Comments on: Spam attack

By: Michael Specht

Michael Specht — Thu, 10 Aug 2006 22:02:06 +0000

As the Mastercard ad says “Priceless!”

By: Jason

Jason — Thu, 10 Aug 2006 10:02:32 +0000

This same asshole found a way to infiltrate Annoy.com’s postcard service, which is NOT designed to facilitate spam, since every card has to be entered individually. It does however, allow for people to send postcards anonymously, since we cannot verify identity, and which is what we free speech advocates have fought for.

As of late, it seems, someone’s simple revenge on this spamming asshole has been to send postcards TO the people whose companies are being advertized with one small caveat. They are being sent FROM Vsevolod Stetsinsky himself. (Or so it seems!) Surely if he sends his advertisers enough vulgar postcards, they may reconsider hiring him to begin with. Just putting it out there…

http://annoy.com/postcards/

By: João Craveiro

João Craveiro — Thu, 27 Jul 2006 16:02:57 +0000

Over the last hour I have been under a comment spam attack from 195.225.177.80. Based on a whois search they seem to be coming from an ISP in the Netherlands, specifically RIPE Network Coordination Centre. Doing some background checking on RIPE I would suggest that it is a user on their network somewhere.

The IP doesn’t belong to RIPE; what you got from the whois is that that IP’s effective whois information is managed by RIPE — if you check the RIPE whois database, you’ll get the real information (NETCATHOST, apparently at Ucraine, with an abuse e-mail at netcathost.com, a domain for which dig returns no answers, not even just MX).

I came here through Google, trying to associate NETCATHOST with comment spam (3 comments a day, 6KB worth of spam links, from IPs belonging to the 195.225.176.0/22 range). Now I have enough ground to add “deny from 195.225.176.0/22″ to my .htaccess file.

By: More shameless remarks by Larko » Blog Archive » Honorary spammer

More shameless remarks by Larko » Blog Archive » Honorary spammer — Tue, 04 Jul 2006 02:15:22 +0000

[...] Edit: As could be reasonably assumed, I am far from the only blogger that this particular spammer keeps visiting. Michael in Australia has also noticed them. [...]

By: ed costello

ed costello — Sat, 28 Jan 2006 16:59:19 +0000

They make money in a couple of ways. By getting other sites to link back to them, they build up juice in the various search engines. They also (depends on the content of the comment spam) use it as a way of driving traffic to their sites since typically the content of the comment gets indexed along with the content of the original post, so search queries which wouldn’t necessarily return either the post or the comment, end up returning the now-spammed post. Typically they only need a couple of people to click on the link for it to be worthwhile, and unfortunately there are people who will do just that.

By: Gerald Steffens

Gerald Steffens — Sat, 28 Jan 2006 14:23:09 +0000

yesterday the spam attack hit my weblog. it seems as if the idiot is sitting in the Ukraine. at least the attack is initiated by this server at netcasthost. here are the details:

% Information related to ‘195.225.176.0 – 195.225.179.255′

inetnum: 195.225.176.0 – 195.225.179.255
netname: NETCATHOST
descr: NetcatHosting
country: UA
admin-c: VS1142-RIPE
tech-c: VS1142-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-by: NETCATHOST-MNT
mnt-routes: NETCATHOST-MNT
source: RIPE # Filtered
remarks: ****************************************
remarks: * Abuse contacts: abuse@netcathost.com *
remarks: ****************************************

person: Vsevolod Stetsinsky
address: 01110, Ukraine, Kiev, 20Á, Solomenskaya street. room 206.
phone: +38 050 6226676
e-mail: vs@netcathost.com
nic-hdl: VS1142-RIPE
source: RIPE # Filtered

% Information related to ‘195.225.176.0/22AS31159′

route: 195.225.176.0/22
descr: NETCATHOST (full block)
origin: AS31159
mnt-by: NETCATHOST-MNT
remarks: ****************************************
remarks: * Abuse contacts: abuse@netcathost.com *
remarks: ****************************************
source: RIPE # Filtered

By: Michael Specht

Michael Specht — Sat, 28 Jan 2006 10:31:22 +0000

I just banned him via .htaccess and now he is gone, gone, gone!

Damm frustrating, I wonder why they bother how much money can be generated via comment spam?

By: Jeff

Jeff — Sat, 28 Jan 2006 07:50:51 +0000

Same dipshit has been spamming me for 3 days now. (I found you through a google for the IP 195.225.177.80)

Grrrr…

By: Michael Specht

Michael Specht — Fri, 27 Jan 2006 05:16:01 +0000

Yeah I will do that when I get home, and can access my .htaccess file. Thanks for the tip.

By: ed costello

ed costello — Fri, 27 Jan 2006 04:23:16 +0000

You could add
deny from 195.225.177.80
to a .htaccess file either in your server root or your CGI-BIN directory. This should block all connections from the attacker (alternately, use 195.225.177. leaving off the 80 so that you can trap the attack even if they change the IP).