Another blog-spoofing domain
One more* to add to the list of comment-spamming, blog-host-faking domains, along with wblogs.com and blogstudio.net: bllogspot.com with a double L, as found in Sam Ruby’s comment feed (one of my favorite sources for finding spam domains and blocking them before they find me) with thehomelessguy.bllogspot.com.
* One more belonging to the same person, Alexander Morozov, comment-spammer extraordinaire, that is. I was so used to OnlineNIC’s whois being down I didn’t even think to look.
Thanks! I completely missed that.
I visited the website. Checked my apache logs. The comment was vaguely on topic in a ”going off on a tangent” sort of way. I thought I would give this entry the benefit of the doubt.
In retrospect, perhaps the fact that a homeless guy in Nashville Tennessee had posted with an ip address of ”ns.krasnogorsk.ru” should have set off some alarm bells.
I got a call from these guys
866 422 4758
I called them it was a fax then I searched.
anyone know what is going on??
http://www.opensrs.org/archives/discuss-list/0312/0047.html
I really do need to get more serious about logging things: that IP address seems familiar to me, but I don’t know if it’s from my logs, your spam, or just that odd way that things in languages with lots of consonants look familiar to English-speakers even when they are very different words.
Or maybe it’s from this email I sent you:
D’oh! I don’t need a log, I need a brain. What a drag it is, getting, um, or never to have had a brain.
Ish. Looks like my lame display skillz for the [PGP] link don’t exactly approve of ending a comment with a block-level element other than a paragraph.
Maybe you could put that PGP link right after the poster’s name. This way you would never have to worry about blocklevel elements for that link. :)
That’s absolutely where it belongs. Unfortunately, right now it’s not a separate template tag/variable - it’s just tacked onto the end of the comment body, when the plugin decides that it needs to show the link. If it wasn’t bloody Perl, I’d have it yanked out of there already, and a patch on the way to Srijith. As it is, I’m hoping he’ll beat me to it ;)
A few minutes later (accounting for time zone differences) he was leaving spam at my site:
213.171.57.162 - - [22/Feb/2004:09:52:32 -0500] ”GET /blog/1661.html HTTP/1.1” 200 5854 ”http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=link%3Ahttp%3A%2F%2Fwww%2Ephilringnalda%2Ecom%2F” ”Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”213.171.57.162 - - [22/Feb/2004:09:52:56 -0500] ”POST /blog/ HTTP/1.1” 200 6233 ”http://www.intertwingly.net/blog/1661.html” ”Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”Um, yeah, yeah, me too! In fact, he spammed me so much he crashed my server! Yeah, that’s the ticket!
Well, actually, he simply seems to have been a big fan of my ”audacious comment spam hack” entry. And I see that OnlineNIC’s whois is finally back up, so we can see that in fact Alexander Morozov, failed comment-spammer, is in fact the registrant of not just bllogspot.com, but also wblogs.com and blogstudio.net. Which means that he’s also capable of commenting through Sprint and AOL, so one wonders why he switched to using his more memorable and recognizable .ru?
Comment-spamming domains
Phil Ringnalda has a list of comment-spamming, blog-host-faking domains….
Alexander Morozov back at it
Remember we talked about Alexander Morozov a long time ago? He was responsible for a lot of grief after targeting among others Movable Type blogs. He sent trackbacks full of bestiality and other porn links. When that got enough attention…