Damn Spam!
Search 

Topics

User Functions






Lost your password?

More love from Russia

    
Wednesday, June 29 2005 @ 20:50 CEST
Contributed by:

This has been going on for almost a week: Referrer spam from 217.107.222.75 for URLs on dating-s.net and two sites below bir.ru.

Not sure what's the point, though. Behind most of those URLs is the most horrid and broken HTML code that I've seen in a while and they're basically all linking to each other. The only giveaways are the /umax/sitemap/ URL and that the christa-worthington subdomain has a JavaScript redirect that does a "search" for Viagra (again, via a URL that contains "umax"). So I guess this is something out of the vicinity of the Umax spammer but probably not the same person.

dating-s.net is registered by a Dmitri K Lazarev from Tatarstan (is that a city?), Russia, with Direct Information Pvt. Ltd (directi.com) and hosted on 195.208.235.68 (Infobox / Alkor, St. Petersburg). 217.107.222.75 belongs to Arbatek Network in Moscow.

What's also interesting is that all the referrer spam was directed at the same URL on our site and that that URL isn't one you'd normally visit: It provides a "printer-friendly" view of forum posts, but it's only valid with an attached forum post id. Yet all the spam omitted that id. Checking the logfiles for that URL brought up a spamvertised subdomain of com.ru that also has a JavaScript redirect to a search for drugs on dating-s.net. That spam hit us on June 16th only (a week before the spam discussed above) and came from 195.208.235.68 directly.

Recommendation: Block both 217.107.222.75 and 195.208.235.68.

Filed under: Referrer Spam
()

What's Related

Story Options

Trackback

Trackback URL for this entry: http://spam.tinyweb.net/trackback.php/more-love-from-russia

No trackback comments for this entry.
More love from Russia | 4 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
More love from Russia

This guy has been really hammering us today (still from the same IP, 217.107.222.75). He even managed to cause quite a few illegal requests (HTTP status code 400) ... 

217.107.222.75 - - [28/Jul/2005:14:44:14 -0400] "GET /forum/print.php HTTP/1.1" 400 322 "http://www.sportsunlimitedinc.com.mc.arkhangelsk.su/site/giantsclock5.html" "-"
217.107.222.75 - - [28/Jul/2005:14:44:14 -0400] "GET /forum/print.php HTTP/1.1" 403 26 "http://mc.adygeya.su/houston-china-visa.html" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MRA 4.1 (build 00975))"
217.107.222.75 - - [28/Jul/2005:14:44:14 -0400] "GET /forum/print.php HTTP/1.1" 400 322 "http://www.sportsunlimitedinc.com.mc.arkhangelsk.su/site/brewers7ball.html" "-"
217.107.222.75 - - [28/Jul/2005:14:44:14 -0400] "GET /forum/print.php HTTP/1.1" 403 26 "http://seks.bir.ru/xanax.html" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MRA 4.1 (build 00975))"
217.107.222.75 - - [28/Jul/2005:14:44:14 -0400] "GET /forum/print.php HTTP/1.1" 403 26 "http://seks.bir.ru/xanax.html" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MRA 4.1 (build 00975))"
217.107.222.75 - - [28/Jul/2005:14:44:14 -0400] "GET /forum/print.php HTTP/1.1" 403 26 "http://phent.org.ru/chip-clay-free-poker-shipping.html" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MRA 4.1 (build 00975))"
217.107.222.75 - - [28/Jul/2005:14:44:14 -0400] "GET /forum/print.php HTTP/1.1" 403 26 "http://mc.adygeya.su/michigan-state-university-football-schedule.html" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MRA 4.1 (build 00975))"
Authored by: Dirk on Thursday, July 28 2005 @ 21:11 CEST
[ Reply to This | # ]
eryncsnorsnox

You certainly have some agreeable opinions and views. Your blog provides a fresh look at the subject.

Authored by: prieldtrila on Wednesday, July 20 2011 @ 20:48 CEST
[ Reply to This | # ]
More love from Russia

Looks like they switched to referrer-spamming from 66.246.218.107 now.

Authored by: Dirk on Wednesday, September 14 2005 @ 12:13 CEST
[ Reply to This | # ]
More love from Russia
I saw this guys IP around on a few of my sites. So I just used robots.txt to take care of him. Thanks for confirming my theory on that ip.
-----------------------

Regards,
Linda Proactol Review
Authored by: Anonymous on Sunday, February 08 2009 @ 23:21 CET
[ Reply to This | # ]

Copyright © 2013 Damn Spam! Powered by Geeklog