Over the last hour I have been under a comment spam attack from 195.225.177.80. Based on a whois search they seem to be coming from an ISP in the Netherlands, specifically RIPE Network Coordination Centre. Doing some background checking on RIPE I would suggest that it is a user on their network somewhere.
Maybe they could shut them down, I doubt it.
The comments linking to subdomains on atspace.biz, which just redirect to Google, which to me seems very strange and non productive or am I missing something? atspace.biz is a free hosting service from Zetta Hosting Solutions.
Oh, well I guess I will just keep deleting the comments that are being caught by WordPress.
You could add
deny from 195.225.177.80
to a .htaccess file either in your server root or your CGI-BIN directory. This should block all connections from the attacker (alternately, use 195.225.177. leaving off the 80 so that you can trap the attack even if they change the IP).
Yeah I will do that when I get home, and can access my .htaccess file. Thanks for the tip.
Same dipshit has been spamming me for 3 days now. (I found you through a google for the IP 195.225.177.80)
Grrrr…
I just banned him via .htaccess and now he is gone, gone, gone!
Damm frustrating, I wonder why they bother how much money can be generated via comment spam?
yesterday the spam attack hit my weblog. it seems as if the idiot is sitting in the Ukraine. at least the attack is initiated by this server at netcasthost. here are the details:
% Information related to ‘195.225.176.0 – 195.225.179.255’
inetnum: 195.225.176.0 – 195.225.179.255
netname: NETCATHOST
descr: NetcatHosting
country: UA
admin-c: VS1142-RIPE
tech-c: VS1142-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-by: NETCATHOST-MNT
mnt-routes: NETCATHOST-MNT
source: RIPE # Filtered
remarks: ****************************************
remarks: * Abuse contacts: abuse@netcathost.com *
remarks: ****************************************
person: Vsevolod Stetsinsky
address: 01110, Ukraine, Kiev, 20Á, Solomenskaya street. room 206.
phone: +38 050 6226676
e-mail: vs@netcathost.com
nic-hdl: VS1142-RIPE
source: RIPE # Filtered
% Information related to ‘195.225.176.0/22AS31159’
route: 195.225.176.0/22
descr: NETCATHOST (full block)
origin: AS31159
mnt-by: NETCATHOST-MNT
remarks: ****************************************
remarks: * Abuse contacts: abuse@netcathost.com *
remarks: ****************************************
source: RIPE # Filtered
They make money in a couple of ways. By getting other sites to link back to them, they build up juice in the various search engines. They also (depends on the content of the comment spam) use it as a way of driving traffic to their sites since typically the content of the comment gets indexed along with the content of the original post, so search queries which wouldn’t necessarily return either the post or the comment, end up returning the now-spammed post. Typically they only need a couple of people to click on the link for it to be worthwhile, and unfortunately there are people who will do just that.
The IP doesn’t belong to RIPE; what you got from the whois is that that IP’s effective whois information is managed by RIPE — if you check the RIPE whois database, you’ll get the real information (NETCATHOST, apparently at Ucraine, with an abuse e-mail at netcathost.com, a domain for which
dig
returns no answers, not even just MX).I came here through Google, trying to associate NETCATHOST with comment spam (3 comments a day, 6KB worth of spam links, from IPs belonging to the 195.225.176.0/22 range). Now I have enough ground to add “deny from 195.225.176.0/22” to my .htaccess file.
This same asshole found a way to infiltrate Annoy.com’s postcard service, which is NOT designed to facilitate spam, since every card has to be entered individually. It does however, allow for people to send postcards anonymously, since we cannot verify identity, and which is what we free speech advocates have fought for.
As of late, it seems, someone’s simple revenge on this spamming asshole has been to send postcards TO the people whose companies are being advertized with one small caveat. They are being sent FROM Vsevolod Stetsinsky himself. (Or so it seems!) Surely if he sends his advertisers enough vulgar postcards, they may reconsider hiring him to begin with. Just putting it out there…
http://annoy.com/postcards/
As the Mastercard ad says “Priceless!”