I am not a happy pup.
The volume of blog comment spam coming into my quiet little dog house is has reached DEFCON 4 on the scale of annoyance.
So I am taking action against one company, Ubiquity Server Solutions which coddles spammers (see the updates and comments below- I cannot stand by this initial accusation; and they, in fact, have taken action). I have twice reported offending IP addresses they host that are sending spam to abuse@biquityservers.com, sending pertinent information: And below, I invite you to join me and ban them from your sites.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
I am getting large volumes of blog comment spam originating from servers on your network. Please let me know when you have canceled these persons accounts. ---------- Forwarded message ---------- From: WordPress <wordpress@cogdogblog.com> Date: Sun, Mar 14, 2010 at 4:30 PM Subject: [CogDogBlog] Please moderate: "More Than Notes is Evernote" To: cogdogblog@gmail.com A new comment on the post #4253 "More Than Notes is Evernote" is waiting for your approval http://cogdogblog.com/2009/10/01/evernote/ Author : acbaldwin (IP: 64.120.31.41 , 64.120.31.41.ubiquityservers.com) E-mail : raymondisking@hotmail.com URL : BLOG SPAM URL REMOVED FOR WEb PUBLISHING Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=64.120.31.41 Comment: I'm looking for quality and good websites to help me learn A new comment on the post #4723 "There's Gotta Be a Better Way To Search a WordPress Blog" is waiting for your approval http://cogdogblog.com/2010/03/10/search-wp-blog/ Author : Lana Montejo (IP: 173.234.52.247 , 173.234.52.247.rdns.ubiquityservers.com) E-mail : Mermelstein223@gmail.com URL : BLOG SPAM URL REMOVED FOR WEB PUBLISHING Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=173.234.52.247 Comment: You wouldnt believe how long ive been looking for something like this. Through 10 pages of Google results and couldnt find anything. One search on Bing. There was this.... Really have to start using it more often! </wordpress@cogdogblog.com> |
The response I get is:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
Alan, We have sent our customer a complaint. Thanks! All the best, Allen Jenkins Ubiquity Hosting Support Ticket Details =================== Ticket ID: BES-740526 Department: Abuse Priority: Medium Status: Closed |
Hold on a minute, Allen Jenkins- this ticket is not closed at all since you have not done crap to stop spam. “We have sent our customer a complaint?” WTF is that really going to do?
Yes… since this message I have a raft of new blog comment spam coming to me from Ubiquity Servers
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 |
---------------------------------------------- A new comment on the post #4723 "There's Gotta Be a Better Way To Search a WordPress Blog" is waiting for your approval http://cogdogblog.com/2010/03/10/search-wp-blog/ Author : Bill Jenkins (IP: 173.234.11.216 , 173.234.11.216.rdns.ubiquityservers.com) E-mail : Hilyer@yahoo.com URL : BLOG SPAM URL REMOVED FOR WEB POSTING Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=173.234.11.216 Comment: I'm going to bookmark this blogg on Dilicious to get more views for you. ---------------------------------------------- A new comment on the post #4661 "A Lot (= what I don't know)" is waiting for your approval http://cogdogblog.com/2010/02/06/what-i-dont-know/ Author : Blake Vanputten (IP: 173.234.38.5 , 173.234.38.5.rdns.ubiquityservers.com) E-mail : Mangaoang@gmail.com URL : BLOG SPAM URL REMOVED FOR WEB POSTING Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=173.234.38.5 Comment: Headlines generated by Tiger Woods ---------------------------------------------- A new comment on the post #4505 "Flattery By Spam Will Get You... " is waiting for your approval http://cogdogblog.com/2009/12/22/flattery-by-spam/ Author : Angelo Dallmeyer (IP: 173.234.92.211 , 173.234.92.211.rdns.ubiquityservers.com) E-mail : Molla@gmail.com URL : BLOG SPAM URL REMOVED FOR WEB POSTING Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=173.234.92.211 Comment: Arthritis in canines can be a major issue that many people never even think of in senior dogs. ---------------------------------------------- A new comment on the post #4767 "Stomped by Lawyers" is waiting for your approval http://cogdogblog.com/2010/03/23/stomped-by-lawyers/ Author : Terrance Obrzut (IP: 173.234.49.198 , 173.234.49.198.rdns.ubiquityservers.com) E-mail : Darrisaw@gmail.com URL : BLOG SPAM URL REMOVED FOR WEB POSTING Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=173.234.49.198 Comment: This unique article makes me understand that many of us have to take alot more care of ourself and every other. ---------------------------------------------- A new comment on the post #4767 "Stomped by Lawyers" is waiting for your approval http://cogdogblog.com/2010/03/23/stomped-by-lawyers/ Author : Marylouise Kingston (IP: 173.234.19.177 , 173.234.19.177.rdns.ubiquityservers.com) E-mail : Worm@ymail.com URL : BLOG SPAM URL REMOVED FOR WEB POSTING Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=173.234.19.177 Comment: ["¦] <a href="http://cogdogblog.com/2009/10/01/evernote" rel="nofollow">http://cogdogblog.com/2009/10/01/evernote</a> - More Than Notes is Evernote - CogDogBlog ... But everyone needs a vacation, and everyone should buy a timeshare so they can guarantee that vacation. ...read more at BLOG SPAM URL REMOVED FOR WEB POSTING [...] ---------------------------------------------- A new comment on the post #4767 "Stomped by Lawyers" is waiting for your approval http://cogdogblog.com/2010/03/23/stomped-by-lawyers/ Author : Andrew A. Sailer (IP: 173.234.46.243 , 173.234.46.243.rdns.ubiquityservers.com) E-mail : memory@1gbpc2700.com URL : BLOG SPAM URL REMOVED FOR WEB POSTING Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=173.234.46.243 Comment: There are a lot of people who do not pay any attention to RAM when they buy their laptops. They may be ignorant or perhaps plain negligent on this. But when the laptop works slowly or perhaps conks off in the middle of important tasks, they wonder as to what happened suddenly. ---------------------------------------------- A new comment on the post #4694 "Best. Motley. Postcard. Evah." is waiting for your approval http://cogdogblog.com/2010/02/26/best-motley-postcard-evah/ Author : Charley Koor (IP: 173.234.11.13 , 173.234.11.13.rdns.ubiquityservers.com) E-mail : Reimann@yahoo.com URL : BLOG SPAM URL REMOVED FOR WEB POSTING Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=173.234.11.13 Comment: I think you can do no wrong making things easier for your readers, and I think this is achieved through preview and subscription functionalities. ---------------------------------------------- A new comment on the post #4479 "Filtered: "Hey kids, get off of that website, what are you trying to do..."" is waiting for your approval http://cogdogblog.com/2009/12/17/filtered/ Author : hot blonde jokes (IP: 64.120.31.128 , 64.120.31.128.ubiquityservers.com) E-mail : marinewife0528@yahoo.com URL : BLOG SPAM URL REMOVED FOR WEB POSTING Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=64.120.31.128 Comment: Hi, i've been come to your site and it seem really good. I'm making a family home page and struggling to make it look great. How hard was it to build your site? Could someone like me, with no experience do this? I always wanna to make something like that. Just for your info your site seem broken when I browse using IE 7. ---------------------------------------------- A new comment on the post #4505 "Flattery By Spam Will Get You... " is waiting for your approval http://cogdogblog.com/2009/12/22/flattery-by-spam/ Author : Asuncion Ferentz (IP: 69.147.240.102 , 69.147.240.102.rdns.ubiquityservers.com) E-mail : Letchaw178@gmail.com URL : BLOG SPAM URL REMOVED FOR WEB POSTING Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=69.147.240.102 Comment: Too good dude! I liked it!! |
It seems to me that Ubiquity Server Solutions provides solutions for spammers who are flooding innocent blog owners with crap. So here is step one that I am doing, and I will ask others with self hosted blogs to do.
Block them from your site, deny access by editing your .htaccess file, and insert at the top:
|
1 2 3 |
order allow,deny deny from ubiquityservers.com allow from all |
This simply says block all incoming network traffic that originates from ubiquityservers.com and then allow everyone else in.
I don’t believe it will do much, but maybe somehow, this can get to someone at the company, say, oh, let’s look this up..
|
1 2 3 4 |
Corey Northcutt 201 W. Olive, Suite 2b Bloomington, Illinois 61701 United States corey@ubiquityservers.com |
Corey, can you tell me why servers you host at your company are inserting blog spam links to porn sites in my site?
I’m waiting, Corey… and I am not very happy (Note, apparently via a comment below from Corey in 2016, he no longer owned Ubiquity Hosting at the time I wrote this, so it wasn’t his fault)
cc licensed flickr photo shared by tey_zent
Again, my woeful cry at the moon, is to Google– Google who for years has provided the incentive to blog spammers by creating the elusive page rank, the raison d’etre for people who have no interest in your blog to blast it with crap just to insert their unwanted URLs in your page.
Google, you have done nothing to stop this. Nothing.
Sure you “do not evil” but you provide the reason for thousands of spammers to do something that feels maybe just one notch below evil to hundreds of thousands of innocent blog owners.
UPDATE Sun, Mar 28, 2010 at 10:13 PM
Look how Ubiquity Server Solutions is taking “action”!
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
Hi, This has been sent to the customer. All the best, Allen Jenkins Ubiquity Hosting Support Ticket Details =================== Ticket ID: BES-740526 Department: Abuse Priority: Medium Status: On Hold |
Yeah, this will have a big effect. So far, since imposing the domain block, no spam being generated by Ubiquity Server Hosted Spam Roaches has breeched the wall.
UPDATE (March 31, 2010): I can tell my blog readership must be low (Hi Mom!) as no one pointed out my faulty htaccess logic- blocking ubiquityservers.com wont work as those are not the source domains.I parsed the list of offenders (including a new one this morning), as I need to block by IPs.
(IP: 173.234.11.216 , 173.234.11.216.rdns.ubiquityservers.com)
(IP: 173.234.38.5 , 173.234.38.5.rdns.ubiquityservers.com)
(IP: 173.234.92.211 , 173.234.92.211.rdns.ubiquityservers.com)
(IP: 173.234.49.198 , 173.234.49.198.rdns.ubiquityservers.com)
(IP: 173.234.19.177 , 173.234.19.177.rdns.ubiquityservers.com)
(IP: 173.234.46.243 , 173.234.46.243.rdns.ubiquityservers.com)
(IP: 173.234.11.13 , 173.234.11.13.rdns.ubiquityservers.com)
(IP: 69.147.240.102 , 69.147.240.102.rdns.ubiquityservers.com)
(IP: 173.208.124.23 , 173.208.124.23.rdns.ubiquityservers.com)
It looks like Ubiquity Servers runs a whole fleet of spams in a pen under the 173.234 block, so my new htaccess is listing:
|
1 2 3 4 5 |
order allow,deny deny from 173.234. deny from 69.147.240.102 deny from 173.208.124.23 allow from all |
I will also send Allen Jenkins a message with every spam I get.
Also, many of these domains are listed under the name of NOBIS-TECH, which is the holding company for Ubiquity Servers, perhaps they are the Mother Roach?
Nobis Technology Group, L.L.C.
201 West Olive Street
Suite 2B
Bloomington, Illinois 61701
I’m thinking an old fashioned letter may be in their future.
UPDATE March 31, 2010 The tech folks at Ubiquity Servers are asking for log files that show this activity. That was easy, kudos to BBEdit’s feature of “process lines containing” that allows me to rip these from 6 Mb log files.
The activity is readily clear.
If these blog comments were legit, like someone sitting at their computer typing in my comment box, the IP address recorded for the transaction would indicate the IP address of their machine through an ISP.
However, all of these comments are linked to a server sitting on the Ubiquity Servers network, and more so, if you look at the pattern, the logs show a GET access for one of my blog posts (e.g. someone, or in this case, something) accessing a blog post.. followed by, in less than 5 seconds a POST to my comments script.
I don’t think anyone reads and writes that quickly. I was going to add it it here, but the log files actually bear the URLs of the intended spam insertions, instead, I have uploaded the log file data I sent to the Ubiquity Servers abuse line.
UPDATE June 20, 2010 I have to say this has been a fascinating experience (follow the comment threads below); and am going to have to modify my initial assertions that Ubiquity Servers are “coddling” spammers; that as written more out of emotion than knowledge.
In fact, since I sent them my log data, I have seen no more spam from their clients (or as it appears, their clients’ clients’ clients’ clients’ clients.
That said, the spam keeps coming, through every crack, orifice, over the top, under the bottom. Until the creator of the financial incentive of link insertion is willing to put their brains behind a solution (likely not since it is their gravy train), all of us have to spend time dealing with the slime of blog spammers– and it’s not just blogs, it is any web site that has a form field someone can insert content.
Featured Image:
“Mad Dog” flickr photo by daveograve@ https://flickr.com/photos/daveograve/3071784683 shared under a Creative Commons (BY-NC) license
Thanks!!! I am having the exact same spam problems from Ubiquity Servers. I sent them a note per your email address and got the same generic comment. I plan to continue to follow up. All spam is not to porn sites, but none of it makes sense. They obviously have some sort of automated process to spam other blog sites to generate links to their customers.
I get quite a bit of spam email from them, and will probably end up blacklisting their entire domain from my webserver…
It’s actually Nobis Technology Group, operating on the Ubiquity servers. They’re probably connected in some way.
I have a firewall on my VPS and I’m currently blocking:
64.120.0.0/17
69.147.224.0/19
173.208.0.0/17
173.234.0.0/16
174.34.128.0/18
Oh, I just found another:
216.6.224.0/20
Okay, it doesn’t hurt anything to ban these IP ranges because these are hosting servers which shouldn’t be used as the source of any comments anyway.
Actually, I have not gotten any in about 2 weeks. FWIW the folks at Ubiquity Servers told me they provide servers to others who then turn around and offer hosting, so its a pyramid of providers.
I just well over 150 on two domains yesterday. Oh well, better safe than sorry.
I came across your blog article while Googling Ubiquity since I’m problems with spammers operating on their networks too.
I’m currently receiving spam comments from the following network blocks:
174.34.168.0/22
173.234.52.0/22
173.234.120.0/22
173.234.152.0/22
Thanks so much for this information. I just found you while googleing Ubiquity Servers as well. I am getting 5-10 of these strange comments on my blog every day! Everyone makes my phone bing and they are driving me nuts! I get all excited thinking I actually have a comment and it’s nothing. I am technically challenged so, I’m going to try to just ban the ip address each time they come up. I guess it’s time for a note to this Allen guy from me as well.
Actually Stacy, Uquity Servers seems to have clamped down, at least for me, I stopped seeing it. You want to contact abuse@ubiquityhosting.com to report something.
To document the abuse, you want to be able to grab a server log that shows the source (IP address) of the server and a timestamp.
Ubiquity is a fairly inexpensive host for its uptime service (they’re my main host, I have three dedicated servers with them).
Generally, if you see comments coming from a hosting company’s IP range, it’s actually functioning as a web proxy, even though you don’t always see the domain. You can sometimes but not always pick this out going to bing and doing an ip: search. A few dogged spammers on my sites come from FDC, but I autoblock them.
I prefer not to block read access, personally, but no server hosting range should be allowed to sent POST requests unless you specifically choose to permit that.
Having worked at a data center provider myself, I think Vekseid has it right. That is, this thing is sort of to be expected from any hosting provider’s IP space (there’s not really much legitimate use of a data center IP to be posting on a blog anyway.. it’s going to be a proxy).
As you can see from their site, they offer data center colocation and IP transit on large scales, I would expect it to be totally realistic that not only for it to be a customer of a customer, but a customer of a customer of a customer of a customer of a customer of a customer of a customer of a customer of a customer (unfortunately the internet just makes that sort of thing too easy). Whether it’s of big concern to them or not, they’re not going to move a provider with $100,000 in equipment out of their data center because somebody posted on your blog.
Hello,
I just wanted to drop a note in here and say thank you for compiling all of this information for us in one place. I know it has been frustrating for a lot of bloggers getting this comment spam (I personally setup a WP blog just to play around with it and got spam messages without ever telling anyone it was on the net) and I can assure you that we are doing what we can to address the issue. The main problem here is just what other have been posting. We are a relatively large provider and as a result attract clients that are also successful hosting companies as we have the network and overhead to cater to their needs. In a situation like this getting to the source of the problem is not as simple as telling someone that they are breaking our ToS and kicking them off the network. The case with most of these complaints is actually that clients providing proxy services are being abused to post the SPAM. When that is going on we deal with our clients to try and ensure that they close the gaps in their systems and try to track down the root of the problem from their network so that we can stop this. As many people above are posting, we are making progress and we have shut down some clients as a result of them not taking the necessary precautions to ensure that these attacks do not happen. As stated in the blog, the best things you can do are simply to block the IPs listed and PLEASE keep sending us the abuse emails. The more we have documented in our system the easier we can get to the bottom of this.
Also, please be sure that you are adding the IP blocks to a .htaccess file instead of the systems firewall, this will keep the blog spam from coming in, however it will allow emails from us to get to your inbox (should you be using an email address that is hosted under your domain).
Once again, we are very sorry for the inconvenience and I assure you that we are not taking this lightly.
Branden
@Vekseid and @Jonas – thanks for clarifying what is going on, its been a big learning experience for me.
@Branden- I really appreciate your attention here, and again, since the last interchange where I sent you my logs, I have not seen one spam from a ubiquity domain- and I have edited my original post with updates to reflect this,a s well as deleting my initial (misplaced) assertion that your company “coddles spammers”. It is complex and likely way beyond the knowledge of your average blogger (BTW, on your WordPress site, if you have not done so already, activate Akismet plugin, it takes a huge slice of the crap off the top and you never see it)
You’ve spoken too soon. A blog I manage just got hit from ubiquityservers.com IPs this morning – June 22nd. I use WP-Ban plugin, this infected ISP were possibly the reason for me installing it after the blog went live a few weeks ago.
I don’t buy the excuse above. A totally new blog – ubiquityservers.com stand out in the speed their bots find it and their persistence thereafter.
Ouch.
I did not claim that there were not clients (and clients of clients of clients) on Ubiquityservers.com that might be doing this.
I said that when I provided them a server log with proof of the offending action, they took action. I’ve not seen any spam on MY blog; I cannot account for others.
But it is an on going battle, and there are many battlegrounds other than Ubiquity.
The ultimate culprit is the one who provides financial incentives to spammers.
@Alan: If you’re replying to me I suspect something might have got missed in the communication.
I am still very much of the opinion that this is an ISP “which coddles spammers”. When I said “I don’t buy the excuse above” I was referring to the the post by “Branden Stanley” (screams made-up name no?).
I think our Branden knows much much more about what happens on the servers at Ubiquityservers.com than he lets on. If they’re taking action on the abuse reports sent that’s great – although I don’t shine such a positive light on that either – makes you wonder if they’re fine about spamming people who don’t send abuse reports. Like they’re saying to their clients: “Look guys, I don’t want to disturb your fun but could you please stop spamming blogs abc and def … they’re giving us a right earful”.
I can assure you that I am real:
http://www.ubiquityservers.com/about/management.php
http://en-gb.facebook.com/people/Branden-Stanley/813038918
If you have logs of the spam you have been receiving please forward it to abuse@nobistech.net so that we can help you resolve the issue instead of continuing to clog up another blogs comments…
Well add to all this, numerous hack attempts to other servers and they now rank first in spamcop with 40K weekly spam messages.
And is not a solution to have to deploy captchas left and right making a blog unusable to others.
If Ubiquity wanted to help why don’t they check the outbound traffic and start blocking server2server hack attempts? Is it too hard?
Mark,
I agree that in depth monitoring of servers is a very viable option on a small scale, unfortunately we are a large ISP and as a result it becomes a huge opration and phiscally impossible to put that much effort into each of our thousands of servers. I am not trying to say that there is not more that we can do, however even with sflow data, at our size it becomes hard to track down 2Gbit/sec of legit data vs. 500Mbit/sec of SPAM. What you guys are doing right now is the equivalent of attacking Comcast for allowing a hacker to use their service. We promise to do everything we can, however without the community providing us with information it is near impossible for us to enforce this. I can not divulge a lot of information, however a lot of our clients have 10’s to hundreds of servers and based on different web based protocols, each of these systems could have hundreds of IPs (SSL certificates which are needed for e-commerce sites require their own IP address). If they get a single account hacked or one of their resellers/clients has an issue we a script vulnerability it can result in the issues you are seeing. I am not saying that this is not our fault and that we can not help, it is just 100x easier to track down with the logs you guys are providing.
@branden, yes you have a lot of clients and therefore the revenue should be sufficient to add resources to rectify or minimize this problem. As of comcast they have a similar problem but in a smaller scale perhaps 1/10th of what is happening this last month with ubiquity at least from the reports I can see and have access to.
And also you have insurance isn’t it? Which is typical and the customers who use servers have an option to pay for it or if they don’t and there are problems they lose more. Otherwise you lose more business like this.
I can give you an example from my logs I picked an ip from one of your resellers I believe.
174.34.163.101
Now I got few RFI attempts on 10/5. So I now I go and check the IP. So let’s see how it responds on a plain HTTP request. And what do I see, a default installation of Apache. And I wonder how this comes? Now anyone can go and start checking folders under it, see the cpanel ports, logs your name and find forms trying to break in. Why such a poor protection by default?
It’s not the only one of course, in fact almost every hack or spam attempt I see in my logs a similar pattern occurs you check the ip with a simple HTTP request and you see all kinds of things open routers, servers etc. How difficult would be to force your resellers to secure the default installations.
174.34.163.101
returns a cPanel default page. If the system was used specifically for spamming they would not install cPanel, just apache and a proxy. The main IP on a hosting server (which all services run on) is typically is not used to host a domain due to performance related issues. If you go to the next IP in that block 174.34.163.102 you will see that it resolves to a website. I am contacting the owner of that system now and ensuring that they check for security breaches on their system.
if the IP reveals the location of the cpanel that is not good.
Typically control panels are setup with a custom port number, I believe something easily configurable, so it stays out of sight for everyone but the site admin. Otherwise there are lots of things an attacker can do, like force spiders to index the IP and everything else underneath, locate the cpanel s/w version, folders and find vulnerabilities published for the version, find the email address of the site owner and sent spam or phishiing emails etc.
(see how the IP’s owner email is exposed if you force a 404 page using the IP)
So the server could be very well compromised and the owner knows nothing about it, but the problem fires back to the host due to the poor security.
I cannot see from the logs which domain did that, only the IP
Add me to list of people besieged by garbage from Ubiquity Servers. Sure I get the random Russian and Indian stuff, but the overwhelming majority, across multiple sites hosted at multiple datacenters, resolves to Ubiquity. Seems to hit Dreamhost extra hard though. I can’t imagine this is good for business over the long haul.
I’ll be sending logs shortly.
I finally had to put in a general block on anything that RDNS’s to ubiqutyservers. Seems like 80% of my forum registrations were from ubiquity netblocks and every one of them was a spammer. Not posting actual spam yet, they all just create zombie accounts with links to websites in the profiles, likely trying to raise their Google SEO profile.
I hate to block a whole domain like that, but my web site has such a small target audience that I think it is unlikely that any legitimate user would be hosted by ubiquityservers.
Chris- can you share what block you used? I want to make sure if I do it via htaccess I’ve done it right. (I have a few “deny from xx.xx” there.
There’s nothing interactive on my site but the forum so I used a forum hostname ban on *.rdns.ubiquityservers.com rather than an .htaccess ban.
Ubiquity/Nobis – or their well-coddled stable of spam-meisters – have turned the dial back up again. And now they’re starting switching their DNS records from *.ubiquityservers.com to their customers and just deleting others – possibly to avoid sticking out so obviously.
About half my spam traffic is still generated by Ubiqity Hosting – on the days when they really turn up the volume, like a few days recently, they make up 90-100%.
The pattern is essentially the same – all their customers are using the same template. This is NOT just the odd rogue rogue proxy – it’s an organization that’s setup to serve spammers.
my site’s WP blog has been hit, too and it’s clear many are furious with this company’s lack of serious attention to stopping the spammers on their servers. see the posts here:
http://www.forumpostersunion.com/showthread.php?t=11158
seems to me the best is to write a block for ALL IP addresses connected with this company.
btw, is the Hungarian Vizsla on your masthead your dog? i’m a Vizsla lover, my parents have just lost their (our) beloved Vizsla to cancer 3 weeks ago. he was only 10-1/2 🙁
Good luck fighting off the spam, Eva. Akismet catches the bulk of mine nicely.
Actually the dog on my blog is not a Vizsla; Mickey was a labrador retriever with an unsual golden color (Day was a yellow, Mom was a black, you sort out the color mix). See http://www.flickr.com/photos/cogdog/sets/83049/
I run a disc golf forum and it too has been BOMBARDED by registrants from ubiquityservers.com. I have banned dozens of individual IPs but it doesn’t stop. Today I am banning the entire host, cause I’m done wasting time banning these accounts one at a time.
Interesting ubiquityservers exchange. Agree that they’re not doing anything about it. Now in Sept., we’re getting bombarded from the same numbers you complained about.
My main web site is also getting hammered by spam sign up attempts on my forum from ubiquity servers in Los Angelos and Chicago mostly. Been going on for a while, but really bad lately. I’m going to block them all. Don’t have time to go through my logs when it appears spammers have the run of their servers using proxies. It doesn’t look like it will have any long term impact if I use my limited time to report things when they just start up from another range later the same, or the next day when I block them now. I expect as my other sites go up, the same persons will just go after them too. I’m curious about any person who responds saying they are someone from a company but can’t spell well. I find that is a common issue with many spammers. Don’t you? This thread has helped me make up my mind. Thanks.
A quick mention: This isn’t localized to Ubiquity. I get spam from servers from almost all hosting providers (i.e., theplanet, slicehost, etc.). Which one spews the most spam depends on the time of the month, time of day, etc.
As you gain in traffic, you also gain in spam. Luckily, I learned how to block all of the major spammers.
How?
A lot of work initially. I checked every IP address against ARIN, RIPE, APNIC, LATNIC and AFRICANIC. I then built a list of individual static IP addresses as well as IP CIDRs. Since I now run nginx in front of Apache, I use the GEO context to include that list as forbidden, returning an error code if they try to connect to the web server.
Before I started using nginx, I used a PHP script as an include to my wp-config file to exit WP as soon as one of them was detected.
Trust me, my Akismet marked spam is a trickle compared to what it was 6 months ago when it was common for me to go through and delete hundreds of spams per day.
Interesting, three years since you posted this, and you probably will not be shocked to hear that the ubiquity spam farm is still going strong. I found this post googling their sleezy name. I’ve been busily banning their ip addresses for a few weeks now, and finally have the spam content down to less than a dozen a week. When they discovered my poor blog, I started getting over 100 garbage posts/day.
The funny part is, it was doing the spammers no good, but they didn’t even notice when I stopped bothering with comments, and sent them all directly to trash. (Proof to me they were bots)
They don’t even notice when they are blocked. Wordfence is now happily reporting things of the nature
An unknown location at IP 142.91.111.222
IP: 142.91.111.222 [permanently blocked]
Reason: Manual block by administrator
Hostname: 142.91.111.222.rdns.ubiquity.io
My guess: They have idiots paying them to spam on their behalf, not even realizing they are harming rather than helping their SEO over the long term.
Good on you for doing the spam fight. It’s always sad that Google, the attraction for the effort, cannot apply their genius to solving it
Thanks,
It irritates me, and degrades the quality of my Every blogger should have the right to run the following pseudo code through 10s of thousands of randomized IPs
While 1=1
curl http://spambotIP/QuitSpammingMe.html
End While
It’s nice to dream.
I’ve taken another step – banning Ubiquity and Nobis Tech hostnames:
*.ubiquityservers.com
*.ubiquity.io
If I find any more – they’ll get banned as well
I’m very surprised more of their IP’s are not listed in Project Honeypot as spammers. Bot’s used must be wise to the trap links
Hi!
I am astonished, too, that three years after your post, they are still spamming like the mad ones. I hope, that I have blocked all of their ranges now.
Quite similar is ovh systems. They are my enemy No. II.
Yours, Holger
(from the Balic Sea)
I’ve grown tired of the spam from ubiquity servers. Here’s what I have for your htaccess files – add it to get rid of them (or add this to your firewall and never see them again!)
deny from 23.19.0.0/16
deny from 23.19.156.0/22
deny from 23.19.224.0/22
deny from 23.80.0.0/16
deny from 23.81.0.0/17
deny from 23.81.128.0/18
deny from 23.81.192.0/20
deny from 23.104.0.0/14
deny from 23.108.0.0/19
deny from 64.120.53.64/28
deny from 69.147.227.0/24
deny from 69.147.228.0/22
deny from 69.147.232.0/21
deny from 69.147.240.0/20
deny from 70.32.32.0/20
deny from 108.62.0.0/16
deny from 108.177.248.0/22
deny from 142.91.0.0/16
deny from 142.234.0.0/16
deny from 172.240.0.0/15
deny from 173.208.106.0/23
deny from 173.208.108.0/22
deny from 173.208.112.0/20
deny from 173.234.0.0/18
deny from 173.234.64.0/20
deny from 173.234.80.0/21
deny from 173.234.88.0/23
deny from 173.234.90.0/24
deny from 174.34.128.32/27
deny from 174.34.128.64/26
deny from 174.34.128.128/25
deny from 174.34.129.0/24
deny from 174.34.130.0/23
deny from 174.34.132.0/22
deny from 174.34.136.0/21
deny from 174.34.144.0/20
deny from 174.34.160.0/19
How many comment spams does the world have to suffer?
Many hosting companies don’t take the matter seriously.
Companies that host comment spammers in large volumes include Enzu, OVH, Bermantech, Webexxpurts, EGIhosting, Colocrossing.
I’ve blocked all known subnets from these companies on a number of networks (over 140 current count). This has reduced the volume of comment spams, smtp spam, dns poisoning attempts, ftp login attempts, CMS login hack attempts, etc to my customers.
The more networks that block these companies, the better. Maybe one day they’ll realise that the public are getting tired of their apathy.
Also, just as an added method of protection, I block access to my authoritative name servers too. So a bot on their network using their name servers wouldn’t even be able to resolve the A record in the first place….
70.32.42.37 , 69.147.255.74 Are a couple of their resolvers…
My webserver is seen to be recieving a brute force attack from servers hosted by ubiquit hosting
I will take an attorny to stop the spams .
He will charge them for helping the spammer.
Have somebody won at court or made a deal with them?
Greetings from Mayrhofen
These guys are getting ballzy Managed too try and get on ny facebook and only way linked back too nobis tech, was the ip web server was coming from niobis Technology Group’s (aka Ubiquity Server. From nigeria then found out was leading back too chinah
Holy hell! What a mess!
Someone pointed out this post mentioned me today.. now six years later.. I think you’re still owed a direct reply. I was indeed the founder of Ubiquity Hosting (Solutions) in 2004. You got that right.. historical whois data verifies.
In 2005, I took on my first partner, Clint Chapman (that’s when Ubiquity Hosting Solutions, LLP was formed). At the end of 2006, I took on two more: Brett Guarnieiri and Chris Childers (that’s when Nobis Technology Group, LLC was formed) amidst a merger with DarkStar Communications.
In 2010, I sold my stake and departed the company entirely. Shortly after, started a marketing agency. I don’t stand behind anything that happened during or after that period.
Since you asked a question of me very directly: why did I allow this to happen? Simply, I didn’t. My former business partners had differing views on ethics, and because of this, the brand’s reputation 2010-on looks very different than 2004-2010.
Thanks for the reply, Corey. This is so long ago that I barely remember, and only called out your name because it was listed then on the domain registration for ubiquity hosting. It has not been a problem for me for a long time, I will recant my blame cast your way since this was done after you sold the company.