chumptastic dot org

05 Nov 04

a new batch of movable type spam

does anyone have any insight into the latest batch of blog comment spam i’ve been seeing over the last week or so? they all seem to be coming from rogers IPs, and look like this:

IP Address: 69.193.88.30
Name: Andie
Email Address: andrewlace@yahoo.com

Comments:

Greetings

what makes them noteworthy is that the URL they provide never seems to work, although they do seem to have been registered:

Domain name: ANDREWLACE.COM

Registrant Contact:
RegisterFly.com – Ref# 13454639
Whois Protection Service – ProtectFly.com (13454639.fly@spamfly.com)
+1.2122952121
Fax: +1.2122952153
230 Park Avenue
Suite 864
New York, NY 10169
US
New York, NY 10169
US

the use of a “whois protection service” makes me a bit suspicious at the best of times.

i’ve also received links to www.jimtayler.com (x2) and www.johnhuron.com. my suspicion is that they may all suddenly become active at the same time. seriously though, how much money do they honestly expect to make from a blog with traffic levels as low as chumptastic’s? geez.

update: as an aside, mt-blacklist blocked 38 attempted spam postings yesterday. good lord.

update 2: check out epiblog’s take on this new batch of spam.

This entry was posted on Friday, November 5th, 2004 at 10:37 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

«
»

5 Responses to “a new batch of movable type spam”

  1. 1
    Daniel Lewis Says:

    I’ve had the same posts on my website. Doesn’t MT or MT-Blacklist have a way to block IPs? 69.193.88.30 has appeared several times, but I’m seeing some variety on the last few digits.

    I found your site by searching Google for “whois ip 69.193.88.30.”

    November 7th, 2004 at 8:34 am
  2. 2
    pager Says:

    I don’t think you can block IPs with MT-Blacklist – only despam after the fact. I’m tempted to block their IP address range with apache.

    November 8th, 2004 at 11:37 am
  3. 3
    Daniel Lewis Says:

    I already said this personally with the author, but I tried adding the IP address to the MT-blacklist like I would with a URL or keyword. So far, I have not had any more spam from the person.

    November 8th, 2004 at 1:31 pm
  4. 4
    fathead Says:

    If you want to block IPs, use the IP banning function in MT’s Wblog config. It works real well, and is adaptable to partial IPs.

    It works so well, I accidentally added a blank entry and got ZERO comments for a fortnight.

    Works for me, but I also tampered with the template and link to kill off bot-commenters who assume the pagename is mt-comments.cgi. You’d be surprised how many sites try to connect directly using the former links.

    All I need to do now is put a confirmation popup in the script, and that should stop everything but actual people.

    November 10th, 2004 at 3:38 am
  5. 5
    pager Says:

    both are excellent suggestions. i hadn’t thought of renaming mt-comment.cgi – good call.

    November 10th, 2004 at 8:28 am

Leave a Reply

Pronunciation: 'ch&mp
Function: noun
Etymology: perhaps blend of chunk and lump
Date: 1883

© 2020 chumptastic dot org | Entries (RSS) and Comments (RSS)

GPS Reviews and news from GPS Gazettewordpress logo