Note: CogDogBlog has a new WordPress powered home at http://cogdogblog.com/. All entries from this version have been moved there, so as a guide dog service try finding this article in its new home by title search.
Yes, I have been a bit obsessed lately with the roaches who have been spamming our Maricopa Learning eXchange. This is not all I have been doing this week, but it grinds away.
I have a latest fix which will be secretive since I believe the spammer is a reader here ("howdy!")- but so far, from the new spam logs I am running, they are going directly to the dung heap. From the patterns I recorded up to now, it is apparently the work of one spam roach, and this roach has likely written a script to do this, or they just enjoy cutting and pasting their spam into forms. His/her format is sadly predictable.
In a way, I set one trap. We now have a spam key hat is generated from the comment submission form, but it is embedded in the for as a hidden form element. Any script kiddie knows how to get that, so the roach thinks he/she is pretty smart.
Little do they know about diversions.
Anyhow, we've got a few levels of protection running, and maybe I can devote a little more time on working on the open source version of the MLX.
The sad thing is that in the last few weeks of watching the spam comments roll in there have been no legitimate ones ;-)
Using the address digger tool from SamSpade, I traced this IP to an address controlled by Korea.net. I certainly doubt that they will do anything, but I gave it a try to firstname.lastname@example.org. I know they will not do anything about spammers, since they would rather collect a few pennies per spammer for giving them IP addresses than doing something that is constructive for the rest of the world. But hey, you never know....
For the last two weeks, the educational web site I maintain at: http:///www.mcli.dist.maricopa.edu/mlx/
has been repeatedly attacked by a computer at the address:
which according to SamSpade is withing your range:
This person has repeatedly attempted to insert URLs into a comment feedback for that goes to our teachers. This spam includes various unwanted, unrelated links to web sites (there is no educational connection between online gampling, online phramcies, etc and our site. I have documented more than 40 examples of this abuse (four are attached as examples).
Please verify to me that you have closed this person down and refuse to allow these kinds of peopleto ruin the internet experience for teachers and learners from around the world who use our web site. If no action is taken, I will start a publicity campaign to ask that other web sites start banning access to their content from anyone within your IP range.
Please stop promoting spam and start shutting it down. It will hurt you in the long tun.
In the meantime, remember to ban
from all of your sites.
as well as:
I now have all identified spam automatically adding to an MLX blacklist.
Update 8 hours later Stupid spammers, every hours on the hourkeeping at at although all of their attempts are going to dev/null (trash). An excerpt from my log:
10.02.04 08:10:01 am 188.8.131.52 email@example.com 10.02.04 09:10:26 am 184.108.40.206 firstname.lastname@example.org 10.02.04 09:10:55 am 220.127.116.11 email@example.com 10.02.04 10:10:05 am 18.104.22.168 firstname.lastname@example.org 10.02.04 11:10:49 am 22.214.171.124 email@example.com 10.02.04 11:10:01 am 126.96.36.199 firstname.lastname@example.org 10.02.04 12:10:44 pm 188.8.131.52 email@example.com 10.02.04 01:10:10 pm 184.108.40.206 firstname.lastname@example.org 10.02.04 02:10:26 pm 220.127.116.11 email@example.com 10.02.04 03:10:49 pm 18.104.22.168 firstname.lastname@example.org 10.02.04 04:10:58 pm 22.214.171.124 email@example.com 10.02.04 04:10:59 pm 126.96.36.199 firstname.lastname@example.org 10.02.04 04:10:07 pm 188.8.131.52 email@example.com 10.02.04 04:10:35 pm 184.108.40.206 firstname.lastname@example.org 10.02.04 04:10:47 pm 220.127.116.11 email@example.com 10.02.04 04:10:47 pm 18.104.22.168 firstname.lastname@example.org 10.02.04 05:10:44 pm 22.214.171.124 email@example.com 10.02.04 05:10:33 pm 126.96.36.199 firstname.lastname@example.org 10.02.04 06:10:39 pm 188.8.131.52 email@example.com
And All those fake "absinth" emails have shown up in my MTBlacklist traps as well.
Stupid stupid, spammer.blogged October 2, 2004 08:25 AM :: category [ mlx , web bad dog ]