Dealing with comment spammers the PowerShell way

Since I started blogging earlier this year I’ve come to notice a two types of spam that I haven’t had to think about before: incoming link spam and comment spam.

Incoming link spam is quite interesting…links show up in my incoming link list trying to get me to be curious enough to click on those links and see what the source site is all about, which then results in trojan horses and other various nasty side effects detrimental to the health of your computer.  Curiosity killed the cat.  I learned that lesson the hard way quite a few months ago, and won’t get suckered by that one again.  I don’t think there is much I can do about that one either, so it’s best to simply be aware of it and only follow through links that look relevant to what you blog about.

Comment spam comes in one of two varieties: links to various sites selling pharmaceuticals or showing pornography (and probably also loaded with trojan horses and other equally nasty exploits), and content theft.  The link variety is just a minor annoyance which gets caught by my spam filters and automatically deleted.  The content theft variety is something that bothers me a little more though.  It comes in the form of a trackback link that would show up in my comments if I let it through.  The spam filters recognize it as spam, so I could just let it be automatically deleted, but I’m too bothered by the content theft to just delete the tracktrack comment.  What bothers me is that the site that is linking to my blog doesn’t care about me or PowerShell or PowerGUI or anything that I blog about.  They just want to get discovered through people following links in my comments or through search engines picking up their sites.  Then once you are on their site, they have advertisements everywhere waiting for you to click on them so that they get click-through income.  These individuals are trying to profit off of other bloggers hard work, not just by getting links on their site but by stealing their content, and that just doesn’t sit right with me.  And it must be working to some degree, because more and more of these types of sites pop up all the time.

Fortunately I have found through personal experience that you can successfully take action against the content theft sites.  I’ve had the blog entries linking to my blog removed from some sites (which now are shut down, so maybe removing the blog entries wasn’t enough for them), and I’ve had other sites shut down immediately and no longer available on the web.  This works because of policies that ISPs have against abuse, and fortunately spam is often considered as abuse in those policies.  An ISP that was used to host one of the sites that I’ve successfully had shut down has a strict no spam policy including the following penalties:

  • seizure of all on-premises equipment and data;
  • forfeit of all funds paid;
  • a demand for payment of a fine (to cover damage to our reputation)
  • $500/incident/spam clean-up fee, all of which is payable within 24 hours or will be referred to a collection agency;

That sounded like fair and just punishment to me, and they were very quick to shut down the site in question, so I recommend others try this as well.

If you have a blog and you want to take similar action against content theft, how do you go about doing it?  Well you could use a good whois database like, enter the IP associated with the site that stole the content, go to the website of the ISP identified in the who, check out their abuse policy and then contact them with the details about the comment theft in hopes that they will shut them down.  Or you could use PowerShell to look after the retrieval of the whois record and have it open the website of the ISP for you as well as an email in your default email program already populated with the email address, subject and body.  Then it’s as simple as verifying the abuse policy on the ISP’s site, clicking send on that email and with a little luck, presto!  Another spammer gone! 🙂

Since this seems to be a trend that will only continue, I started writing a script to do this for me a little while ago and when I saw that content-theft trackback spam message in my spam folder this morning, I decided today I would finish it.  Well now it’s finished and ready for you to customize for your blog.

The script uses two functions to do its work:

  1. Get-WhoIsRecord – used to retrieve the whois record for a site identified by a dns name or an ip address from the specified whois database and build a custom PowerShell object with the data in that record.
  2. Fight-ContentTheft – used to extract the dns name from the offending blog url that is passed in, lookup the whois record, extract the abuse email address from that whois record, open the website for the ISP that hosts the offending blogger in the default browser and open a new email message in the default email program with the abuse email address, an appropriate subject and a message body already entered into the message.

I need to note that this script has only been tested for my own comment spam and therefore may need to be tweaked to work in your environment.  Also it has a two placeholders in the message body waiting for you to provide your blog address as well as your signature.  And finally note that this may not work through firewalls depending on their configuration.  But it can work because I’ve gotten it to work from my laptop, so if you have some issues I encourage you to troubleshoot and see if you can get it working if you want to fight this type of spam like me.

Since the script is a little long, I’m keeping it in an attachment to this post so that you can download it more easily.  The attachment is a text file so you’ll need to save it as a ps1 file if you want to run it within PowerShell.

To get the script, click here.


Kirk out.

Technorati Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s