spam - Scuttle BookMarking Script

November 21, 2006

Over the last few weeks a spammer utilizing an automated spambot has been posting bookmarks at the rate of 800 a day, in our bookmarking sub-domain: mybookmarks.afroarticles.com — mostly bookmarks leading to Finance and Debt Management sites. Our bookmark utility utilizes a script by scuttle - a web-based social bookmarking system that allows multiple users to store, share and tag their favorite links online.

Scuttle which is based on an open-source project does not have a built in admin system, therefore to get rid of spam/spammer — you must delete the user and spam tags directly from your mySQL database — which in most cases is accessible using a utility like phpMyAdmin — available via your website control panel.

phpMyAdmin allows you to administrate all of your mySQL databases. To learn more about this tool, please look at the phpMyAdmin help page and/or refer to your web hosting company’s tutorials.

It’s needless to mention that you must BACKUP your database before chopping off anything from you database.

Using phpMyAdmin, locate the offending users ID as follows: Under the TABLE field look for “sc_users” where “sc” is the table prefix you chose when installing Scuttle — Click on the BROWSE icon and delete the offending user. Next browse “sc_bookmarks”, “sc_tags” and “sc_watched” and delete everything referencing the unwanted bookmarks/tags.

Remember to record the “offending” IP addresses. You may have to do a lot of deleting: We had to delete close to 10,000 tags generated by this spammer.

Someone has come up with an SQL query that you can run on the database – Click here for details (Proceed Carefully!) OR just delete them manually as outlined above.

Other measures you should take include:

  • Renaming the registration file from the default “register.php” to “somethingelse.php” — just make sure that you make adjustments on all pages where “register.php” is referenced.

    •  

  • Track the IP address of the offender and block it in your .htaccess file or firewall if you are hosting your website on your own server. In our case we blocked the following IPs: 65.11.90.236 [Host Name adsl-11-90-236.mia.bellsouth.net], [5.11.90.236] [70.86.181.226] [72.153.248.224] [72.249.16.14] [207.58.144.162] | You may block a partial IP address, for example: 65.11. — but be careful because you will be blocking a whole lot of people who’s first two IP octets match 65.11. Note: The IP address - 70.86.181.226 reverses to gator50.hostgator.com - Implying that the automated script might running on a HostGator Server (installed by a “spammer client”)  - the same hosting company we use for this website - We reported this spammer to Hostgator accordingly.

It would be nice if Scuttle released the next version of their script with some admin tools — not everyone is a programmer! — and/or someone should come up with a MOD with admin functions to help make users “toe the line.”

Note: With Scuttle you don’t have to start from scratch: the application allows you to import your browser and del.icio.us bookmarks. To import bookmarks from your del.icio.us account, go to http://del.icio.us/api/posts/all, log in using your del.icio.us username and password, and save the XML file to your computer — then log into your scuttle account, click on “add a bookmark” followed by — “Import Bookmarks from del.icio.us.” For good measure you can also import your bookmarks(favorites) from your browser — Internet Explorer, Mozilla Firefox and Netscape.

As social bookmarking roots itself in Web 2.0, spammers, hackers and vandals will attempt to exploit every weakness in it’s defenses. Email is ruined, in my opinion. Is social bookmarking next?.

Written by James Opiko · Filed Under General Updates, Marketing, Web-Dev-Design 

Comments

Got something to say?

You must be logged in to post a comment.