Bot changes behavior
There’s a bot I’ve seen now and then, that I suspect of being bad. It’s been trying to GET my old B2 comments script on annelisabeth.com.
67.19.91.50
That’s a webserver at ThePlanet. But it’s managed to fool both whois.sc and webhosting.info into believing there’s no website at that address. So what’s it doing? If you access the IP address, there’s a plesk desk served.
And it used to have the user agent:
Mozilla/3.0 (compatible; Indy Library)
But last night that changed. It started trying HEAD on the same file, but this time with this as the referrer:
http://Dmoz.org
That site is of course totally above approach. Not owned by someone who’d be into spamming.
But I think the wielder of the bot intends to spam.
The user agent is now:
Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1
About as common as they get…
Anyway, this one should be blocked by IP number. I’ve found samples online of spam from that IP address going back to July 2004. I did manage to find some recently spammed stuff (February 20th), and the IP address of the site spamvertized is:
209.51.135.146
According to both lookups, that IP address only has one site on it.
But wait, there’s more!
This spammer also utilizes this server for hosting:
66.225.211.190
Once again, the lookups only find one site.
Hmmm, duplicate that a few times, and a picture begins to emerge: Virtual Private Server.
Which might mean you get your own IP address and your own server. Hmmm…