I got some comments on annelisabeth.com, and went after the spammer.

I’m not that much wiser, but at least I got the IP number spammed from, for your blocklists.

Florida Comcast Spammer

One of the readers, who for now wishes to remain anonymous, got really fed up with all the referrer spam from the Zahariev brothers. So he wrote a little script to block the proxies as they came in, and shared the list of blocked proxies. Some of those on his list may be from other proxies, but most should be ones used by the Zaharievs. They like to shake up their lists now and then, but if you block these, you should have some respite for a while (bandwith wise, they’ll still try to hit the site, getting 403 errors):

128.135.11.152
128.2.198.188
128.31.1.14
129.10.120.111
129.105.44.80
129.105.44.81
129.97.75.238
130.192.86.29
130.37.198.243
130.37.198.244
130.60.48.210
140.131.110.4
148.223.216.169
148.244.150.52
148.244.150.57
148.244.150.58
150.165.15.19
163.16.30.50
163.28.48.69
163.28.48.70
165.21.7.105
166.114.30.40
192.139.28.248
193.140.140.70
193.140.140.76
193.194.68.3
193.219.147.212
193.219.42.36
193.24.213.214
193.52.45.49
193.95.243.108
193.95.90.52
194.249.248.10
194.249.66.110
194.63.235.148
194.77.84.131
195.229.241.180
195.229.241.181
195.229.241.184
195.229.241.186
195.229.241.187
195.61.146.130
198.163.152.230
200.107.34.233
200.13.218.147
200.171.140.113
200.178.216.80
200.183.227.162
200.196.101.98
200.39.103.224
200.41.79.83
200.42.214.178
200.77.144.246
200.92.225.13
200.93.196.23
201.243.58.105
202.128.69.58
202.143.156.18
202.175.234.163
202.28.204.123
202.29.136.140
202.44.14.194
202.62.97.18
202.83.175.156
202.83.175.98
203.125.254.164
203.144.197.194
203.144.216.211
203.144.230.226
203.150.234.43
203.155.1.245
203.187.176.185
203.187.248.154
203.190.147.11
203.197.196.178
203.199.92.158
203.74.111.25
203.98.57.97
204.83.0.41
204.83.150.164
205.136.240.131
205.155.212.20
207.127.8.66
207.248.240.118
207.248.240.119
207.54.97.185
209.191.9.229
209.240.205.63
210.128.142.42
210.173.179.77
210.212.140.23
210.212.204.241
210.238.249.8
211.101.6.5
211.5.244.162
211.9.240.35
212.0.128.2
212.109.106.118
212.138.113.12
212.138.113.16
212.138.47.13
212.138.47.14
212.138.47.15
212.138.47.17
212.138.47.29
212.155.169.124
212.199.177.59
212.199.177.64
212.199.177.66
212.199.249.206
212.205.135.51
212.60.64.245
213.144.118.197
213.157.67.112
213.162.50.228
213.181.81.242
213.228.160.17
213.249.130.232
213.249.155.231
213.249.155.242
213.42.2.10
213.42.2.21
213.42.2.22
213.42.2.23
213.42.2.25
213.42.2.29
216.146.120.108
216.227.95.43
216.37.138.189
216.60.21.4
217.133.0.152
217.149.102.14
217.17.41.72
217.218.147.180
217.219.20.66
217.219.28.152
217.52.247.3
217.52.41.199
217.63.142.225
218.145.25.43
218.248.1.13
218.26.211.18
218.29.23.179
218.44.191.226
218.56.32.230
218.97.253.217
219.140.161.24
219.144.196.200
219.144.196.202
219.93.62.106
219.95.111.181
220.106.0.34
220.110.186.122
220.192.24.168
220.192.24.169
220.194.54.27
220.212.163.178
220.96.253.245
221.186.246.66
24.107.33.4
24.158.18.138
24.56.238.108
24.60.61.68
24.97.174.130
59.120.174.243
61.11.26.142
61.129.44.201
61.150.115.245
61.178.185.56
61.221.199.204
61.221.30.167
61.66.137.2
61.95.227.16
62.101.126.212
62.150.9.178
62.242.24.96
62.81.221.65
63.148.99.234
63.148.99.244
63.218.109.130
63.241.72.171
64.140.49.66
64.140.49.68
64.140.49.69
64.157.224.134
64.235.204.179
65.160.122.209
65.160.122.217
65.165.84.11
65.98.67.74
66.208.166.3
66.92.163.205
67.136.230.150
67.89.120.101
68.104.181.197
68.236.84.4
68.50.130.121
68.67.102.167
69.155.184.142
70.242.144.156
80.148.9.98
80.191.247.13
80.191.49.7
80.207.188.140
80.53.145.58
80.53.183.102
80.53.206.34
80.53.30.180
80.53.47.142
80.53.53.34
80.55.189.10
80.58.8.42
81.0.182.35
81.10.150.42
81.115.31.217
81.12.246.11
81.138.138.1
81.15.233.3
81.168.201.95
81.4.168.140
81.8.110.33
82.101.146.133
82.141.201.194
82.154.249.248
82.189.93.226
82.190.108.210
82.201.185.22
82.76.208.73
82.76.77.30
82.77.200.162
82.79.195.170
83.100.139.182
83.155.9.70
83.213.14.174
84.80.120.134

As I explained on the wiki page about the Omni-Explorer, it’s still hungry.

Latest IP number was
65.19.150.249

It could be worse in terms of bandwidth this time around, but I really think there’s shoddy coding when it goes through over 700 files that fast!

I picked up the trail of another submitter software spammer yesterday.

The domain name was dorank.com, and it was widely spamvertized, starting at least as early as April 21 this year. The site was in Russian, and as far as I can tell, it was meant for forum profile spam, and possibly more. It featured automatic subscribing.

But something went wrong. Namely webhosts are less willing to carry sites that sell or provide spam software.

That didn’t use to be the case. My guess is that’s changed since MCI were pressured to boot the makers of Send Safe, the e-mail spam software.

Rojisan outs two:

This one about Nicky Greenside was particularly tongue in cheek.

Then there’s also Casinostates.com.

Dirk outs one:

Homepages for kids - NOT

That spambot 69.50.180.186 is on ESThost, BTW. Fricking coincidence? Heh…

I got some trackback spam on annelisabeth.com. I’ll write up the spammer later. But one thing caught my attention.

The IP number the spam came from appears to be running an embedded webserver. That’s a chip!

So it’s either an open proxy or a webserver under the control of the spammer.

Have fun testing it!
66.208.198.22

I caught the jaja-jak-globusy.com domain referrer spammed on two of my sites. Turns out the domain is part of the Netsphere domain parking program, and uses Adsense for domainpark. BTW, Netsphere appears to be a closed program. No sign of it in Google.

Problem is, the pages look undistinguishable from Adsense scraper pages. They have a search function that puts keywords into the URL, which means relevant Adsense ads will be returned.

The server is full of such domains. I don’t know exactly how many, because webhosting.info refused to return any results, and whois.sc was struggling for a long time too, before reporting 389526 websites. A significant portion of those belong to the spammer, as far as I can tell.

And they’re referrer spamming a domain that was bought June 9th! It probably was previously owned, though.

Guys, am I the only one who thinks this looks awfully fishy?

Remember a while ago, someone spamvertized this site? One of the key phrases was “lesbian movies”. I was struggling with hits from MSN and Yahoo for weeks. Eventually, it subsided. Most likely because the search engines gave precedence to newly spammed keywords.

But just lately I noticed more hits from MSN on those keywords.

Turns out there’s a new algo, and unfortunately, I’m now at 4th place for that keyword.

I guess I have to agree with the guys at Webmasterworld about the new algo being spammier, based on my rather limited experience.

Threadwatch has a story on something Matt Cutts said (top Google engineer/PR guy).

He says to follow the Ads by Google on Adsense ads if you want to report violations of the Adsense policies.

And in one of the comments, I found a spam report address for MSN. Long overdue, in my opinion.

I just spent a little time tracking Vinnie 1 hit a bit more closely.

Wanna see what he looks like? Well, allegedly:

Vinnie 1 hit