Prankster having fun
If you’re here because you found a link to my blog in a comment or trackback, please read this post.
I’ve been impersonated.
Please delete any fake comments or trackbacks supposedly from me in your blog
—————–
I just got an e-mail. A failure notice.
It was a notification of a comment posted to a blog, that was sent back to the address entered in the from field. Mine.
The comment was:
*********
Comment spam is destroying
the web! Please visit my website and help me fight against evil spammers!!
*************
And…
I didn’t post it.
IP numbers of poster:
207.248.240.119
204.169.235.108
62.68.251.67
168.12.253.66
203.172.255.253
207.232.181.5
(all open proxies)
I’d like user agent info and any extra headers possible, if anyone sees this post and has been hit. Especially HTTP headers, for those anal enough to collect them. That may help me pinpoint the software the spammer i using.
My name was entered differently than I normally do, as Spam Hunter. And the e-mail address is the one I’ve got on my website, not the one I use for posting comments.
The blog was on a topic I would never have gone near. Really dirty stuff. So far it looks like the comments got stuck in a moderating queue. Hope they get deleted on sight by the owner.
Looks like a campaign over several blogs.
—————
Update. Just tipped over into March 25, my time
This is no longer just a prank. It’s now harassment.
This is the text of his latest offering that I found in my referrers:
***************
Looking for great lesbian movies?
Posted by: lesbian movies at March 25, 2005 05:54 AM
*************
He’s trying to Google bomb my site into ranking for lesbian movies. Two links in the same post.
Update March 25
And now he’s doing trackbacks as well.
——–
To the spammer:
If the goal is to get me blacklisted in Google, you can forget it. I’m sure there’s a whitelist as well as a blacklist. If anyone’s on that whitelist, it’s me.
March 24th, 2005 at 4:11 pm
They hit me with the same spam comment, using your web page and e-mail address as the source. The IP is: 204.169.235.108.
March 24th, 2005 at 4:27 pm
Hmm, that’s another proxy used by one of the main spammers. Hopefully someone has software in place that measures if this is done manually or by spamming software. Do you know what the user agent was? You’d need to access raw logs or Latest Visitors in cpanel to find that out.
March 24th, 2005 at 5:52 pm
I got the same thing from 62.68.251.67 at 4:29 eastern time today. I thought that comment spam was a strange way to campaign against comment spam!
The user agent was: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1), and it was a precision strike: that comment was posted to a month-old entry, and nothing else in the intervening 30 minutes or so.
March 24th, 2005 at 7:08 pm
Got a couple over at joemullins.com
168.12.253.66
203.172.255.253
168.12.253.66 - - [24/Mar/2005:17:21:22 -0700] “POST /cgi-bin/mt-tb.cgi/136 HTTP/1.0″ 200 84 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
203.172.255.253 - - [23/Mar/2005:22:33:39 -0700] “POST /cgi-bin/mt-tb.cgi/360 HTTP/1.0″ 200 151 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
Both IPs have hit me at other times.. most likely open relays. Whee!
March 24th, 2005 at 7:15 pm
I just got two trackback spams with the message you posted, from IP Addresses:
203.172.255.253
207.232.181.5
FYI
March 24th, 2005 at 7:32 pm
Me too. Here’s the message:
A new TrackBack ping has been sent to your weblog, on the entry 648 (I got a question).
IP Address: 203.172.255.253
URL: http://www.spamhuntress.com
Title: Spam Hunter
Weblog: Spam Hunter
Excerpt:
Comment spam is destroying the web! Please visit my website and help me fight against evil spammers!!
———————-
De-spam using MT-Blacklist:
http://www.scrawlville.com/mt-blacklist.cgi?__mode=despam&_type=ping&id=813
–
Powered by Movable Type
Version 2.661
http://www.movabletype.org/
March 24th, 2005 at 7:35 pm
[…] Help a lady out Okay, Ann over at Spam Huntress seems to have really annoyed a spammer who is now waging an immature campaign by spamming bl […]
March 25th, 2005 at 7:26 am
Ann Elisabeth: In most civilized countries, impersonation of this kind is a criminal offense: I’d suggest locating some of the open proxies you have been “spamvertized” through, and get an injunction. One or more of these open proxies is bound to have a log file, so you can actually trace down this creep.
Even if you don’t find one, people would probably learn if the police showed up at their door, just because they are running open proxies.
March 25th, 2005 at 2:40 pm
I’ve tracked down people before, and I read up on harassment laws a long time ago. At the very least, this is harassment.
Small time impersonation, probably no more than a misdemeanor. Still worth pursuing, of course.
Especially since this one seems to be using spamming software. One blog had said he’d turned off commenting, and the impersonation comment was entered after that, so he’d probably turned commenting off, but neglected to remove the comment script.
I started writing the proxies a while ago, but didn’t want to alert the spammer that I was tracking. Now that you’ve effectively let the cat out of the bag, I’ll let you all know: I’ve been on it since the moment it started.
March 28th, 2005 at 11:15 am
[…] eived spammy comments/trackbacks on your blog, purportedly spamvertizing this site, please visit the post about that fiasco. Short version: I didn’t do it. Please remove the […]
March 29th, 2005 at 5:44 am
[…] eived spammy comments/trackbacks on your blog, purportedly spamvertizing this site, please visit the post about that fiasco. Short version: I didn’t do it. Please remove the […]
March 29th, 2005 at 9:56 am
Pretty low behaviour by the person involved - but, unfortunately, sad people are not uncommon on the internet, an environment that allows for anonymity on a global scale.
May 2nd, 2005 at 8:45 pm
168.12.253.66 was used to spam our IRC channel.
May 15th, 2005 at 3:35 pm
Curious Referrals
An article on SpamHuntress.com got me thinking laterally about some of the referral stats I’m seeing, and I’ve started to notice something curious.
I’m seeing referrals from what appear to be valid blogs (i.e. I check my inbound connections to se…