If you are like me, you got blasted by “friendly” comments from Alexander Kolt, Nicolas Trumen, John Reed, Peter Back, and Kelly Ronald – all praising your blog, your posts and yourself.
This new generation of comment spam is more clever than previous but for one thing - the fact that spammers are picking old posts that are not commented upon anymore. Otherwise they use legit blogs/blog posts and in a few cases, it is not even clear which web site they are “pimping”.
I found this on a security-related blog:
We have experienced a “massive attack” of SPAM on our blogging system from various hosts all pointing to two websites:
http://www.cosmicbuddha.com/blog/archives/ 001169.html (I have broken the URL intentionally)
And
http://anthony.ianniciello.net/blog/archives/ 000079.html (I have again broken the URL intentionally)The comments contained very brief sentences and links to the above web sites.
From what it looks like it was an act of an attack against automatic blacklisting and un-moderated comments, probably not conducted by authors’ of the above blogs.
Some of the IPs that have SPAMed our Blog contained at least one port that was acting as a proxy.
In some cases legitimate but badly configured proxies, such as in the case of a Cisco proxy (Application and Content Networking System Software 5.3.3).
In other cases the proxies were what appeared to be backdoor based proxies - the server’s/computer’s intent was not to act as a proxy.
In two instances the IP from which came the attack was the firewall/router, making me believe that the infected/zombie host was on the inside of the network, rather than on the outside.
I one of the more funny instances, the host that SPAMed us was a Windows NT with IIS 4.0 without any service packs, I was sure I would never see such a machine on the Internet, but I was shown to be wrong
.
In any case if we do find out a bit more on this SPAM attack, we will let you know.
One of the poor guys whose (legit) blog is used in the comments left this note:
I am the owner of the first blog you link to above and can confirm that I was in no way related to the spam attacks on your network. I am very sorry that this has happened, but have no idea why my site’s link is being used in that spam comment. I employ MT-Blacklist to control spam and my blacklist is diligently maintained, so this might have been some type of attack or probe regarding blacklisting.
Other site owners have commented on the page that was used in the spam, and if you have any further input it would be great if you could contact me.
Once again, I am very ashamed to be linked to this in any way, but have no relationship with the idiots who are spamming you.
I really don’t want to turn comments off, and forcing a TypeKey registration is not something I am keen on (I generally don't bother registering on a blog that forces me to in order to leave a comment - but I do have a TypeKey that I use when I have to), but boy is this spam thing painful.
Comment spam is relatively easy to deal with. Trackback spam is the latest big killer. It's a total pain in the butt trying to manage this in MT. WP provides a better way of doing it. I've offered a bounty of $100 at http://www.bazaarz.com/archives/2005/09/automating_trac.php to find a cure. Probably not enough but hey?
Posted by: dahowlett | September 11, 2005 at 09:36 AM
Yeah I own the second site, and it sucks, what total jerks. I have to apologize, but like the other person, I have absolutely no affiliation to whomever is doing this, and it makes little sense to me.
Posted by: Anthony Ianniciello | October 05, 2005 at 04:40 PM