Spam attack

Over the last hour I have been under a comment spam attack from 195.225.177.80. Based on a whois search they seem to be coming from an ISP in the Netherlands, specifically RIPE Network Coordination Centre. Doing some background checking on RIPE I would suggest that it is a user on their network somewhere.
Maybe they could shut them down, I doubt it.

The comments linking to subdomains on atspace.biz, which just redirect to Google, which to me seems very strange and non productive or am I missing something? atspace.biz is a free hosting service from Zetta Hosting Solutions.

Oh, well I guess I will just keep deleting the comments that are being caught by WordPress.

10 thoughts on “Spam attack

  1. You could add
    deny from 195.225.177.80
    to a .htaccess file either in your server root or your CGI-BIN directory. This should block all connections from the attacker (alternately, use 195.225.177. leaving off the 80 so that you can trap the attack even if they change the IP).

  2. yesterday the spam attack hit my weblog. it seems as if the idiot is sitting in the Ukraine. at least the attack is initiated by this server at netcasthost. here are the details:

    % Information related to ‘195.225.176.0 – 195.225.179.255’

    inetnum: 195.225.176.0 – 195.225.179.255
    netname: NETCATHOST
    descr: NetcatHosting
    country: UA
    admin-c: VS1142-RIPE
    tech-c: VS1142-RIPE
    status: ASSIGNED PI
    mnt-by: RIPE-NCC-HM-PI-MNT
    mnt-lower: RIPE-NCC-HM-PI-MNT
    mnt-by: NETCATHOST-MNT
    mnt-routes: NETCATHOST-MNT
    source: RIPE # Filtered
    remarks: ****************************************
    remarks: * Abuse contacts: abuse@netcathost.com *
    remarks: ****************************************

    person: Vsevolod Stetsinsky
    address: 01110, Ukraine, Kiev, 20Á, Solomenskaya street. room 206.
    phone: +38 050 6226676
    e-mail: vs@netcathost.com
    nic-hdl: VS1142-RIPE
    source: RIPE # Filtered

    % Information related to ‘195.225.176.0/22AS31159’

    route: 195.225.176.0/22
    descr: NETCATHOST (full block)
    origin: AS31159
    mnt-by: NETCATHOST-MNT
    remarks: ****************************************
    remarks: * Abuse contacts: abuse@netcathost.com *
    remarks: ****************************************
    source: RIPE # Filtered

  3. They make money in a couple of ways. By getting other sites to link back to them, they build up juice in the various search engines. They also (depends on the content of the comment spam) use it as a way of driving traffic to their sites since typically the content of the comment gets indexed along with the content of the original post, so search queries which wouldn’t necessarily return either the post or the comment, end up returning the now-spammed post. Typically they only need a couple of people to click on the link for it to be worthwhile, and unfortunately there are people who will do just that.

  4. Over the last hour I have been under a comment spam attack from 195.225.177.80. Based on a whois search they seem to be coming from an ISP in the Netherlands, specifically RIPE Network Coordination Centre. Doing some background checking on RIPE I would suggest that it is a user on their network somewhere.

    The IP doesn’t belong to RIPE; what you got from the whois is that that IP’s effective whois information is managed by RIPE — if you check the RIPE whois database, you’ll get the real information (NETCATHOST, apparently at Ucraine, with an abuse e-mail at netcathost.com, a domain for which dig returns no answers, not even just MX).

    I came here through Google, trying to associate NETCATHOST with comment spam (3 comments a day, 6KB worth of spam links, from IPs belonging to the 195.225.176.0/22 range). Now I have enough ground to add “deny from 195.225.176.0/22” to my .htaccess file.

  5. This same asshole found a way to infiltrate Annoy.com’s postcard service, which is NOT designed to facilitate spam, since every card has to be entered individually. It does however, allow for people to send postcards anonymously, since we cannot verify identity, and which is what we free speech advocates have fought for.

    As of late, it seems, someone’s simple revenge on this spamming asshole has been to send postcards TO the people whose companies are being advertized with one small caveat. They are being sent FROM Vsevolod Stetsinsky himself. (Or so it seems!) Surely if he sends his advertisers enough vulgar postcards, they may reconsider hiring him to begin with. Just putting it out there…

    http://annoy.com/postcards/

Comments are closed.