Sunday, May 30, 2004

Comment spam zombies

Dana Epp had the same problem that I did today. Massive comment spam. Today's was oriented towards beastiality. It appears that there's an army of zombies out there being used to spam MT-based blogs. The following IP's blogged the same comment spam:

  • 24.51.181.126 - Unknown, connection failed but online

  • 61.55.134.196 - Unknown, connection failed but online

  • 63.203.249.138 - IIS 4.0, WinNT 4.0 (default web page), DSL customer

  • 63.227.76.25 - Unknown, connection failed, no ping

  • 65.64.123.184 - IIS 4.0

  • 65.112.194.26 - Unknown, connection refused

  • 66.142.24.209 - IIS 5.0, Win2K (NH Solutions)

  • 66.14.145.9 - Unknown, connection failed, no ping

  • 80.58.5.46 - Unknown, connection failed, but online

  • 196.3.85.70 - IIS 5.0, no default page

  • 200.75.94.138 - Unknown, connection refused

  • 200.150.249.26 - IIS 5.0, default web page

  • 200.168.79.161 - IIS 5.0, default web page

  • 202.108.207.181 - Unknown, connection refused

  • 203.17.12.4 - IIS 5.0, no default page

  • 206.11.149.61 - Unknown, connection failed, no ping

  • 207.68.98.5 - IIS 5.0, Middle School web server

  • 207.166.221.254 - Unknown, connection failed but online

  • 207.248.228.153 - IIS 3.0, defautl NT page in Spanish

  • 211.21.63.206 - Unknown, connection failed but online

  • 212.175.234.10 - Unknown, connection failed but online

  • 212.175.234.145 - Unknown, connection failed but online

  • 213.155.40.66 - IIS 5.0, default page

  • 218.62.42.115 - Unknown, connection refused

  • 218.185.66.178 - IIS 4.0, no default page



For each of the IP's I attempted to connect to port 80 via various means (browser, telnet, wget -S) and pinged the IP if port 80 failed to get the above. Anyone see a really nasty trend in the data?

So, either there's an army of blog spamming zombies or someone has figured out blind commenting with spoofed addresses. In any case, this is getting old.