Ad for blogmysite
Update
I was too quick to call the blogmysite scheme blogspam. Read my newer post for clarification:
My apologies to Maryanne Myers
However, what happened that I wrote about here, WAS blogspam.
And I’ve let the ad through my filters, to prove it was actually posted. I edited out the live links and affiliate ID, and then included it at the bottom. Have a look:
Blogmysite ad
—————-
I just had an ad for blogmysite stopped by my moderation filter.
Yep, the gall of hitting an anti linkspam with an ad for a blogspam program…
Not using a cutaway site either, just the affiliate ID directly.
The IP number:
64.125.172.134
64.125.172.134.aspen.com
It’s a Texas based company, providing hosting, collocation, ISP and transport.
The machine in question has SSH on it, answering on port 80 instead of a webserver. Very curious. It also has FTP on it. I don’t know if it’s hijacked or set up for this purpose. No known sites on it. I guess an abuse letter is in order.
info at AspenTX.com or upstream abuse at above.net
———–
The ad was entered manually, not through the program.
User agent:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Crazy Browser 1.0.5; .NET CLR 1.1.4322)
Came in through a Google search for blogmysite, posted the comment, then came back in from the Google search and tested if the comment had made it on to the page.
And finally did a get on /wp-comments-post.php. I wonder why?
March 2nd, 2006 at 1:54 pm
Was this resolved? I’m with AspenTX.com and can assist if this problem persists. We have a number of wireless ISP’s as customers and it is not uncommon for their machine to become comprmoised.
March 2nd, 2006 at 2:07 pm
This was such a long time ago, your guess is better than mine. I guess you could monitor for incoming port 22, and filter out known servers that are OK? Then check for traffic patterns? Very similar for how you’d monitor for infected computers sending out to loads of servers on port 25.