« Krin is back
Keep an eye on Krin »

p00d.com barrage

I woke up to a really bad comment spam run on annelisabeth today. Not sure exactly how many. Over 40, maybe close to 60 (final tally - 88).

Please block
195.225.176.55
just in case.

User agent:
Mozilla 4.0 IE6.0+ SRV1.1

He started hitting my deprecated B2 comment script (all GET commands that got 404’s) June 1
[01/Jun/2005:08:48:56 -0500]
Kept it going now and then until
[02/Jun/2005:11:41:33 -0500]
Then started hitting (GET) an MT post, then posting at
[03/Jun/2005:00:50:52 -0500]

From then on the pace was so relentless, I’m sure it would have taken the server down if I’d been running an older MT version.

He had a few breaks, from half an hour to an hour now and then. The final GET was
[03/Jun/2005:05:29:15 -0500]

I’ve blocked by IP number now, so I’ve hopefully locked him out for a while.

So, who is this spammer?

He’s using lots of subdomains off p00d.com, which is on
69.31.93.123
colo-69-31-93-123.pilosoft.com (colocated box on pilosoft)

The spamming bot is
195.225.176.55
Which is from NetCatHosting in Ukraine. abuse at netcathost.com

Whois:

GAPilmex inc
Niclas Dmitiradis (alexander@freecasinoplay.info)
Nevskiy pr 110-12
St. peterburg
Russia,129180
RU
Tel. +910.21225570861

I believe this info is false. I’ve seen other variants containing the name Marcus. Don’t know if that’s legit either. This spammer has been hitting guestbooks and forums in the past. Always porn spam.

This entry was posted on Friday, June 3rd, 2005 at 8:31 am and is filed under Comment spam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

6 Responses to “p00d.com barrage”

  1. David Phillips (TweezerMan) says:
    June 3, 2005 at 10:06 am

    My web site got hit with 242 spams this morning from that IP address. No damage though - SpamLookup plugin (for MT) identified them all as spam.

  2. Michelle Cavalier says:
    June 8, 2005 at 10:13 pm

    Can you tell me how to block an IP address using b2 blogs? I don’t know if you know how to do this, or if you have time to answer me… but I have one spammer spamming my pitiful blog (comments only) and I cannot figure out how to stop it. He uses multiple IPs, but only about 6, so if I could block them I would be very happy.

    I am new to this, so I’m sorry if the answer is really simple.
    Thanks!

  3. Administrator says:
    June 9, 2005 at 3:09 am

    Step one: Ditch B2. It’s no longer under development, and it’s way too hard to handle unwanted comments (yes, I used it a while ago, so I know first hand). Find instructions on how to import your database into Wordpress instead.

    Step two: Use .htaccess to block IP numbers. Search my site for examples of how to do it, or search Google for .htaccess. There’s lots of info on banning IP numbers.

  4. bleu says:
    July 17, 2005 at 10:38 am

    Had the same IP 195.225.176.57 spaming my guest book too.

    This is a real looser.

  5. ady says:
    October 17, 2005 at 7:27 pm

    It’s now coming from this IP: 195.225.176.155. Just been seeing it in my server logs, where it’s been attempting to comment spam.

  6. Vanrillaer.Com Online says:
    December 11, 2005 at 2:44 pm

    SPAM - Quick Update

    A true looser …

Leave a Reply

Search
Categories
Archive
Bookmarks