http://spamhuntress.com/

I’ll keep the old posts here, so I don’t break any links. And because I wanted to try out some other software on the net site.

I’ll just start it up without any redesign. I’ll get to that when I get to it.

And I’ve moved all the posts to this new category here: Spamhuntress. Just for housekeeping purposes, so this post will be at the top forever. I might still blog tech related topics on the Tech category.

Oh, another thing: DNS hasn’t propagated fully for the new domain. Don’t worry if you get a GoDaddy placeholder page. The new site is live, it’s just that your ISP has stale data in their cache. In fact, even my ISP is having that same problem. I have to resort to manipulating my hosts file to even access my own domain…

Here’s the follow up article written by Netaloid, where he gives the details on how to report the spammers to the casinos and the IGC.

Usually, if the casinos terminate the affiliation, the spammers will lose any money accrued since last payout.

[wiggling eyebrows]

More about the Bulgarians

This IP number sailed through my block. Two spam comments from the Bulgarians (yes, they’re back):

61.19.220.134

I guess I’ll be trying to shut that one down, even though I’ve stopped notifying proxies. It’s too much work for one person to do all. Maybe if we were a bunch of people and split a list, or had some automated thingy.

This one is in Thailand, BTW

My advice article on keeping your forum free of spam is now tops in Google for the search terms:
forum spam

Guess now I’ll have to think long and hard about moving it to the new domain or not…

Awstats are only reporting two visits from that search term. My top search terms are:

w3crobot 107 3.6 %
rugged cell phone 39 1.3 %
alexander morozov 34 1.1 %
pusur 32 1.1 %
building a cat tree 25 0.8 %
rugged cell phones 25 0.8 %
sony trv65 24 0.8 %
how to build a cat tree 21 0.7 %
diy cat tree 21 0.7 %
reffy 19 0.6 %
build cat tree 19 0.6 %
guestbook spamming 19 0.6 %
parabol 19 0.6 %
pinappleproxy 17 0.5 %
cassiopeia e-15 17 0.5 %
oslo by night 17 0.5 %
mt-tb.cgi 16 0.5 %
choosing a cell phone 16 0.5 %
fetch api request 15 0.5 %
guestbook spam 15 0.5 %
cat tree build 14 0.4 %
new proxies 14 0.4 %
cat tree 13 0.4 %
proxy open 12 0.4 %
build your own cat perch

I’ll use something other than MT for the new site, and I’m trying to decide what to use. Probably WP or Drupal.

UPDATE: I’ll get another hosting package for the new domain. I’ll have adequate space, for either software.

What software is best, in your opinion?

I’ll probably put the blog in the root. So I don’t know if I’ll have any use for Drupal’s added abilities?

I’ve seen some people wonder out loud why I haven’t been blogging about the tigerspice spammer. Well, I haven’t been hit! During the last week or so I’ve heard a few mumblings about it, and have been waiting to find it in my logs, but so far nothing.

Without any log material to work from, it’s hard to speculate, so for now I’ll just wait and see.

I was looking at Cindy’s site to see if she’d come up with a ban. Nope, only for the domain name. And I’ve seen Andy Hoffman start using other domains lately, so that won’t do it.

The only observations I can contribute, is that his e-mail address was registered as early as July 7, 2004. The last few days he’s started using the alias Milly Brown. Her e-mail address was registered February 16, 2005.

However, the server hosting tigerspice, 219.153.9.11, hosts three sites, according to whois.sc (not reliable, but interesting):
Andrewsaluk dot com (recently spammed, and now registered to Milly Brown
Carabidule dot net (owned by a Kirk Donald, with the same pattern e-mail address registered June 28, 2004. I think this one is going to be spamvertized soon, if it hasn’t been already)
Eddiereva dot com (recently spammed, with the same pattern)

These domains are previously owned. One by a financial advisor, one was a French forum (computer related). Not sure about eddiereva. No sign of previous ownership, and it was first registered late October last year.

The custom nameservers are also hosted on that same box. I’m guessing it’s a colocated server. And it’s in China. Abuse address:
abuse at cta.cq.cn

Found this excellent article through Cindy’s site:

Netaloid

Well, we know who the main spammer is, and from the looks of the article, it’s the same spammer Netaloid is talking about.

But turning up the heat on the Interactive Gaming Council about the spammers is something I hadn’t thought about.

I’ve got some affiliate ID’s socked away that could be used, but some are less easy to figure out. Even so, if you use the name Iavor Zahariev - or Twins LTD, or something similar in Bulgaria, I bet the casinos would know who we’re talking about.

When I realized a lot of people had started calling me the Spam Huntress, I realized I should buy the domain name. I just did, and now I’m thinking about how to do this.

I don’t want to break anything, so all the content on this blog stays where it is.

But I might start blogging on spamhuntress.com, and just link to this blog for the older entries?

What do you think?

I found this post by Michael’s Mind dissecting another Bulgarian IP number.

I did a Google search for the IP number
82.103.65.225

And found a spam post from January 29 this year.

The whois info comes back to a John Coleman, but the dns servers are:
Name Server: TWINS.NETISSAT.BG
Name Server: TWINS2.NETISSAT.BG

Also, I’ve found that IP number trying to crawl my site yesterday, with this referrer and user agent:
“http://www.google.com” “MSIE 5.0″

Somehow the crawler was seriously screwed up, so got a 404 (my logs show a full URL instead of the relative path)

There was a human accessing from that IP number on February 16, twice in a few minutes.

The website spamvertized in the sample I found was ultimate-bet dot us. It’s hosted at 66.154.7.43 which also hosts Buy-phentermine-deals dot com, which was registered by Tommy Hilder, who just happens to have an e-mail address:
tzahariev at hotmail.com

So yeah, I believe that’s the same outfit.

Oh, I found another spamvertized domain: hold-em-i dot com
Whoisguard protected whois, and the dns servers are interesting:
dns1.suspended-for-spam-and-abuse.com
dns2.suspended-for-spam-and-abuse.com

It’s fake, though. The site is working, and trying to drop some kind of software as you load the site. Same empirepoker thing as they usually use, as well. Different affiliate ID, though. Probably smart…

More about the Bulgarians

There’s a Web spam summit tomorrow.

Wish I could have been there.