First notice:

One of the machines in your IP space is being abused by a spammer:
(IP address here)

This spammer generally uses open proxies to bounce his spamming off
on. Which means this machine should be secured. If you check the
logs, you may find other types of fraud, spamming and misuse.

Check Google for other instances of misuse of this machine. Just
search for the IP number.

Here’s a fragment from my log:

(as many accesses I have from that IP number in my log here. Real logs, not Latest Visitors. Sometimes sys admins get confused over those)

And the site they tried to spam (I have them blocked from comment
spamming), is:
http://www.annelisabeth.com/

On my site, the blog spam generally comes in two flavors:
1) Referrer spam. Normally, when someone links to me, and someone
cliks on that link, a reference to the linking site appears in my logs. But when a spammer uses a script to fake that, it’s spam and unethical
2) Comment spam. When a spammer uses a script to leave comments laden with links to spammy sites in thousands of comments on blogs. Mimics the behavior of bloggers when they discuss things with each other, but is spam and unethical.

BTW, I’d love a zipped up version of the logs from your server, with the legitimate traffic stripped out (grep -v). I analyze these logs whenever I come across them, to learn more about the kinds of abuse happening on these servers. Extended logs are more useful than simple ones (including referrer).

Regards
Ann Elisabeth

———-

If you can think of any way to improve it, please let me know.

This entry was posted on Friday, January 28th, 2005 at 11:49 pm and is filed under spamhuntress. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.