Trackback spam has picked up again, after a relatively long and quite period. Currently, we're mainly seeing two sorts of Trackback spam:

1) Trackback spam for www.yahoo.com. No, really. Just that URL, no search queries attached. All that spam is using the word Colomarine and if you search for that word, you'll find lots of sites hit by that spam already. This has been going on for a few days now and I have yet to see the sense in all that ...

2) Trackback spam for nasty porn subjects (rape, incest, animals), abusing .edu domains yet again. That spam is actually redirecting to contraviruspro.com which uses some nasty JavaScript stuff that even made my Firefox crash. Nice. They want to sell you their anti virus software, displaying bogus warning and "scanning your PC" messages trying to make you think you're infected. The only malware here, though, is their website ...

And here I thought referrer spam was dead by now ... Well, someone in Russia doesn't seem to think so and is happily referrer spamming us right now.

Stupidity #1: He's spamming for subdomains of kokdod.info. None of those resolve right now.

Stupidity #2: kokdod.info is supposedly registered to "Amazon Technologies, Inc." and even uses "hostmaster[AT]amazon.com" as the email address. What a blatent case of a fake address (and why don't the registries care about these things?).

Stupidity #3: In addition to the referrer spam, he's also sending POST requests for all sorts of URLs on our site. Including HTML pages that don't contain any forms and even for PNG images.

Can someone in Perm, Russia, please check who's currently using the IP address 81.177.14.41 and smack that person really, really hard?

This probably isn't really spam-related, but they're annoying nonetheless.

Over the last couple of weeks, I've noticed requests from quite a few IP addresses, all belonging to some company named Hollywood Interactive, Inc., that had all been blocked by Bad Behavior.

From the whois information, this looks like it could be a hosting service or ISP, but I couldn't find their homepage and they don't list any email addresses either. They use the nameservers from calpop.com (and their website offers dedicated servers). So this is either some reseller or something different altogether. In fact, I found a few posts that connect this company with P2P and torrent sites. I don't know anything about that stuff but I got the impression that they're serving ads and/or possibly acting as a front for the movie industry.

In any case, I don't see any reason why they should be spidering our sites so I decided to block their IP address range: 64.27.0.0 - 64.27.31.255 (or 64.27.0.0/19).

I see Joe Manni noticed this as well: Spam (ab)using .edu domains has gone up sharply recently. It seems a spammer or group of spammers have noticed that a lot of abandoned message boards can be found on universities and other educational institutions and are now taking advantage of them, spamming them with redirects to their actual sites and then spamming for the .edu URLs.

So, if you happen to have a website with a .edu address or know someone who has, please check those message boards that you set up and then forgot about - you may be in for a surprise. Manni also put up a list of URLs he found in his spam.

OpenID.org made it clear from the start:

What about trust?
This is not a trust system. Trust requires identity first.

What about spam?
Again, this is not a trust system.

And now it has happened: The Undevelopment Blog reports the sighting of the first OpenID spam (via Planet OpenID).

Just as a heads-up for those who still thought it would help against that problem in any way ...