« Blog ranking
Commenting on spamresources »

208.66.195 spam harvester territory

I found these in my logs:

208.66.195.1
208.66.195.2
208.66.195.4
208.66.195.6
208.66.195.7
208.66.195.8
208.66.195.11
208.66.195.14
208.66.195.15
208.66.195.21
208.66.195.23

Some are very hungry. We’re talking about a few hundred megabytes between them. And the bot is clueless, as this GET should illustrate:

GET /w/index.php?title=Special:Listadmins&amp%3Blimit=500&amp%3Boffset=0&feed=rss

Project Honeypot determined that this one was most likely a spam harvester. V7n also noticed it’s behavior and recomended blocking.

This entry was posted on Tuesday, September 19th, 2006 at 6:49 am and is filed under Bots. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “208.66.195 spam harvester territory”

  1. IncrediBILL Says:
    September 20th, 2006 at 11:42 am

    HINT: Have you ever seen a real browser post a request with “&” in the URL between parameters?

    Only stupid bots do that so I just block any request with “&” and a few other common HTML/SGML errors they make. The first occurance of such a URL locks them out, makes life easy for me.

  2. IncrediBILL Says:
    September 20th, 2006 at 11:43 am

    oops, it converted it… lol that “&” is supposed to be “& amp;” without the space

    I should go back to bed…

Leave a Reply