Ukraine and China are losing access to

by Volker Weber

Spammers are starting to employ cheap labor in the Ukraine and in China to manually enter comment spam in otherwise protected weblogs. My current countermeasure is to block the whole network after a single incident.

Last login: Fri Sep 15 15:58:32 on ttyp1
Welcome to Darwin!
Raven:~ vowe$ whois
inetnum: -
netname: UKRTELNET
descr: Ukrtelecom IP access network in Doneck

Blocking will solve this forever. Bye bye UKRTELNET.


Hmm... Wäre es nicht sinnvoller, die Email Adressen zu blocken, die einen anonymen nicht autentifizierten Freemailzugang bieten? Ich errinere mich, wie frustrierend das früher in meinen IRC Zeiten war von grossen amerikanischen Netzwerken gebannt zu sein, nur weil ich T-Online kunde war, und die gerade T-Online gebannt hatten....

Was sollen die armen Chinesen und die Ukrainer jetzt tun - dumm sterben? :-(

Gregory Engels, 2006-09-15

Gregory, comment spam, not e-mail spam. Look at the my visitor map. There are not many people who will be missing to go to

Volker Weber, 2006-09-15

I guess Gregory meant to go by the email address entered in the comment form. Not that this couldn't be forged, but so do senders' addresses in email spam and so do IP addresses in comment spam (I don't knwo whether that's common in practice yet though).

Ragnar Schierholz, 2006-09-15

Please explain how an arbitrary email address helps to discover comment spam.

Volker Weber, 2006-09-15

Volker, I was wondering why you state that those guys have entered the comment spam manually. Can you please provide some details on this? I am asking because I have issued a Wordpress plugin for comment spam (Math Comment Spam Protection Plugin) that is working well according to several users, but of course it will not work anymore if there are some guys out there who enter spam by hand :-( Thx.

Michael Wöhrer, 2006-09-15

Without any doubt. I am sending you proof via email.

Volker Weber, 2006-09-16

Just watch the frequency of access to know it's manual spam ... :-)

Kristof Doffing, 2006-09-16

Indeed, that is funny. He needs about two minutes to load the front page. Eight minutes later, he loads one archive page. Another two minutes to fill out the form and 30 seconds for the captcha. At this speed he can do about 30 comments an hour, assuming he has about five windows open.

Volker Weber, 2006-09-16

the comment spam that keeps passing through my filters is manual spam, i was guessing, too.

Björn Haferkamp, 2006-09-16

I just blocked a Ukrainian IP-block, too. Still looking for a Domino-based captcha tool, though - it might not work against manual comment spam, but at least it would keep me relatively safe from the labor-intensive removal of automated flooding.

Frank Dröge, 2006-09-23

Old archive pages

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.


Paypal vowe