« Tricky forumspam
Domain sharks »

Anatomy of a manual spam

I got a comment to an old post that seemed fairly well on topic, but it had a “commercial” link, so I dug deeper. It’s a manual spam, meaning it was done with a browser, not a script.

He first came in from a Google search October 6, and left after checking out the post
Query syntax:
Name (required) + Website + comments + blogs + office machinery

He came back October 21 after a Google search, and posted
Query syntax:
Name (required) + Website + comments + blogs + fax machines

The text in the spam comment was this one:

One that has no comment spam (now) had 700+ comment spam entries before the plugin.

That sentence is lifted from an existing comment on that page and then used for the spam comment.

And the site was: shredderwarehouse.com

It’s kind of unusual for business sites to have whois protection, but this one does.

It’s on 68.178.184.239, which is ip-68-178-184-239.ip.secureserver.net. It appears that the IP has changed hands very recently. All the sites listed for it are on another IP by now.

It’s been spamvertized at least since August 30th. And it’s been spamvertized together with evision.com.pk, which is owned by someone in Pakistan. The spam I received also came from an IP in Pakistan. They’ve also spammed for flowergirldressforless.com, which wants people to think they’re based in California. There’s a mailbox rental company at that address, so they’re not really at the address listed in the whois. Their phone numbers are local to that area, though.

If I were to guess, I’d say it’s quite possible eVISION is a Black Hat SEO company that’s spamming for themselves as well as customers.

This entry was posted on Saturday, October 21st, 2006 at 5:04 am and is filed under Comment spam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Responses to “Anatomy of a manual spam”

  1. evariste Says:
    October 21st, 2006 at 11:45 pm

    Check out the four spams at the bottom of this post. Ian Bicking is a high-profile Python developer, and the post he wrote was about Python and Ruby.

  2. evariste Says:
    November 19th, 2006 at 12:14 am

    More bespoke spam. Astonishing work. I made a screenshot before deleting the comment in question; it’s #12 “Abigail”.

  3. Russian Spammer Says:
    December 6th, 2006 at 7:11 am

    Wanna discuss? =) You just get angry , while we’re making huge money(well , those who know the biz well)

  4. Carbonize Says:
    January 29th, 2007 at 5:25 am

    I have yet to see an intelligent spam post. They are usually easy to detect by the very bad English. I laugh when I read my forum logs and see all the failed attempts at posting spam as well as all the failed attempts at registering.

  5. Lemat Says:
    January 29th, 2007 at 6:37 am

    On my friends forum I’ve added on registration page “All pharma/SEO spammers will be deleted on sight!” just below captcha. And I see that ~75% spammers don’t go further, but the remaining ~25% is unable to read and understand OR maybe they want to try me out. Should I put it in russian? I would be glad if someone of russian (mostly) spammers watching this blog translate it for me. ;)
    Just in case someone want to send me translations - my web page is shown above…

Leave a Reply