203.116.214.2 spammer
I upgraded annelisabeth.com to MT 3.2 yesterday. In the process, I didn’t transfer the .htaccess over, so my blocks have been off for half a day.
I did wonder why I suddenly got so many trackbacks. One of the spammers is someone I hadn’t seen before.
Spambot:
203.116.214.2
This is an IIS server from Singapore. I obviously don’t know if it’s compromised or leased.
User agent:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
IP numbers:
69.50.175.93
69.50.175.94
80.77.82.193
80.77.88.232
I’m in the middle of tracing, so I expect there are more IP numbers.
The whois info on the domains on his servers is fake. He goes by several names. Not sure it’s even worth including. And the sites he has on those domains are seemingly legit. At the bottom he includes some dyndns subdomain sites with filthy names. So the domains are there just to give links to the subdomain pages.
The subdomain pages generally load a javascript named in.js. It redirects to another page that opens popup hell. Porn popups.
The spammer seems experienced on some fronts, and like a noob on others. My guess is it’s a new spammer.
Og vær forsiktig. Det er rapporter om malware fra en av domenene.
September 10th, 2005 at 7:08 am
Since our Spamhuntress momentarily lapsed into writing Norwegian
, I’ll translate the last sentence
“And, be careful. Malware has been reported on one of the domains”
September 10th, 2005 at 7:20 am
OMG, I totally forgot. I had the window open, and went back to it and typed in that one sentence before clicking submit!
September 22nd, 2005 at 10:51 pm
No worries. I’ve done the same and I only speak one language!
September 24th, 2005 at 2:56 am
I also was spamed by this IP (203.116.214.2): they where posting spam comments into my PostNuke site… I stoped them with a .htaccess like this:
order allow,deny
deny from 203.116.214.2
allow from all