a new batch of movable type spam
does anyone have any insight into the latest batch of blog comment spam i’ve been seeing over the last week or so? they all seem to be coming from rogers IPs, and look like this:
IP Address: 69.193.88.30
Name: Andie
Email Address: andrewlace@yahoo.com
Comments:
Greetings
what makes them noteworthy is that the URL they provide never seems to work, although they do seem to have been registered:
Domain name: ANDREWLACE.COM
Registrant Contact:
RegisterFly.com – Ref# 13454639
Whois Protection Service – ProtectFly.com (13454639.fly@spamfly.com)
+1.2122952121
Fax: +1.2122952153
230 Park Avenue
Suite 864
New York, NY 10169
US
New York, NY 10169
US
the use of a “whois protection service” makes me a bit suspicious at the best of times.
i’ve also received links to www.jimtayler.com (x2) and www.johnhuron.com. my suspicion is that they may all suddenly become active at the same time. seriously though, how much money do they honestly expect to make from a blog with traffic levels as low as chumptastic’s? geez.
update: as an aside, mt-blacklist blocked 38 attempted spam postings yesterday. good lord.
update 2: check out epiblog’s take on this new batch of spam.
I’ve had the same posts on my website. Doesn’t MT or MT-Blacklist have a way to block IPs? 69.193.88.30 has appeared several times, but I’m seeing some variety on the last few digits.
I found your site by searching Google for “whois ip 69.193.88.30.”
November 7th, 2004 at 8:34 amI don’t think you can block IPs with MT-Blacklist – only despam after the fact. I’m tempted to block their IP address range with apache.
November 8th, 2004 at 11:37 amI already said this personally with the author, but I tried adding the IP address to the MT-blacklist like I would with a URL or keyword. So far, I have not had any more spam from the person.
November 8th, 2004 at 1:31 pmIf you want to block IPs, use the IP banning function in MT’s Wblog config. It works real well, and is adaptable to partial IPs.
It works so well, I accidentally added a blank entry and got ZERO comments for a fortnight.
Works for me, but I also tampered with the template and link to kill off bot-commenters who assume the pagename is mt-comments.cgi. You’d be surprised how many sites try to connect directly using the former links.
All I need to do now is put a confirmation popup in the script, and that should stop everything but actual people.
November 10th, 2004 at 3:38 amboth are excellent suggestions. i hadn’t thought of renaming mt-comment.cgi – good call.
November 10th, 2004 at 8:28 am