Spam my blog and I report your site to Google for banning. You've been warned!
« What's in cushions from Ikea? | Main | A new batch of proxies »
January 30, 2005
More on the Bulgarian spammers
I did some searches for Bulgarian spammers. I found some references to Bulgarians connecting from the Bulgarian Telecommunications Company and spamming people. My blog goes back a while, and I caught some accesses that I can verify are from our current spammers:
Sample:
213.91.217.78 - - [17/Sep/2004:12:30:49 -0500] "POST http://www.annelisabeth.com/blog/b2comments.post.php HTTP/1.1" 302 5 "http://www.google.com" "MSIE 5.0"
Second sample:
213.91.217.13 - - [17/Mar/2004:09:02:26 -0600] "GET http://www.annelisabeth.com/blog/b2pingbackspopup.php?p=9&pb=1 HTTP/1.1" 200 762 "http://www.google.com" "MSIE 5.0"
One of the domains spammed (in September) was
HOLD{dash}POK{dot}COM (it's no longer in service, and registered through Gandi)
And here's the whois info:
owner-address: John Grisham
owner-address: 9100 S. Dadeland Blvd. Ste. 1702
owner-address: 33176
owner-address: Miami
owner-address: Florida
owner-address: United States of America
owner-phone: +1.8888008457
owner-fax: +1.359888245149
owner-e-mail: yavor79@yahoo.com
It's Ivor/Yavor Zahariev, alright. BTW, he's online right now, if you want to talk:
http://profiles.yahoo.com/yavor79
Samples from December 2004:
213.91.217.78 - - [20/Dec/2004:01:48:56 -0600] "GET http://www.annelisabeth.com/blog/b2commentspopup.php?p=56&c=1 HTTP/1.1" 404 245 "http://www.google.com" "MSIE 5.0"
213.91.217.77 - - [17/Dec/2004:04:14:23 -0600] "POST /blog/b2comments.post.php HTTP/1.1" 404 219 "http://www.annelisabeth.com/blog/b2commentspopup.php?p=65&c=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
Here's someone who tried to get them tossed off a while ago: The Media Drop
BTW, our spammer also has a Hollywood career. As gaffer on movies shot in Bulgaria. That could theoretically be another Yavor, but considering Emil Zahariev has that lighting business, I'd be surprised if it was. The chief gaffer is the one in charge of lighting. It's a prestigious position, with responsibility for (at times) a large crew.
BTW, I checked their IP numbers, and they answer the same way:
Server: micro_httpd
WWW-Authenticate: Basic realm="DSL Router"
The software is: http://www.acme.com/software/micro_httpd/
213.91.216.36
213.91.217.77
213.91.217.78
This one didn't answer other than ping:
213.91.217.77
I believe they're still on Bulgarian Telecommunications Company Plc., which means the abuse e-mail address is:
abuse{at}btc{hyphen}net{dot}bg
Posted by Ann at January 30, 2005 08:38 PM
Trackback Pings
TrackBack URL for this entry:
http://www.annelisabeth.com/blog/mt-tb.cgi/162
Comments
Posted by: Anonymous at January 30, 2005 08:38 PM