comment spam

| 14 Comments | 11 TrackBacks

Got several spam comments from "vig-rx" today on various blogs I maintain. A quick look around the blogosphere indicates that the person or 'bot responsible has been busy-busy-busy today.

Mine all came from the same IP address, 61.181.5.155, which I've added to the banned list in my blog. If you've gotten some of the same comments spam, but from a different IP address, I'd appreciate knowing where yours came from so I can add it to my banned list.

Update, 1 September, 11:52am
I followed the trackback from Shelleys' blog, and from there found her excellent information on blocking comment spam from a post she wrote last October (only a week after I'd started blogging, which is probably why I didn't see it then). Thanks, Shelley. Much better solution than the IP banning approach.

11 TrackBacks

From the trackback entries I've received from an old comment spamming entry, I gather the spammers have been out and about recently. I recieved one myself -- a shotgun message that seems to provide links to everything your kid wants to know about, but ... Read More

More on comment spam from brokenclay.org :: journal on September 2, 2003 3:19 PM

Using google against us Blacklisting comment spam New style comments spam Comment spam... Read More

Got several spam comments from “vig-rx” today on various blogs I maintain. A quick look around the blogosphere indicates that the person or ‘bot responsible has been busy-busy-busy today. Mine all came from the same IP address, 61.181... Read More

some time ago, this blog was "tagged" by the now-becoming-infamous comment-spam-from-china. some people blocked the ip within movabletype, some found interesting old techniques for stopping the non-humans. i apparently took a different approach than mo... Read More

Blog comment spam from Sync A World You Want To Explore on September 16, 2003 3:56 PM

∫�∂∑∞�blog���≥�∑����ߪ�∑�∆∞��π���������∂� ����߮�������∂߿� ���fi�∑߯∞��≥�≥��blog߿�≥ߜ߮��������3≤�√�∞��fiߢ�π����ߪ���√�∆��∞� �� ≤��∏߮≈Ω��π˛�fiߜ�∆��ߌߑ߱ߴ��� ����ߴ∞�√�ߥ��∏�∫��√�∆��߯��ߴ�π߮∞� π��ߪ��������� ʜΩ�߿�≥�∑�����∑�∆��ߌ���∂ߴ�π∞� Going ... Read More

My First Blog Censure from Confession of a Terminal Junkie on September 27, 2003 1:48 PM

I thought SPAM was only restricted to e-mail and pop-ups advertisement. Only today I found out today that my Blog was attack by SPAM with those nasty "penis enlargement" ads at one of my comment columns and I have no... Read More

On Comment Spam from Planned Obsolescence on October 10, 2003 11:41 AM

I'd really begun to feel a bit left out: all the cool kids were busily discussing their comment spam problems and solutions thereto, while I remained, with one pathetic exception, completely unhit. I'm thus bizarrely happy to report that in the last 24... Read More

Comment Spam - Help! from Conversations with Dina on October 12, 2003 1:36 AM

Oh no - i got comment spam too . Read More

Black Monday from A View From Home on October 12, 2003 2:03 PM

Comment spam. It seems that everyone is either complaining about it, or coming up with ideas on how to deal with it. This one, by Jay Allen shows a great deal of promise. It's going to be released tomorrow on... Read More

spam resurfaces from for freshness, squeeze daily. on November 5, 2003 1:07 AM

I had my first comment spam since I implemented the little hack that I found via Liz Lawley's site. The links in this spam seemed to not really go anywhere but to redirect me back to my site. I think... Read More

From the trackback entries I've received from an old comment spamming entry, I gather the spammers have been out and about recently. I received a recent comment spam myself -- a shotgun message that seems to provide links to everything your kid wants t... Read More

14 Comments

Although my blog wasn't spammed by "vig-rx", I've added the IP address you quoted to my banned list.

This makes me wonder whether establishing a list of banned IP addresses would be worthwhile. Obviously that's not a "solution" but anything to make it more difficult for the bastards seems worth doing.

I got one of the same, my first comment spam, from the same IP address today Liz, which I have also banned in .htaccess. I traced the IP back through http://www.apnic.net/apnic-bin/whois.pl and sent a letter of protest to the provider, not that it will do any good.

Stan, I just looked at the photos in your blog. Wow. What a beautiful place.

I'll probably be travelling to Utah next year, as I have to go out to BYU on grant-related work. How far are you from there?

Jonathon, I think such a list would be a very useful thing to have. My only fear is that it would alert the spammers to our knowledge of their addresses, making it easier for them to shift IPs when one became "publicly shamed."

Hmmm. Need to think on this.

Testing the comments hack provided by Shelley...

I got spammed by the same bot, with the same IP. I added it to my ban list, but since your revision, I also added Shelley's hack. Hopefully this will stop any bot spamming attacks.

vigrx has visited my blog as well, first from the same ip as yours, and this last weekend from 61.181.5.118 - both have been banned and I'm considering banning the whole 61.181.5.* block - not sure if this might inadvertently shut out anyone though...

Thanks for the link.

Comment spam had hit me long ago, but it seems to be back.

But the one good thing, it enabled me to come across your site. Can't wait to read the rest!

I've gathered some info on spam on the Atom wiki under CommentAuthentication.

Sorry Liz, looks like the comment fix doesn't work. From comments left in my postings, either this is a person (or group of people) who is individually posting comments (unlikely); or they are scraping the individual entry page and pulling in the form fields to build the posting, in which case, this won't work.

In this recent set of comments, they are posting to entries found in Google searching on July 2003 and blog. Using a different IP.

Liz,
For what it's worth
61.181.5.147
61.181.5.70
61.181.5.147
That's three times began on 9/1. Last night I saw an article from first monday and blogged it here. http://www.henshall.com/blog/archives/000341.html I wonder if this type of solution - keys couldn't be used by bloggers?

The IP banning feature in MT doesn't seem to work very well - I was being comment spammed last year by 193.220.178.173 and even after I added that nyumber to my ban list I still got hit twice more from the same IP. Additionally I suspect that this spammer who obviously, as Shell pointed out on her site, is a pretty smart dude and writes a mean script, is most likely forging his IP address.

fwiw - if he is not forging his IP address that IP address is coming out of China but it is most likely not chinese in origin - there are a lot of compromised servers in China and someone is likely using one to disguise their point of origin.

Blacklisting IP addresses is a useless whack-a-mole solution because it is trivially easy to use a web-proxy, redial a dialup connection or even spoof your IP address...

Putting hidden form fields is security by obscurity and is easily overcome by HTML scraping.

You may want look into the solution I just came up with. So far, it is working quite nicely.

About this Entry

This page contains a single entry published on August 31, 2003 1:43 PM.

my worlds was the previous entry in this blog.

site vandalism is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Archives

Category Archives