Supremely stupid
I don’t often excuse people of being stupid. It’s not exactly conducive to a good dialogue.
But this time I’m wondering…
A comment spammer goes about his task, probably doing a Google search to fetch prospects for his spam run. Then apparently doesn’t check the names of the blogs. Probably too many, eh?
So he proceeds to comment spam a blog called spamhuntress - about 137 times in about two days… (October 4-5)
Details:
IP number:
71.57.133.162
c-71-57-133-162.hsd1.fl.comcast.net
I didn’t portscan the machine, but it doesn’t seem to have a standard webserver, so chances are this MIGHT be a home or office connection. It does answer ping, which is unusual (for a regular desktop machine).
User agent, switching between:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; iOpus-I-M; .NET CLR 1.1.4322)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
He’d been at it for a while when he started spamming my blog. He was spamming forums September 25-29.
I’m not the first blogger to mention him either.
On my blog he spamvertized:
bestlowmortgagerates.com
debtconsolidation-site.com
homeequityloan-x.com
homeequityloans-x.com
mortgage-911.net
mortgagerates-x.com
my-mortgagerates.com
refinance-mortgageonline.com
refinance-x.com
And these on the forums:
autoinsurance-x.com
bestlowmortgagerates.com
debt-consolidationhome.com
carinsurance-x.com
cashdavance-x.com
creditcards-x.com
debtconsolidation-today.com
dentalplans-x.com
healthinsurance-x.com
homeequityloans-now.com
homeequityloan-now.com
homeequitylineofcreditlenders-x.com
homefinance-x.com
homeloan-now.com
homeloans-now.com
lifeinsurance-x.com
mortgage-911.com
mortgagebrokers-x.com
mortgagecompanies-x.com
mortgagerefinance-x.com
mortgagerefinancing-x.com
mortgages-411.com
mortgagelenders-x.com
mortgageloan-x.com
mortgageloans-x.com
paydayloans-x.com
realtors-x.com
webhosting-x.com
Update:
I was in a hurry, and didn’t trace him every which way, like I usually do. So I get to do it now instead. So far I’ve found these variations on whois info:
Navarrete, Javier info@mcfimortgage.com
Confin Home Mortgage & Loans Corp.
5775 Blue Lagoon Drive
Suite #190
Miami, Florida 33126
United States
8772603799 Fax — 3052653210
A, Javier info@refinance-mortgageonline.com
3001 S.W. 133 PL
Miami, Florida 33175
United States
23456789 Fax — 23456789
Owen, Junior info@my-mortgagerates.com
PO BOX 53562
Dallas, Texas 75221
United States
23456789 Fax — 23456789
I started looking up one of the e-mail addresses, and found a story of a blogger retaliating, and the spammer retaliating back. And another blogger got in on it too.
I got a hit on another e-mail address. This might be his real location, which conforms with the legit looking whois info above.
[...] ll be another year before this happens again! UPDATE: I see this spammer also visited the Spamhuntress - what a twit! Go get him Ann! Technorati Tags: [...]
71.57.133.162 has been comment spamming me for the last couple of days but leaving just single letters like c, b, or z as well as ‘awesome’ and ‘I disagree with your opinion’. No links to any spamvertised sites.
70.84.49.34 left links for smalldebt.com and mortgagemavericksonline.com earlier today. This may be the same spammer as 71.57.133.162 as the e-mail address in the attempted comment was identical.
Speaking of that rat at 71.57.133.162, the comments themselves are usually a single letter, the domains are left in the comment author’s website box.
I had IP-banned 70.84.49.34 some time ago, and may do the same to the first.
24.4.74.216 is following in their wake, with comment spam leaving domains that will trigger many bad-word filters, as well as bad memories for me.
If you haven’t already tried it, check out the Bad Behaviour plugin for WordPress. We’ve had success with it stopping comment spam, at least on some little used blogs. One that has no comment spam (now) had 700+ comment spam entries before the plugin.
You can find it here:
http://www.ioerror.us/software/bad-behavior/
@Fred: Bad Behavior (1.2.2) isn’t stopping this one as of now. It’s gotten through it on my install.
http://blogged.btvillarin.com/2005/10/06/bad-behavior-not-100/
If there was a way WordPress can stop one character comments, perhaps? I don’t know what else to do, but that IP has been banned in .htaccess for now.
@Ann: Best of luck finding this idiot!
FYI: Just finished an email conversation with Michael, and he said all the comments posted by this particular spammer was manually. So if he’s hitting you, he probably just doesn’t like you.
So, he’s banned for now. Does Ann have an update for this spammer?
Here’s an interesting idea on stopping comment spam, posted on John C. Dvorak’s web site. Note - I haven’t tried it yet myself, because we’re not currently having a problem with comment spam.
————————————————————-
Most people who run blogs have issues with comment spam in their blogs
and there are all sorts of fixes. Marc Perkel at ctyme.com - my host -
was floored, he said, when he realized a simple command to the Apache
software would kill most of it - and it does indeed work!
Here is the short code running on the ctyme server for my dvorak.org using WordPress-based blogging software. Altering it for other b
log software and other blogs should be simple for anyone running Apache.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^.*dvorak.org/.*
RewriteRule ^.* http://www.ctyme.com/comment-spam.html
Essentially it makes the basic condition for any post rigid: it has to be coming from a link within the blog itself, the “comment” li
nk. Most spam does not.
My spam count on the blog has dropped from 50-100 to 2 per day without
any other tricks.
[from dvorak.org/blog - search on comment spam]
There was spamming detected by me on the website “www.criticalfiles.com”…it was a whole bunch of random letters on the software reviews.