Michael Specht

An imperfect blog from Australia looking at technology, enterprise 2.0, management, Human Resources (HR) and other random thoughts.

Dr Death a Top Search for 2005 Now Hiring for free

Spam attack

January 27th, 2006 · 10 Comments · Blogging · 2,823 views

Over the last hour I have been under a comment spam attack from 195.225.177.80. Based on a whois search they seem to be coming from an ISP in the Netherlands, specifically RIPE Network Coordination Centre. Doing some background checking on RIPE I would suggest that it is a user on their network somewhere.
Maybe they could shut them down, I doubt it.

The comments linking to subdomains on atspace.biz, which just redirect to Google, which to me seems very strange and non productive or am I missing something? atspace.biz is a free hosting service from Zetta Hosting Solutions.

Oh, well I guess I will just keep deleting the comments that are being caught by Wordpress.

Popularity: 16% [?]

Tags:

10 responses so far ↓

  • 1 ed costello // Jan 27, 2006 at 2:23 pm

    You could add
    deny from 195.225.177.80
    to a .htaccess file either in your server root or your CGI-BIN directory. This should block all connections from the attacker (alternately, use 195.225.177. leaving off the 80 so that you can trap the attack even if they change the IP).

  • 2 Michael Specht // Jan 27, 2006 at 3:16 pm

    Yeah I will do that when I get home, and can access my .htaccess file. Thanks for the tip.

  • 3 Jeff // Jan 28, 2006 at 5:50 pm

    Same dipshit has been spamming me for 3 days now. (I found you through a google for the IP 195.225.177.80)

    Grrrr…

  • 4 Michael Specht // Jan 28, 2006 at 8:31 pm

    I just banned him via .htaccess and now he is gone, gone, gone!

    Damm frustrating, I wonder why they bother how much money can be generated via comment spam?

  • 5 Gerald Steffens // Jan 29, 2006 at 12:23 am

    yesterday the spam attack hit my weblog. it seems as if the idiot is sitting in the Ukraine. at least the attack is initiated by this server at netcasthost. here are the details:

    % Information related to ‘195.225.176.0 - 195.225.179.255′

    inetnum: 195.225.176.0 - 195.225.179.255
    netname: NETCATHOST
    descr: NetcatHosting
    country: UA
    admin-c: VS1142-RIPE
    tech-c: VS1142-RIPE
    status: ASSIGNED PI
    mnt-by: RIPE-NCC-HM-PI-MNT
    mnt-lower: RIPE-NCC-HM-PI-MNT
    mnt-by: NETCATHOST-MNT
    mnt-routes: NETCATHOST-MNT
    source: RIPE # Filtered
    remarks: ****************************************
    remarks: * Abuse contacts: abuse@netcathost.com *
    remarks: ****************************************

    person: Vsevolod Stetsinsky
    address: 01110, Ukraine, Kiev, 20Á, Solomenskaya street. room 206.
    phone: +38 050 6226676
    e-mail: vs@netcathost.com
    nic-hdl: VS1142-RIPE
    source: RIPE # Filtered

    % Information related to ‘195.225.176.0/22AS31159′

    route: 195.225.176.0/22
    descr: NETCATHOST (full block)
    origin: AS31159
    mnt-by: NETCATHOST-MNT
    remarks: ****************************************
    remarks: * Abuse contacts: abuse@netcathost.com *
    remarks: ****************************************
    source: RIPE # Filtered

  • 6 ed costello // Jan 29, 2006 at 2:59 am

    They make money in a couple of ways. By getting other sites to link back to them, they build up juice in the various search engines. They also (depends on the content of the comment spam) use it as a way of driving traffic to their sites since typically the content of the comment gets indexed along with the content of the original post, so search queries which wouldn’t necessarily return either the post or the comment, end up returning the now-spammed post. Typically they only need a couple of people to click on the link for it to be worthwhile, and unfortunately there are people who will do just that.

  • 7 More shameless remarks by Larko » Blog Archive » Honorary spammer // Jul 4, 2006 at 12:15 pm

    [...] Edit: As could be reasonably assumed, I am far from the only blogger that this particular spammer keeps visiting. Michael in Australia has also noticed them. [...]

  • 8 João Craveiro // Jul 28, 2006 at 2:02 am

    Over the last hour I have been under a comment spam attack from 195.225.177.80. Based on a whois search they seem to be coming from an ISP in the Netherlands, specifically RIPE Network Coordination Centre. Doing some background checking on RIPE I would suggest that it is a user on their network somewhere.

    The IP doesn’t belong to RIPE; what you got from the whois is that that IP’s effective whois information is managed by RIPE — if you check the RIPE whois database, you’ll get the real information (NETCATHOST, apparently at Ucraine, with an abuse e-mail at netcathost.com, a domain for which dig returns no answers, not even just MX).

    I came here through Google, trying to associate NETCATHOST with comment spam (3 comments a day, 6KB worth of spam links, from IPs belonging to the 195.225.176.0/22 range). Now I have enough ground to add “deny from 195.225.176.0/22″ to my .htaccess file.

  • 9 Jason // Aug 10, 2006 at 8:02 pm

    This same asshole found a way to infiltrate Annoy.com’s postcard service, which is NOT designed to facilitate spam, since every card has to be entered individually. It does however, allow for people to send postcards anonymously, since we cannot verify identity, and which is what we free speech advocates have fought for.

    As of late, it seems, someone’s simple revenge on this spamming asshole has been to send postcards TO the people whose companies are being advertized with one small caveat. They are being sent FROM Vsevolod Stetsinsky himself. (Or so it seems!) Surely if he sends his advertisers enough vulgar postcards, they may reconsider hiring him to begin with. Just putting it out there…

    http://annoy.com/postcards/

  • 10 Michael Specht // Aug 11, 2006 at 8:02 am

    As the Mastercard ad says “Priceless!”

Leave a Comment