4 Responses to “Foiling the comment spammer”

1. Ruth Kristin Thu Says:
   January 7th, 2005 at 3:39 pm

   Hi! I’m writing to you because I saw your norwegian site where you asked bloggers to tell you about their blogs. I am also a christian blogger, like you, and here is my blog adress if you are interested: rudydudy.blogspot.com

   May God bless you and let your blog be a blessing to many people!

   Your sister in Christ - Ruth Kristin Thu.

2. ady Says:
   January 12th, 2005 at 9:38 pm

   The same scumbag didn’t succeed in spamming comments so proceeded to bombard me with loads of referral spam instead - all of which point to the same IP: 68.167.234.66.
   Other IPs which tried to spam my comments are: 207.218.184.142
   216.187.239.35
   217.160.177.124

   All with the same UA string: “Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)”

3. Ann Says:
   January 12th, 2005 at 10:26 pm

   Well, it’s interesting

   68.167.234.66 is a webserver, though a weird one. It identifies itself as Apache. Just that. Instantly suspect… It’s putting up a 301 error message, which means it’s moved permanently. But the forward is pointing to itself…

   The IP number is in Covad’s IP block, and the server identifies itself as h-68-167-234-66.ns3.xgforce.com

   ———–

   216.187.239.35
   is an actual proxy server!
   It serves up a 502 (proxy error) when I access it with a browser type thingie.

   It identifies itself as 216-187-239-35.ded.btitelecom.net

   The last one 217.160.177.124
   is an Apache/2.0.49 (Linux/SuSE)
   Identifies itself as: animechat.de
   I’ll send them an e-mail

4. ady Says:
   January 13th, 2005 at 6:37 pm

   On the 68.167.234.66 machine - that’s where all those referral spam URLs (things like 8gold, fidelityfunding, uaeecommerce, etc.) apparently lead to. But the actual referral spam comes from a variety of IP addresses.