June 14, 2005

Hacking, Spamming, Webhosts & Blocking

Tigerspice

This spammer is currently spamming a lot of blogs relentlessly, using trackbacks. He occasionally uses comments. Very hard to block. The first known spamrun was for tigerspice.com in February 2005. If you know of an earlier spam run, please add info. [. . . . ]

Lately he's been trackback spamming a lot, but has also done comment spam. He did referrer spamming in March.

Main spambot:
* 70.85.97.226 (226.70-85-97.reverse.theplanet.com)
This number can currently only be found in open proxy logs.
You can find a list of his domains (updated by users when he does a new spam run) at The chongqed wiki (http://wiki.chongqed.org//Genaholincorporated).

Currently he's very hard to block. The only way to do it is to block by content. Either by not allowing links to the same site within a certain time frame, or by blocking his domains specifically.

Webhosts:


* 61.129.33.140 (Green Power Bar, Shanghai, China. This is one of his main webhost)
* 70.85.97.226 (his spambot, at The Planet)

* 81.3.150.161 (161.peterhost.150.3.81.in-addr.arpa. Russia. Abuse: abuse at peterstar.net. One of his main servers)
* 81.100.100.200 (spr1-char1-6-0-cust200.cosh.broadband.ntl.com. He has his dns server here, although doesn't seem to use it for anything. Abuse messages (http://www.ntlworld.com/netreport): )
* 193.124.133.137 (Relcom.ru, Russia)
* 202.99.172.149 (China. Abuse: abuse at cnc-noc.net. )
* 222.47.183.57 (CHINA RAILWAY TELECOMMUNICATIONS CENTER)



Technorati Tag:

0 Comments:

Post a Comment

<< Home