Damn Spam!
Search 

Topics

User Functions






    Lost your password?

Trackback test spam

    
Monday, September 19 2005 @ 16:14 CEST
Contributed by: Dirk

Some idi^Wnot-so-nice person from Romania is currently sending "test" trackback spam to one of my sites. It's a test because the spamvertized URL is - google.com, accompanied by texts such as "this is just a google test" and similar.

All that nonsense is coming from 82.76.94.42, which belongs to Romania Data Systems, Bucharest branch, Romania. The user agent that the trackback sends is Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2 and on that IP address, there's also an Apache webserver running: Apache/2.0.54 (Win32) PHP/4.3.3 Server at 82.76.94.42 Port 80.

I've only added that IP address to our spam filter, so that it will discard all postings but not block access to the site and will continue watching him bumping his head against the wall ...

Filed under: Comment Spam
()

View Printable Version

Trackback

Trackback URL for this entry: http://spam.tinyweb.net/trackback.php/trackback-test-spam

No trackback comments for this entry.
Trackback test spam | 3 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
A test indeed ...

Very interesting: The first of those trackback spams made it through, of course (no spammy keywords, etc.) but I deleted them nonetheless:

82.76.94.42 - - [19/Sep/2005:15:15:24 +0200] "POST /trackback.php/20021217113959573 HTTP/1.0" 200 83 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2"

45 minutes later, the spammer checked the results:

82.76.94.42 - - [19/Sep/2005:15:59:38 +0200] "GET /trackback.php/20021217113959573 HTTP/1.1" 200 128 "http://www.google.ro/search?hl=ro&q=http%3A%2F%2Fgeeklog.info%2Ftrackback.php%2F20021217113959573&btnG=C%C4%83utare+Google&meta=" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6"

The fact that he couldn't find his post didn't bother him, though, as he went through the same routine again one more time:

82.76.94.42 - - [19/Sep/2005:21:32:53 +0200] "POST /trackback.php/20021217113959573 HTTP/1.0" 200 117 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2"
82.76.94.42 - - [19/Sep/2005:21:50:12 +0200] "GET /article.php/20021217113959573 HTTP/1.1" 200 23377 "http://www.google.ro/search?hl=ro&lr=&sa=G&q=%22geeklog.info/trackback.php/20021217113959573%22" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6"

By that time, his posts were all automatically discarded. But it did pay off to not block him entirely. Too bad I couldn't see his face ...

Authored by: Dirk on Tuesday, September 20 2005 @ 11:04 CEST
[ Reply to This | # ]
A test indeed ...
I didn't realise you could block spam by IP using geeklog. Do you just drop the IP into your personal filter list in SpamX? Or something else?

I'm getting lots of trackback spam, I've ip blocked most of it in .htaccess, can't find a good keyword to block it with filtering. It's all porn stuff, but the phrases that would block most could legitimately be used by people commenting/trackbacking on my site (due to my taste for swearing lots...)
Authored by: THEMike on Tuesday, September 20 2005 @ 11:39 CEST
[ Reply to This | # ]
A test indeed ...

The new Spam-X release includes a module to block posts by IP address ("IP Blacklist"). It's also in CVS, of course.

Authored by: Dirk on Tuesday, September 20 2005 @ 12:03 CEST
[ Reply to This | # ]

Copyright © 2008 Damn Spam! Powered By Geeklog