Uncategorized

One Down, A Billion To Go

Okay, so “nofollow” is “nomiracle”… but today I got confirmation from a site in Span that one or molecules of spam were stomped:

Hello Mr. Levine

Sorry for the long time without news about our “problem” but we’ve been very busy making changes in our network in order to fix it.

During this week we’ve changed almost all our network architecture and replaced two machines that should have been the ones that were originating this situation. Now, we’re still making some works but I hope that the problem will be solved at all.

Sorry for the inconveniences.

Regards from Spain,

Julio Xxxxxx

This must be a record since it is the first time I have ever gotten a (human) response from a site I sent en email with evidence of a spam coming from their domain. It’s been so long but I recall seeing a whole series of attempted comment spam that cropped up in the error log. As a test, I periodically change the name of the MovableType comments script (raise your hands if yours is still named mt-comments.cgi…. if so, you make yourself an easier target) and then you can see rafts of spam efforts show up in the server log files. And the bulk of these had a referrer pointing to an online gambling url.

Anyhow, about 80 of these in a row came from an IP address that I was able to trace using SamSpade to a Spanish educational institution. Just by writing to webmaster@…… (the domain) I figure it was a toss in the black hole. But hey, at that time, I had some time, and if you do not take a little pro-activity every now and then, you are just a idle victim.

Not a Spanish speaker, I composed a simple message and web translated it to Spanish (knowing of course how crippled language translations can be).

Pardon mi mensaje pues no hablo español que estoy utilizando un Web site para transferir mi mensaje al español. Funciono varios sitios de la tela que apoyen a educadores para un sistema de la universidad en el Arizona. Estoy remontando una cantidad grande de ataques del Spam, y mis registros del servidor indican que algo de esta actividad está originando del IP address xxx.xxx.xx.xx que conectó con su Web site. Éstas son líneas directas de mi registro de errores (he inhabilitado la escritura se está atacando que):

[Mon Nov 29 21:33:28 2004] [error] [client xxx.xxx.xx.xx] script not found or unable to stat: /var/www/cgi-bin/mt/mt-fb.cgi, referer: http://www.some-stupid-gambling-url.pig/
[Mon Nov 29 21:33:32 2004] [error] [client xxx.xxx.xx.xx] script not found or unable to stat: /var/www/cgi-bin/mt/mt-fb.cgi, referer: http://www.some-stupid-gambling-url.pig/
[Mon Nov 29 21:34:02 2004] [error] [client xxx.xxx.xx.xx] script not found or unable to stat: /var/www/cgi-bin/mt/mt-fb.cgi, referer: http://www.some-stupid-gambling-url.pig/

——————————————————-

Pardon my message as I do not speak Spanish- I am using a web site to transfer my message to Spanish.

I operate several web sites that support educators for a college system in Arizona. I am tracing a large amount of spam attacks, and my server logs indicate some of this activity is originating from the IP address xxx.xxx.xx.xx which connected to your web site. These are direct lines from my error log (i have disabled the script that is being attacked):

[Mon Nov 29 21:33:28 2004] [error] [client xxx.xxx.xx.xx] script not found or unable to stat: /var/www/cgi-bin/mt/mt-fb.cgi, referer: http://www.some-stupid-gambling-url.pig/
[Mon Nov 29 21:33:32 2004] [error] [client xxx.xxx.xx.xx] script not found or unable to stat: /var/www/cgi-bin/mt/mt-fb.cgi, referer: http://www.onlinegambli ng-4u.net/
[Mon Nov 29 21:34:02 2004] [error] [client xxx.xxx.xx.xx] script not found or unable to stat: /var/www/cgi-bin/mt/mt-fb.cgi, referer: http://www.some-stupid-gambling-url.pig/

Anyhow, some quiet celebration here. Of course this has such an infinitesimal impact on the spam scene, but it feels good– and that counts

Profile Picture for Alan Levine aka CogDog
An early 90s builder of the web and blogging Alan Levine barks at CogDogBlog.com on web storytelling (#ds106 #4life), photography, bending WordPress, and serendipity in the infinite internet river. He thinks it's weird to write about himself in the third person.