Dealing with spam on our websites is challenging, but it is possible to lower it and reduce the risks and its effects.
At the end of June, when I also lost two close relatives when the family was in a grief process, my publications hit rock bottom on this platform. It felt like everything was crumbling from all angles. One weekend at the end of June, utterly exhausted from the relentless flood of thousands of emails and Slack messages — writers frustrated by their stories being delayed for over 20 days, others anxiously waiting for their boost, and seven exceptional stories I had personally nominated being rejected — I knew I needed to reset.
I sent a post titled Patience: ILLUMINATION Backlog Reached 2000+ Submissions and the Future of I-C Uncertain. Many readers and writers showed compassion. However, one left a message inferring that my story was a complaint and that I should have scaled down my pubs rather than asked Medium to give me more volunteer editors. The reader missed the point and had no clue of my pain and the exhaustion of our editors. It touched my heart as already my editor.
In that moment of chaos, I decided to meditate. It was during this long, introspective session that my higher self whispered the most obvious solution: reach out to my collaborators.
I quickly contacted a few volunteer editors who had taken a much-needed break. Gerald and Kurt, the most active ones, responded almost immediately with, “No worries, Doc. We’ll be in the queue shortly. Take care of yourself.” Their unwavering support was a lifeline.
Then, I reached out to Mike, asking if he could handle editing a few more stories that were stuck in my queue for an agonizing 21 days. Looking back, I can’t help but feel like an idiot. I was drowning in tasks, wasting my time and theirs, and neglecting the flood of new writers eager to join ILLUMINATION.
The process was excruciatingly slow — I could only add about 20 writers a day because the registration process is manual and cumbersome for Medium publication. In desperation, I called Aiden, who was in the middle of a family gathering, and asked if he could help that weekend by adding some writers. He didn’t hesitate — he said, “Of course, Dr Yildiz, I can do anything for you.”
I gave him administrative access to our writer registration portal. But just a few hours later, Aiden called me, shocked. “Dr. Yildiz, I logged in, but there are 5,000 or more spam entries. It’s impossible to find legitimate writer inquiries. I don’t know what to do. Please guide me.”
He was right. The entire database was flooded with spam. I immediately used every tool at my disposal to filter out the junk, isolating around 500 authentic writer applications for Aiden. From that point on, Aiden took over this tedious task, freeing me to focus on leading our community on Substack for creating fallback positions for them.
While Aiden managed the registrations, I implemented multiple precautions to reduce the spam from 100% to about 30% in just two months. But the real breakthrough came when I brought in a friend Sylvain Zyssman who’s an expert in technology and data science. Not only did the spam become negligible, but the speed of our website also skyrocketed, along with our views.
Now, back to this platform, as a long-time writer on Medium, I’ve witnessed the platform evolve over the past five years, particularly in its battle against spam. This issue, which has become increasingly severe, poses a challenge to Medium’s core principles of diversity, inclusion, and equality. I, too, have been a target of malicious activities, including attempts to scam authentic writers.
My account was cloned countless times. Unfortunately, the last one over the weekend broke the camel’s back, and I had to create a new account called Dr Mehmet Yildiz (NEW). I hope this solution will ease my problem. Although I was initially disappointed with Medium’s support for writers and readers, my empathy increased as my website also suffered similar issues. However, I took action and improved the situation.
A few people judged me for complaining, but my response has been to write about these issues, educate readers/writers, inform the support team, and encourage the leadership team to take further action. While progress has been gradual, Medium is taking serious steps to address these concerns, as I covered in a story yesterday. It is titled Excellent News for Preventing Scammers But Not Sure Whether a Fluke or By Design.
My empathy for Medium stems from my experiences managing my smaller website, which also faces significant spam from across the globe. As a technology professional, I approach these challenges with a systematic analysis and protective measures to mitigate risks and minimize impact.
In this story, I will share a short case study illustrating my approach to handling spam, using a sample phishing email as an example. My goal is to educate you with an actionable plan explained in simple terms that anyone can understand.
Case Study: Analyzing a Phishing Email
Here is a screen capture of what spam looks like on my website, which is open to the public. It is from the writer registration portal via a form usually referred by Medium and other writing platforms where I notified it. Until I started my publications on Medium, my website never got any spam. But this year the amount was over 5000%.
I used my subscription-based spam handling software, which analyzed thousands of emails and created a report with the information I summarized below on how the tool classifies spam emails using these two entries I provided in the screen capture.
“First Name” Placeholder: The generic placeholder suggests that the email was part of a bulk phishing attempt, where the attacker did not personalize the content for each recipient.
“🔑Ticket: SENDING 1,0068 BTC”: The mention of Bitcoin (BTC) is a common tactic in phishing scams, often used to lure victims with the promise of cryptocurrency transfers. The unusual formatting of the number (1,0068 BTC) could be an error or a deliberate tactic to bypass filters.
Suspicious Link: The link provided (https://out.carrotquest.io/…😉 is masked and obfuscated, making it difficult to discern its true destination — a clear red flag. So it is a good idea to hover on the link and get a feeling.
Email Address: The sender’s email (hatty2001@murahpanel.com) comes from an unfamiliar domain, likely unassociated with any legitimate service.
IP Address (104.244.79.50): This IP address, often linked to spam or malicious activities, warrants further investigation.
Potential Threats
The software identified threats informing me under multiple categories, but these three were critical to me. I will cover them in another article.
Phishing: The email likely aims to trick you into clicking the link, potentially leading to a fake login page designed to steal your credentials or triggering an automatic download of malicious software. Additionally, the links associated with them are often very close to the real ones. An example of a legitimate link (not a real one): myaccount.google.com another example phishing link: myaccount.googlle.com / myaccount.gooogle.com, etc
Malware: The link could direct you to a site that installs malware or ransomware on your device. Please never click on them.
Scam: The mention of Bitcoin may be a ploy to exploit those interested in cryptocurrency, promising something valuable in exchange for sensitive information or payments. They invite the user to plug in their cold wallet and type in their seed phrase. Once done, the battle is lost (as are the funds).
Protective Actions
The tool listed immediate steps to lower spam and its impact. It said this thorough approach would help me mitigate the risk and protect my website from further attacks.
Do Not Click the Link: Hover the links but avoid interacting with the link or any attachments in the email.
Mark as Spam: Report the email as spam/phishing in your email client.
Block the Sender: Block the email address to prevent further messages from this source.
Check for Vulnerabilities: First thing to do is to check for the (most of the time) green lock inside the URL bar. That’s the sign the website uses an encrypted (https/ssl) connection, with a valid certificate. Ensure your website is secure, with no unauthorized changes. Use a security plugin or service to scan your site.
Update All Software: Keep your website’s software, plugins, and themes up to date to prevent exploitation of known vulnerabilities. Same goes with CMS. Themes, plugins, etc.. must be up-to-date. Same for technical stacks and libs, windows, mac updates, as some zero-day vulnerabilities are often found.
Enable Two-Factor Authentication (2FA): Use 2FA for all admin accounts to protect against unauthorized access. Choose 2FA with authenticator app over 2FA with SMS, as they can be intercepted.
Report the IP Address: Report the suspicious IP address to a cybersecurity service or your hosting provider for further action.
Contact Law Enforcement: If you believe you are being targeted, report the incident to local law enforcement or a cybercrime agency, providing all relevant details.
Inform Your Hosting Provider: Notify your hosting provider about the incident so they can help secure your website and investigate any potential breaches.
Verify the IP Address: Use tools like ipinfo.io or abuseipdb.com to check the reputation and details of the IP address.
Review the filtered emails to ensure no sensitive information is compromised.
Secure your website by updating software, scanning for malware, and enabling 2FA.
Educate yourself and your team on recognizing and responding to phishing attempts to prevent future incidents.
Understanding Tor Exit Nodes: What is a Tor Exit Node?
The IP address I searched was associated with a Tor exit node. Here’s what that means and what you can do about it:
Tor Network: Tor (The Onion Router) is a privacy-focused network that routes internet traffic through multiple servers (or nodes) to anonymize the user’s identity and location.
Exit Node: The exit node is the final node in the Tor network through which the user’s traffic exits before reaching its destination. This is the IP address that websites and services see as the source of the traffic.
What are the implications of Tor Exit Nodes?
Users who use the Tor network often seek to anonymize their online activity, including both legitimate uses (e.g., privacy protection, circumventing censorship) and potentially malicious activities (e.g., hiding the origin of an attack).
The message clarifies that neither the owner of the exit node nor the service provider is responsible for any actions taken by users of the Tor network. This means that if you see suspicious activity from a Tor exit node, the person controlling the node is not responsible for that activity.
What Can You Do About It?
Monitor for Suspicious Activity: Log any repeated or suspicious activities originating from this or similar IP addresses and analyze patterns for targeted attacks.
Block or Allow Access: Depending on your website’s mission, you can block traffic from known Tor exit nodes or allow access while monitoring closely.
Report and Investigate: Report suspicious activity to law enforcement or consult with a cybersecurity expert for appropriate defenses and response strategies.
Addressing Spoofing or Misuse
It was possible that attackers were using my website’s name or URL in phishing emails to add credibility to their scam. This is known as spoofing, where legitimate sites or brands are mimicked to deceive recipients.
What are the tips to protect our website and users?
To protect your website and users, start by running a comprehensive security scan, ensuring everything is up to date, and regularly reviewing logs for unusual activity. Investigate how your URL is being used by checking referral logs and contact forms for misuse. If you suspect spoofing, contact your hosting provider immediately and consider implementing DMARC to safeguard your domain from fraudulent activities.
How Do I Use My Hosting Service Provider, WordPress.com to Increase Security, Lower Spam, and Reduce the Risks of Scams
WordPress.com offers a variety of tools and resources designed to protect your website from spam, spoofing, phishing, and other malicious activities. Here’s a detailed overview of what WordPress.com provides to help secure your site:
Spam Protection: Akismet Anti-Spam
Akismet is a powerful anti-spam plugin built into WordPress.com that automatically filters out spam comments on your posts and pages. Akismet checks comments and contact form submissions against its global database of known spam, preventing malicious content from being published on your site. Akismet is automatically enabled on all WordPress.com websites. You can adjust its settings or review filtered comments through the WordPress dashboard under “Plugins” > “Akismet Anti-Spam.”
Security Features: Jetpack Security
Jetpack is a comprehensive security plugin available on WordPress.com that offers a suite of tools, including malware scanning, brute-force attack protection, and downtime monitoring. Jetpack is included in WordPress.com plans. Jetpack regularly scans your site for malware and notifies you of any detected issues. The Brute Force Attack Protection feature blocks suspicious login attempts to prevent unauthorized access to your site. Jetpack alerts you if your site goes offline, allowing you to respond quickly. You can activate and configure it through the dashboard under “Jetpack” > “Settings.”
HTTPS/SSL Encryption: Free SSL Certificate
WordPress.com provides a free SSL certificate for all sites, ensuring that data transmitted between your site and its visitors is encrypted. SSL encryption protects your site from man-in-the-middle attacks and assures visitors that their connection is secure. SSL is automatically enabled for all WordPress.com sites, indicated by the “https://” in your site’s URL.
Domain Protection: DMARC, DKIM, and SPF
WordPress.com supports the setup of email authentication protocols like DMARC, DKIM, and SPF. These protocols help prevent email spoofing by verifying the authenticity of the sender’s domain. If you are using a custom domain, you can configure these settings through your domain registrar. WordPress.com provides detailed guidance in its support documentation.
Phishing and Malware Protection: Automatic Updates
WordPress.com automatically handles all updates to your site’s core software, themes, and plugins, ensuring you always have the latest security patches. Updates are applied automatically, but you can check for the latest version via the dashboard under “Updates.”
User Management: Two-Factor Authentication (2FA)
WordPress.com supports two-factor authentication (2FA), adding an extra layer of security to your login process by requiring a second form of identification in addition to your password. Enable 2FA through your account settings on WordPress.com by navigating to “Account Settings” > “Security” > “Two-Step Authentication.”
Reporting and Mitigating Issues: Support and Reporting Tools
WordPress.com offers several support options, including live chat, email support, and extensive documentation, to help you manage security issues. If you suspect that your site has been targeted by phishing or other malicious activities, you can report it to WordPress.com’s support team for assistance. Access support through the WordPress.com dashboard by clicking “Help” or visiting the WordPress.com Support page.
Resources, Documentation, and Education
WordPress.com provides a comprehensive security guide that covers best practices for securing your site. Access the guide through the WordPress.com Security Documentation. The WordPress.com blog and forums are valuable resources where you can learn about the latest security trends, plugin recommendations, and best practices. Regularly check the WordPress.com blog and participate in community forums to stay informed about new security threats and solutions.
Key Takeaways and Action Steps for Website Owners
Enable Akismet and Jetpack for spam and security protection.
Verify that your site uses HTTPS/SSL for secure connections.
Consider setting up DMARC, DKIM, and SPF for domain protection.
Enable Two-Factor Authentication on your account.
Regularly monitor your site using Jetpack’s tools and your own vigilance.
Educate yourself on the latest security practices through WordPress.com’s resources.
Report any suspicious activity to WordPress.com support immediately.
By leveraging these tools and resources, you can significantly enhance your website’s security and protect it from potential threats.
How to Obtain Evidence for Reporting and Law Enforcement
In the above two examples, here is the first spam email findings
Here are the second spam email findings with a different IP.
Detailed Geographic Information with Coordinates
Sample IP Abuse Reports
Here is the Whois IP Report
ClearnTech Report
Conclusions: Protecting Your Website’s Reputation
Your website’s reputation is crucial, and attackers leveraging your domain for phishing can damage your credibility and harm your users. By taking these steps, you can better protect your site and maintain trust with your audience.
When you suspect that your website or email account has been targeted by malicious actors, gathering evidence is crucial for reporting the incident and seeking assistance from law enforcement or cybersecurity professionals. Here’s how you can systematically collect the necessary information:
The first step in gathering evidence is to analyze the full email headers of any suspicious emails. Email headers contain critical information such as the sender’s IP address, the servers the email passed through, and the actual domain used. This data can help trace the origin of the email.
Most email clients, such as Gmail, Outlook, and Yahoo, allow you to view full email headers. You can also use online tools like MxToolbox to analyze the headers for any discrepancies or red flags.
If you identify an IP address associated with suspicious activity, such as the one from a phishing email or suspicious login attempt, use IP lookup tools to gather more information. Services like ipinfo.io or AbuseIPDB allow you to check the IP’s geolocation, reputation, and any reported abuses linked to that address.
If the IP is linked to a Tor exit node, it indicates that the attacker is attempting to anonymize their identity. While this makes tracing more difficult, the IP can still be reported to cybersecurity services for further investigation.
Your website’s server logs are a valuable source of information, as they record all requests made to your site. By examining these logs, you can identify patterns or anomalies that suggest an attempted breach or abuse.
Access your website’s cPanel or use log analysis tools provided by your hosting service. You can also use third-party tools like AWStats or Webalizer to analyze these logs for suspicious activity.
If a phishing email contains links, you should analyze these URLs to determine if they lead to malicious sites. Tools like VirusTotal, PhishTank, and Google Safe Browsing can help you check whether a domain is flagged for hosting malware or phishing content.
Conduct a WHOIS search to find out who owns the suspicious domain. Tools like WHOIS.net or ICANN Lookup provide detailed domain registration information, which can be useful for reporting the domain to authorities or identifying patterns across multiple attacks.
Take screenshots of any suspicious emails, URLs, and browser warnings as visual evidence. This is particularly useful for documenting the exact appearance of a phishing attempt or fake website before it’s taken down.
Keep a detailed log of the incident, including the time and date of each suspicious activity, the actions you took, and any interactions with your hosting provider or law enforcement. This documentation can support your case when reporting the incident.
Once you’ve gathered sufficient evidence, report the incident to your local law enforcement agency, particularly if it involves serious threats like financial fraud or data breaches. You can also report the incident to your national cybersecurity center (e.g., CISA in the US, NCSC in the UK).
Many countries have dedicated platforms for reporting cybercrime. For example, in the United States, you can report to the FBI’s Internet Crime Complaint Center (IC3). Additionally, organizations like Europol and Interpol have mechanisms for reporting and investigating cross-border cybercrimes.
By systematically gathering this evidence and involving the appropriate authorities, you can help not only protect yourself but also contribute to broader efforts to combat cybercrime. The more detailed and accurate your evidence, the more likely it is that law enforcement can take meaningful action against the perpetrators.
Key Takeaways for All Stakeholders:
For Website Owners: Regularly update software, use 2FA, and stay vigilant against phishing attempts and other malicious activities.
For Medium Writers: Advocate for platform security improvements while taking personal steps to protect your content and identity.
For Readers and Users: Be cautious of phishing emails, especially those involving cryptocurrency, and report any suspicious activity.
By understanding and implementing these protective measures, we can collectively make the online space safer for everyone.
Thank you for reading my perspectives. I wish you a healthy and happy life.
I wrote this story as a give-back to the writing community as I owe my success to my mentors. Mentorship and collaboration can enhance our knowledge, make awareness and skill-building easy, and make the journey enjoyable on different platforms. I wrote several stories like this for writers and readers and linked them to a list titled Writing, Content Development & Marketing Strategies.
Here is why I resigned from the Boost program on Medium.
Here’s why I closed my best publication, ILLUMINATION-Curated.
If you are a writer on Medium and Substack, we have a new publication called Substack Mastery. You are welcome to join and share your Substack experience with your fellow writers and discerning readers.
Welcome to “Substack Mastery” Publication by the ILLUMINATION Network on Medium
We renamed the previous “Substack on ILLUMINATION” publication to avoid confusion with our other publications.medium.com
If you are a new reader, you may check out some of my topics, including the brain, mental health, cognitive function, significant health conditions, longevity, nutrition/food, valuable nutrients, ketogenic lifestyle, self-healing, weight management, writing/reading, including 100+ Insightful Life Lessons from My Circles for the Last 50+ Years.
I publish my health and wellness stories on EUPHORIA and share distilled versions on SUBSTACK. My posts do not include professional or health advice. I only document my reviews, observations, experiences, and perspectives to provide information and create awareness.
If you are a writer, you are welcome to join my publications by sending a request via this link. I support 31K writers who contribute to my publications on this platform. You can contact me via my website. I also have another profile to write and curate tech stories. Friend Links to My Sample Boosted Stories for Non-Members of Medium.
You can read the distilled version of this story on Substack for free.
You are welcome to join the ILLUMINATION Community on Medium and Substack. Here is the Importance and Value of Medium Friendship for Writers and Readers
Join me on Substack, where I offer experience-based content on health, content strategy, and technology topics to inform and inspire my readers.
Health and Wellness by Dr Mehmet Yildiz
Content Strategy, Development, & Marketing Insights
Technology Excellence and Leadership
Get an email whenever Dr Mehmet Yildiz publishes. He is a top writer and editor on Medium. dr-mehmet-yildiz.medium.com
Leave a Reply