Ukraine and China are losing access to vowe.net
by Volker Weber
Spammers are starting to employ cheap labor in the Ukraine and in China to manually enter comment spam in otherwise protected weblogs. My current countermeasure is to block the whole network after a single incident.
Last login: Fri Sep 15 15:58:32 on ttyp1
Welcome to Darwin!
Raven:~ vowe$ whois 82.207.87.15
...
inetnum: 82.207.87.0 - 82.207.87.255
netname: UKRTELNET
descr: Ukrtelecom IP access network in Doneck
...
route: 82.207.0.0/17
descr: AGGREGATE BLOCK FOR UKRTELECOM
Blocking 82.207.0.0/17 will solve this forever. Bye bye UKRTELNET.
Comments
Hmm... Wäre es nicht sinnvoller, die Email Adressen zu blocken, die einen anonymen nicht autentifizierten Freemailzugang bieten? Ich errinere mich, wie frustrierend das früher in meinen IRC Zeiten war von grossen amerikanischen Netzwerken gebannt zu sein, nur weil ich T-Online kunde war, und die gerade T-Online gebannt hatten....
Was sollen die armen Chinesen und die Ukrainer jetzt tun - dumm sterben? :-(
Gregory, comment spam, not e-mail spam. Look at the my visitor map. There are not many people who will be missing to go to vowe.net.
I guess Gregory meant to go by the email address entered in the comment form. Not that this couldn't be forged, but so do senders' addresses in email spam and so do IP addresses in comment spam (I don't knwo whether that's common in practice yet though).
Please explain how an arbitrary email address helps to discover comment spam.
Volker, I was wondering why you state that those guys have entered the comment spam manually. Can you please provide some details on this? I am asking because I have issued a Wordpress plugin for comment spam (Math Comment Spam Protection Plugin) that is working well according to several users, but of course it will not work anymore if there are some guys out there who enter spam by hand :-( Thx.
Without any doubt. I am sending you proof via email.
Just watch the frequency of access to know it's manual spam ... :-)
Indeed, that is funny. He needs about two minutes to load the front page. Eight minutes later, he loads one archive page. Another two minutes to fill out the form and 30 seconds for the captcha. At this speed he can do about 30 comments an hour, assuming he has about five windows open.
the comment spam that keeps passing through my filters is manual spam, i was guessing, too.
I just blocked a Ukrainian IP-block, too. Still looking for a Domino-based captcha tool, though - it might not work against manual comment spam, but at least it would keep me relatively safe from the labor-intensive removal of automated flooding.
