Damn Spam!
Search 

Topics

User Functions






    Lost your password?

More love from Russia

    
Wednesday, June 29 2005 @ 20:50 CEST
Contributed by: Dirk

This has been going on for almost a week: Referrer spam from 217.107.222.75 for URLs on dating-s.net and two sites below bir.ru.

Not sure what's the point, though. Behind most of those URLs is the most horrid and broken HTML code that I've seen in a while and they're basically all linking to each other. The only giveaways are the /umax/sitemap/ URL and that the christa-worthington subdomain has a JavaScript redirect that does a "search" for Viagra (again, via a URL that contains "umax"). So I guess this is something out of the vicinity of the Umax spammer but probably not the same person.

dating-s.net is registered by a Dmitri K Lazarev from Tatarstan (is that a city?), Russia, with Direct Information Pvt. Ltd (directi.com) and hosted on 195.208.235.68 (Infobox / Alkor, St. Petersburg). 217.107.222.75 belongs to Arbatek Network in Moscow.

What's also interesting is that all the referrer spam was directed at the same URL on our site and that that URL isn't one you'd normally visit: It provides a "printer-friendly" view of forum posts, but it's only valid with an attached forum post id. Yet all the spam omitted that id. Checking the logfiles for that URL brought up a spamvertised subdomain of com.ru that also has a JavaScript redirect to a search for drugs on dating-s.net. That spam hit us on June 16th only (a week before the spam discussed above) and came from 195.208.235.68 directly.

Recommendation: Block both 217.107.222.75 and 195.208.235.68.

Filed under: Referrer Spam
()

View Printable Version

Trackback

Trackback URL for this entry: http://spam.tinyweb.net/trackback.php/more-love-from-russia

No trackback comments for this entry.
More love from Russia | 2 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
More love from Russia

This guy has been really hammering us today (still from the same IP, 217.107.222.75). He even managed to cause quite a few illegal requests (HTTP status code 400) ... 

217.107.222.75 - - [28/Jul/2005:14:44:14 -0400] "GET /forum/print.php HTTP/1.1" 400 322 "http://www.sportsunlimitedinc.com.mc.arkhangelsk.su/site/giantsclock5.html" "-"
217.107.222.75 - - [28/Jul/2005:14:44:14 -0400] "GET /forum/print.php HTTP/1.1" 403 26 "http://mc.adygeya.su/houston-china-visa.html" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MRA 4.1 (build 00975))"
217.107.222.75 - - [28/Jul/2005:14:44:14 -0400] "GET /forum/print.php HTTP/1.1" 400 322 "http://www.sportsunlimitedinc.com.mc.arkhangelsk.su/site/brewers7ball.html" "-"
217.107.222.75 - - [28/Jul/2005:14:44:14 -0400] "GET /forum/print.php HTTP/1.1" 403 26 "http://seks.bir.ru/xanax.html" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MRA 4.1 (build 00975))"
217.107.222.75 - - [28/Jul/2005:14:44:14 -0400] "GET /forum/print.php HTTP/1.1" 403 26 "http://seks.bir.ru/xanax.html" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MRA 4.1 (build 00975))"
217.107.222.75 - - [28/Jul/2005:14:44:14 -0400] "GET /forum/print.php HTTP/1.1" 403 26 "http://phent.org.ru/chip-clay-free-poker-shipping.html" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MRA 4.1 (build 00975))"
217.107.222.75 - - [28/Jul/2005:14:44:14 -0400] "GET /forum/print.php HTTP/1.1" 403 26 "http://mc.adygeya.su/michigan-state-university-football-schedule.html" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MRA 4.1 (build 00975))"
Authored by: Dirk on Thursday, July 28 2005 @ 21:11 CEST
[ Reply to This | # ]
More love from Russia

Looks like they switched to referrer-spamming from 66.246.218.107 now.

Authored by: Dirk on Wednesday, September 14 2005 @ 12:13 CEST
[ Reply to This | # ]

Copyright © 2008 Damn Spam! Powered By Geeklog