As of today the Bulgarians have switched to trackback spam
Yep, Alexander is in full swing, and now the Bulgarians.
A lot of swearing going on in various parts of the blogosphere right now.
Guys, check your raw logs, and I’m sure you’ll figure out how to block them. And if not, e-mail me and I’ll show you.
Since I already had them blocked, I don’t have any samples of the trackbacks from the Bulgarians. Samples would be received with gratitude.
February 1st, 2005 at 2:33 pm
I got hit overnight. I use the Serendipity blog, and it requires approval of trackbacks and comments to old articles, so the trackbacks aren’t shown, but I have to manually delete them from the approval queue.
Here’s an example of one:
“Weblog Name: online poker
Link to remote-entry: http://online-poker.psxtreme.com/
Excerpt:
In your free time, check out the sites dedicated to online poker texas holdem online poker”
I don’t see any similarities in the web stats log that would make them easy to block. They’re using IP addresses from everywhere, as usual.
February 1st, 2005 at 3:47 pm
Trackback Spam
Argh, as of today, the recent referer and blog comment spammer has begun spamming the blog “trackback” interface. I got over 20 trackback spams overnight, all poker ads.
The Serendipity posted an update to their spam blocker which hopefully will help..
February 1st, 2005 at 4:08 pm
Hello! I use serendipity also. I had an attack at 2am EST and 8am EST.
The way I have handled the problem is to look at my logs for suspicious IP addresses (multiple hits); then enter the address in ARIN whois. It usually comes through the RIPE database as part of an entire range of ip addresses, like 200.0.00 - 200.255.255.255 - so I ban that entire range. Then it happens all over again because the spammers change ip ranges and addresses constantly.
It sounds like you may have a better way. I will take you up on your offer to explain it to me. Thanks!
February 1st, 2005 at 4:18 pm
Die spammers, Die!
I knew something was up when I had 35 email from my blog.
It appears that, since I changed blog versions, (as many probably did) the spammer could no longer send automated comments.
So today, they started using trackback pings. I don’t want to exp
February 1st, 2005 at 4:55 pm
Mike, those are the same guys using pinappleproxy! I have them in my logs. Block them in your htaccess.
# pineapple baby - comment spammer - shhhhh
RewriteCond %{HTTP:VIA} ^.+pinappleproxy
RewriteRule .* - [L,F]
February 1st, 2005 at 7:45 pm
Jeff: I’d say it’s a bad way to block them, yeah!
I got a nice big 403 when I tried to access your site. I’m one of those Europeans you blocked, LOL!
Cindy: From what you told me before, I didn’t think the Bulgarians was stopped by that. Have you tested against domain names to figure out if we’re talking about the same spammer? Like I said, from what you said before, it doesn’t sound like it. Unless these are also using software built on that proxy.
February 1st, 2005 at 9:39 pm
Catching my eye: morning A through Z (UPDATED)
It’s a gray and dreary February-sort of day both here in Chicago and, apparently, in the blogosphere. Here’s what’s caught my eye this morning: Beldar is back and training his sights on John Kerry again. Wretchard of Belmont Club makes…
February 1st, 2005 at 10:31 pm
FWIW, I completely solved my comments spam a while back by simply renaming my comment script from the default “mt-comments.cgi” to something random like “bite-me.cgi.” I made the appropriate change to mt.conf, rebuilt, and problem solved. I didn’t need MT-Blacklist.
I have been getting some trackback spam today, so I may try a similar approach with that. I can keep you posted.
February 2nd, 2005 at 12:59 am
Cynical Nation: I renamed my comment script as well. That works with some spammers. It does NOT work with the Bulgarians. Their script is intelligent enough to scrape the name of the script from one of your posts.
February 2nd, 2005 at 2:16 am
Jeff: One more thing. I didn’t realize you thought RIPE was one big ISP. It’s not. It’s just that whenever you check an IP number in Europe that comes up. You need to check the whois at whois.ripe.net to find the actual ISP. And, as a European, I find the idea of blocking all of RIPE’s IP numbers distasteful…
February 3rd, 2005 at 10:32 pm
Hello there,
Thanks to the Haloscan Comment system, I have almost no comment or trackback spam. Instead I’m getting lots of referrer spam (those dreadful poker sites), when checking my logs. Any idea how to block those? My webhosting company has this nice little control panel, with the option “IP-Deny Manager” - but do I have to enter every and each single IP of those spammers in there, or just the main one? Ann Elisabeth, if possible, send me a mail please.
February 3rd, 2005 at 11:54 pm
Help Ann Elisabeth! I’ve gotten dozens and dozens of trackback spams a night… e-mail me at TVsHenry at aol dot com and help me fix this! Thanks…
February 23rd, 2005 at 11:27 pm
Uhm, I use serendipity and I turned on the option Force captchas which forces someone to type in a code from a picture. This should be adequate for Serendipity users I guess…
April 13th, 2006 at 1:49 am
Ann, Ann, I can not believe how ignorant you are.