Jump to content

Recommended Posts

Posted

I have a relatively minor spam problem on my MT blog. I'm having fun sharpening my claws on my spammers.

 

I recently did something that, although it may hinder some legitimate users, should at least frustrate my spammers.

 

My most prolific comment spammers has tried a few times, but his frequency isn't too often.

 

But one of the other comment spammers must have gotten tired of my musical chairs approach to frustrating him, and moved to trackback spam. Could be because the latest MT enables moderation of comments by default. Probably more likely than my actions alone influencing him.

 

Anyway, trackbacks are not yet possible to moderate as far as I know. I'd LOVE to learn how, if anyone knows?

 

But, I blocked this one too, and he's currently going crazy, trying IP numbers, trying to get through...

 

66.30.122.247

24.155.107.102

67.23.106.13

24.17.35.216

68.108.173.158

24.59.54.128

24.193.23.58

201.249.28.91

24.211.92.232

67.160.57.221

24.17.35.216

81.82.58.95

 

All but the top two are desperate attempts to get through during a period of 15 minutes. The top thwo did get through, and were entered quite far apart. Might have been tests, and since it took me a few hours to remove the first one, he may have stepped up the pace, I don't know.

 

Anyway, the IP numbers look like normal dynamic IP numbers to me. I wonder how that's done? I mean, just minutes apart?

 

EDIT:

 

More IP numbers:

 

81.82.58.95

24.17.35.216

69.164.157.126

24.90.184.92

68.229.246.43

24.13.185.46

62.163.180.196

68.36.59.234

24.151.214.31

68.174.137.192

24.30.107.215

24.151.214.31

80.216.83.206

Posted

Generally, that's done by using computers they managed to infect or compromise to later use for this type of spamming. So those numerous dynamic IP addresses you are seeing are likely people's home computers who aren't even aware their computer is being used for this purpose.

 

Most are relatively automated and rather persistant. I had one spammer this weekend attempt to spam my blog over 3,000 times from all kinds of IP's even though none of them ever made it to my blog.

 

The trackback's are starting to be used more for precisely the reason that it's harder to moderate them.

Posted

A bunch of us using EE got spam last night, I'd link to the entry on my site but it's mean. *winks* The spams all had random letter combos for title, body and URL, and all came froma different IP right to the first octet. I'm not sure if this is what you've got (trackback spam has been a problem for atleast a year, really) - but it appears to be a prelude to an attack on some sites: a testing of their script.

 

Hard to block too, since it's totally random. I turned off trackbacks on my site for the meantime. :dance:

Posted

It's Alexander, no doubt about it. I got the same pre-attack last night.

 

He's still going full tilt at my scripts. I wonder if it's his zombies that are out of control, since they don't understand what's happening when they try trackbacking to my site?

 

But I also got those same nonsense things a while ago, as comment spam, if I remember correctly.

 

Oh, and WTF?

 

I got an access to my log from server85.totalchoicehosting.com with the user agent MovableType/3.14. That site isn't even on here, my other site is. So I'm kinda curious now...

Posted

Of course there's a way to turn off trackbacks!

 

Just rename the trackback file until the attack is over. Not saying if that's what I did, but here's the file to rename:

 

mt-tb.cgi

 

BTW, either he's stopped for now, or my webhost filtered out the error message. He's done that before, so I wouldn't be surprised...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...