Fake referrer spambot
I first noticed this IP when I was wondering about referrers that just didn’t add up. They were for ordinary blogs that didn’t have links to my site. I was starting to wonder about a software glitch somewhere, when I noticed that all the referrers were from the same IP number.
220.163.31.141
But there’s a point to the madness:
This is a spambot in service for a spammer in China (as far as I can tell). The spam has gibberish on it, and the domain spamvertized is cnn4.cn. There are redirects to various permutations of cnnxx.cn. I haven’t done much snooping, because of the situation in China (domain registrations are often in the name of the registrar).
But referrers and user agents are blank, except for some accesses with the fake referrer (blank user agent even then). And the bot accesses the same posts over and over.
Update: When that IP is blocked, the same spam comes from this IP:
220.163.33.27
218.242.74.174 (new July 22)
72.232.9.234 (new August 6, does google.com and disney.com spam. Probably another entity)
61.141.145.251 (new August 14)
Those are chinese IP addresses and you’ll get rid of a ton of spam, both email and blog posts, just blocking china from your server, period. Had to do that a couple of years ago as they were knocking my server offline hitting it so hard.
Same subject, different villian– I’ve gotten referral spam from Disney.com. You can read about it here.
And thanks for doing what you do.
Billy, it is very unlikely that Disney or anyone associated with them spammed you. Most likely, it was a spammer testing out his new software or attempting to damage blacklists. Spammers occasionally spam for big sites such as Google, CNN, Disney, or Wikipedia for no reason.
The gibberish may actually be Chinese characters, but using the wrong character encoding for your display.
If you are interested in seeing the content, it might be worth changing the viewed character set in your browser. Big5 or ISO-2202-CN is the most likely for mainland Chinese.
You will need a unicode or Chinese font available for your view too.
… you will also need to know how to read Chinese!
Is Disney my biggest fan or just more spam?
So there I was, innocently obsessively checking my blog stats, when who suddenly appeared? Disney. I looked again. Disney? There it was, in all its glory. Disney was looking at my blog. I’ve made it to the big time. I am the man.
I went to the Disne…
You probably want to install Akismet, this will prevent comment spam to your blog. I just installed it on my blog, and it works like a charm. Also, like IncrediBILL says, blocking China, or all of Asia for that matter, will simply do you alot of good.
I do system administration for a financial service company, and we pretty much block the non-english speaking world. If we can’t communicate with them, chances are, they are up to no good with our services.