Spam attack – first defense
Update: There was a small bug – so people were not able to complete the sending of campaigns. Now fixed.
A couple of days ago our campaigns site was down for an hour or more following a distributed denial of service (DDOS) attack on the company which hosts the connection to our new server in Iceland. I have no idea if the attack was directed against us, but noticed today when updating our mailing lists that we’ve had dozens of people signing up to our campaigns with addresses like xkfrjw@flikjdk.com and random countries.
These are fairly easy to spot, as it’s very unlikely that a person with the email address of xkfrjw@flikjdk.com who says their country is the Falkland Islands is likely to sign up to our Norwegian language mailing list. So I spent an hour today trying to clear many of these addresses from our lists. MailChimp itself will purge them over time, so in that sense it doesn’t really matter much.
The problem, however, is that these spammers have been attempting to use our system. It’s unlikely that they’ve been able to send out mail through it, but they may have been sending some of the recent campaign messages to our targets. The numbers we’re talking about our quite low – perhaps a few dozen attempts we can see.
I looked into using a CAPTCHA system but it strikes me that this might make it very hard for people to sign up (Recaptcha is the most popular) and I’d like an easier-to-use system now.
If you look at our campaigns now, you’ll see at the bottom a little box above the Submit button with this logo:
At the moment, let’s test this and see if it effectively blocks most spam.
If not, we will have to upgrade to a proper CAPTCHA.
We will need this bit of text translated — if we decide to stay with it:
Enter the number ___ here:
Thank you.
As well as this:
No Comments »
RSS feed for comments on this post. TrackBack URL
