chumptastic dot org

05 Nov 04

a new batch of movable type spam

does anyone have any insight into the latest batch of blog comment spam i’ve been seeing over the last week or so? they all seem to be coming from rogers IPs, and look like this:

IP Address:
Name: Andie
Email Address:



what makes them noteworthy is that the URL they provide never seems to work, although they do seem to have been registered:


Registrant Contact: – Ref# 13454639
Whois Protection Service – (
Fax: +1.2122952153
230 Park Avenue
Suite 864
New York, NY 10169
New York, NY 10169

the use of a “whois protection service” makes me a bit suspicious at the best of times.

i’ve also received links to (x2) and my suspicion is that they may all suddenly become active at the same time. seriously though, how much money do they honestly expect to make from a blog with traffic levels as low as chumptastic’s? geez.

update: as an aside, mt-blacklist blocked 38 attempted spam postings yesterday. good lord.

update 2: check out epiblog’s take on this new batch of spam.

5 Responses to “a new batch of movable type spam”

  1. 1
    Daniel Lewis Says:

    I’ve had the same posts on my website. Doesn’t MT or MT-Blacklist have a way to block IPs? has appeared several times, but I’m seeing some variety on the last few digits.

    I found your site by searching Google for “whois ip”

  2. 2
    pager Says:

    I don’t think you can block IPs with MT-Blacklist – only despam after the fact. I’m tempted to block their IP address range with apache.

  3. 3
    Daniel Lewis Says:

    I already said this personally with the author, but I tried adding the IP address to the MT-blacklist like I would with a URL or keyword. So far, I have not had any more spam from the person.

  4. 4
    fathead Says:

    If you want to block IPs, use the IP banning function in MT’s Wblog config. It works real well, and is adaptable to partial IPs.

    It works so well, I accidentally added a blank entry and got ZERO comments for a fortnight.

    Works for me, but I also tampered with the template and link to kill off bot-commenters who assume the pagename is mt-comments.cgi. You’d be surprised how many sites try to connect directly using the former links.

    All I need to do now is put a confirmation popup in the script, and that should stop everything but actual people.

  5. 5
    pager Says:

    both are excellent suggestions. i hadn’t thought of renaming mt-comment.cgi – good call.

Leave a Reply

Pronunciation: 'ch&mp
Function: noun
Etymology: perhaps blend of chunk and lump
Date: 1883

© 2022 chumptastic dot org | Entries (RSS) and Comments (RSS)

GPS Reviews and news from GPS Gazettewordpress logo