| texas-holdem.reachcasino domain spam? [message #3309] |
Sat, 22 January 2005 21:34  |
 mike
Messages: 22
Registered: April 2004
Location: Tacoma, WA |
|
|
|
In the past month, I had one guy leave spam comments in my blog, all linked to the texas-holdem.reachcasino site. I removed all the comments and made it so that you have to register to leave comments, and that seems like it fixed the problem.
But I'm still getting occasional referrals from that site - as well as a bunch of other similar domains - that all come back to the same IP address - 219.150.118.16 - which is from Bejing, China.
The referees are from all over: the US, Thailand, China, Bahrain, and so on. The visit the blog and then leave.
You click on the texas-holdem.reachcasino link, you get this, "Account Terminated, blag, blah, blah..." page - the same exact page for all the different domains.
What are the referees? Spambots disguised as normal people? The one thing they have in common is that for OS, they all have "Windows 2003." (which last I heard, does not exist).
Anyone have any experience with this?
I banned the IP. Perhaps this will end it all.
Thanks.
Homepage
He who hesitates is lost.
|
|
|
| Re: texas-holdem.reachcasino domain spam? [message #3336 is a reply to message #3309 ] |
Wed, 02 February 2005 04:01  |
mike
Messages: 22
Registered: April 2004
Location: Tacoma, WA |
|
|
|
I continue to battle these strange spambots (or whatever the hell they are).
I've had visits from
80.200.243.153
66.237.84.20
202.28.126.77
80.32.60.84
200.160.22.66
193.188.105.16
151.142.207.11
165.234.136.183
200.68.112.65
80.58.14.44
221.214.209.194
141.150.69.30
203.197.169.19
82.194.62.
192.138.82.196
47.124.212.114
They all have in common, the same referer IP: 219.150.118.16 (from Bejing, China), although they list a bunch of different but similar domain names:
poker-hands.freakycheats.
penis.learnhowtoplay.
texas-holdem.reachcasino
and a whole bunch of other, similar names.
They also all register as having Windows 2003 for an OS.
I've had them leave comment spam and phoney trackbacks with referrer spam.
The bitch is, none of the referrer sites work - if you go to any of the listed websites (texas-holdem.reachcasino) or whatever, you just get an "Account Terminated" message in bad English: example: "The Following strange article is term of service closing - Due to mis-proper use of the hosting account."
So I'm at a loss to understand why anyone would bother to leave referrer spam for a site that doesn't exist.
Am I missing something? They've got a whole lot of bots or people working on this - as soon as I ban one IP, another one comes.
Can someone tell me what's going on?
Thanks,
Mike Pellegrini
Homepage
He who hesitates is lost.
|
|
|
|
| Re: texas-holdem.reachcasino domain spam? [message #3368 is a reply to message #3309 ] |
Tue, 08 February 2005 01:24 |
mike
Messages: 22
Registered: April 2004
Location: Tacoma, WA |
|
|
|
Interesting to know someone else's having the same problem.
I set bbclone to ignore the referrer (219.150.118.16) and that worked for a while, now they're coming from all over - and somehow getting through (I think theyr're using a redirect).
Different domains:
free-online-poker.yelucie.
pacific-poker.yelucie.
casino.terashells.
poker-hands.freakycheats.
They still all resolve to the one IP address - 219.150.118.16.
They went heavy on comment referrer spam on my blog, then after I made it so you had to register to leave comments, they went to trackback referrer spam. So I turned off trackbacks, now they're just cruising my site, visiting different pages at random.
Every time one of them visits, I ban the IP on my server - so they can only come on once. But new IP's keep turning up every day (about six just today).
Here's a complete list of visitors with this referrer:
80.200.243.153
202.28.126.77
80.32.60.84
200.160.22.66
193.188.105.16
151.142.207.11
165.234.136.183
200.68.112.65
80.58.14.44
221.214.209.194
141.150.69.30
203.197.169.19
82.194.62. (multiple IP's)
192.138.82.196
47.124.212.114
148.243.43.199
209.234.75.48
208.63.116.194
196.28.48.100
211.46.197.60
200.114.228.183
69.148.200.14
168.209.98.35
217.6.75.11
148.223.132.121
81.17.108.123
67.107.199.104
203.112.194.83
66.237.84.20
66.144.4. (multiple IP's)
193.194.79.194
At first, like yours, it was all "Windows 2003" for the OS, but recently, there have been all sorts of different OS's - Win 98, Win 95, Win XP and so on. Even a Mac.
Since I turned off trackbacks and comments, they haven't been able to do any damage, but it still bugs the hell out of me that they're there.
Homepage
He who hesitates is lost.
|
|
|
| Re: texas-holdem.reachcasino domain spam? [message #3407 is a reply to message #3368 ] |
Thu, 10 February 2005 18:53 |
Olliver
Messages: 1853
Registered: February 2004 |
|
|
|
This is the famous Spambob, which annoyed woordenaar.nl for quite a while. Ronald had a nice regexp to keep "texas holdem" out of the comments area. In addition, for the same referrer coming from arbitrary machines with arbitrary OS/browser combinations, the best method is to have them blocked in your .htaccess by using SetEnvIf.
That's the way I keep most spam out on our servers. Using .htaccess has a huge performance advantage over a script based solution. In case you are interested in the syntax, there are some older posts scattered across the forums where I gave some examples. A search should make them reappear again.
Olliver
|
|
|
| Re: texas-holdem.reachcasino domain spam? [message #3419 is a reply to message #3309 ] |
Fri, 11 February 2005 06:00 |
mike
Messages: 22
Registered: April 2004
Location: Tacoma, WA |
|
|
|
Spambob, huh?
Never heard of him, but I can sure see why folks would find him truly annoying.
Thanks, I'll see if I can track down those posts you were talking about.
But what is this dude hoping to accomplish? I just don't get it, and it bugs me.
All the urls he leaves in the spam comments resolve to the one IP - the 219.150.118.16 - which just gives you the stupid, "Account suspened for mis-proper use, etc..." page.
None of the 30 or so domains the urls refer to work. So what is this guy accomplishing? Why on earth spend your time spamming for urls that do not work?
Right now, he's not doing anything on my site, except just cruising different pages - I've made it so he can't leave comments or trackbacks - but he's still there. Why?
I just don't get it...
Thanks again for your wonderful product, by the way!
Homepage
He who hesitates is lost.
|
|
|
|
| Re: texas-holdem.reachcasino domain spam? [message #3500 is a reply to message #3446 ] |
Wed, 23 February 2005 02:28 |
Olliver
Messages: 1853
Registered: February 2004 |
|
|
|
For blocking people by one criteria, that is ip address, referrer or user agent, the best bet is to use SetEnvIf rules. For a combination of different environmental variables however, you're better of with Mod Rewrite rules. The latter however is only really powerful in conjunction with Apache 2.0.x because 1.3.x lacks some variables that can't be tracked, thus leaving a loophole for spammers (which they apparently use by now)
Olliver
|
|
|
Search
Help
Register
Login
Home
E-mail to friend 
]