My bandwidth consumption on annelisabeth.com has jumped to new heights. And I believe most of it is due to referrer spammers.

According to Awstats, these IP numbers have consumed a lot of bandwidth so far this month:
203.162.27.201 - 106.62 MB
203.162.27.196 - 40.72 MB
203.162.27.195 - 11.44 MB

In other words, one spammer has stolen in excess of 200 MB of bandwidth from me.

In addition, I’ve found these sucking down a lot:
203.162.27.195
203.162.27.200
203.162.27.197
203.162.27.199

Here’s a sample log line:
203.162.27.200 - - [19/Dec/2005:07:33:41 -0600] “GET /blog/archives/000313.html HTTP/1.1″ 200 11248 “h*tp://phentermineadipexionamin.lookscute.com/” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ru-RU; rv:1.7.5) Gecko/20041108 Firefox/1.0″

In addition to that post, they’re pulling down archives quite often.

One of the URL’s spamvertized, goes through a frame redirect to
1-800-pills.com
which pings
69.50.176.254

I looked at other domains hosted on that IP address. They all have similar and different whois info. Clearly fake.

More info on the spammer, including whois, can be found here:
Pills referrer.

I’ll gather more info on the spammer, and might update here or make a wiki page. He definitely deserves some tracking time.

Update:
Sites spamvertized by this bunch point to domains that use name servers from
xxlsearcher.com

That domain has whois info that includes an e-mail address that figures in other anti-spam posts:
TMnet spam
Dumb or beginner - who cares

This entry was posted on Monday, December 19th, 2005 at 9:05 am and is filed under Referrer spam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.