Wandering Thoughts archives

How to get me to block your web ads in a flash

Tim Bray:

The animation in Web display ads is outta control, outta control, I tell ya!

What he said (except that it's been going on for years). The fastest and best way to get me to really kick your ads to the curb has always been to make them blink and get in my face, and it amazes me that anyone has ever thought such ads were a good idea.

(Huge, page-disrupting and modem-saturating ads don't help, but they are not as scream and leap as frenzied animation is.)

It also amazes me that people are willing to run ads on their pages that are taking deliberate steps to be more attention grabbing than the content. Apart from people who are only in it for the drive-by ad revenue from suckers, it seems self defeating to any efforts to build a long-term audience, since you usually only have a relatively brief chance to hook a first time visitor and persuade them to come back later, and what is presumably going to hook them is your content, not the collection of blinking stuff, so you want your content to be what their attention naturally settles on first.

(It's easy to see why blinking things are attractive to ad people, since it is well established that people reflexively pay attention to apparent motion and change. But this doesn't mean that using this low-level hook is a good idea or is likely to accomplish your actual goals, as most people who've tried using the <blink> tag can probably testify.)

Sidebar: what I use to get rid of ads

I've used the junkbuster filtering HTTP proxy since at least 1997 or so. Although it has limitations (like no HTTP/1.1 support), I still prefer it to in-browser solutions like Firefox's AdBlock, partly because I find its simple plain text configuration easier to manipulation. (And of course when I started using it, a filtering proxy was the only real option.)

I've never bothered upgrading to privoxy, the current line of junkbuster development, partly because junkbuster works fine for me so I have very little motivation to change. I did wind up trying privoxy out recently (due to people starting to stuff ads into RSS feeds), and my general view is that boy does it seem to have a complicated configuration system.

Weekly spam summary on December 16th, 2006

This week, we:

• got 16,689 messages from 271 different IP addresses.
• handled 21,893 sessions from 1,229 different IP addresses.
• received 207,766 connections from at least 62,254 different IP addresses.
• hit a highwater of 8 connections being checked at once.

This is about the same volume as last week, although the number of different IP addresses connecting to us is unusually large.

Kernel level packet filtering top ten:

Host/Mask           Packets   Bytes
208.99.198.64/27      29607   1776K
213.29.7.0/24         16473    988K
213.4.149.12           8042    418K
60.231.152.85          6112    311K
69.178.167.2           5894    283K
66.199.252.234         4744    285K
193.252.22.158         4657    279K
195.225.106.170        3907    234K
72.164.45.65           2696    129K
63.138.101.136         2566    123K

• 208.99.198.64/27 is totallyfreeld.net, aka SBL48200, still not terminated by their upstream and still active, returning from two weeks ago.
• 213.29.7.0/24 is the centrum.cz mail servers, returning from last week and still justifying their permanent block.
• 213.4.149.12 and 193.252.22.158 return from last week.
• 60.231.152.85 is a bigpond.net.au cablemodem, and returns from October.
• 69.178.167.2 and 72.164.45.65 tried to send a lot of bad HELOs.
• 66.199.252.234 and 195.225.106.170 tried to keep sending us stuff from origin addresses that had already tripped our spamtraps.
• 63.138.101.136 is in the CBL.

Overall, this week is quieter than last week.

Connection time rejection stats:

  48974 total
  30101 dynamic IP
  13820 bad or no reverse DNS
   3483 class bl-cbl
    271 class bl-sdul
    195 class bl-dsbl
    147 class bl-njabl
     82 class bl-spews
     74 cuttingedgemedia.com
     30 class bl-sbl
     23 class bl-ordb

There was only one IP address out of the top 30 most rejected IP addresses that was rejected 100 times or more, but that was our old friend 64.166.14.222 (631 times). Twelve of the top 30 are current in the CBL, eight are currently in bl.spamcop.net, and one is in the SBL: 213.154.88.54, apparently an ADSL line in Dakar, is in SBL21134 and SBL43951. You win no prizes for guessing that both listings are for being an advance fee fraud spam source.

(Ironically it accounted for none of the SBL hits this week, because it was blocked for having no reverse DNS, and that's checked before the SBL. The lead SBL hit source is 72.5.205.109 at 13 times, in SBL45324 as part of a ROKSO listing for 'Brian Kramer' aka 'Expedite Media Group'.)

This week, Hotmail had:

• 3 messages accepted; I suspect that at least two of them were spam.
• no messages rejected because they came from non-Hotmail email addresses.
• 25 messages sent to our spamtraps.
• 4 messages refused because their sender addresses had already hit our spamtraps.
• 3 messages refused due to their origin IP address being in the CBL.

And the final numbers:

This week there are no bad bounces to 'first_lastname' login names. They've been entirely supplanted by a random parade of alphabetical jumbles, the most popular of which was 'sxdijkhocqn' (5 times), leaved with a few things that are somewhat more plausible usernames, and a couple of old login names that no longer exist.