Success with Akismet
Good news this morning from WV Fiber, the upstream provider to Inhoster. My complaints about two Inhoster IPs – 85.255.117.18 and 85.255.117.250 – were finally listened to after hundreds of comment spam were sent to my blog. I used Akismet to trap the deluge with the Akismet worst offenders extension providing running totals.
Inhoster proved non-responsive to my abuse complaints so WV Fiber has now ‘null routed’ both IPs, cutting them off from the world – and your blog or guestbook. Many people will recognise Ukrainian-based Inhoster as the source of much spam on the Internet. Inhoster is connected to the internet by a US-based company, WV Fiber, which now seems willing to pull the plug on its Ukrainian customer. Thank you, WV Fiber.
If you have any spam from Inhoster IPs (85.255.112.0 – 85.255.127.255), send an e-mail to WV Fiber Abuse Department with the appropriate evidence (copies of the spam and, if possible, access log entries) and request similar action. [Please see amended advice on spam reporting at the end of this post]
Update 7 July: Although WV Fiber has null routed the two Inhoster IPs, the spammer is continuing to spam via alternative routing through upstream provider nLayer Communications (HQ in California) (note: some traceroutes do not show this route) I have e-mailed nLayer’s abuse department with evidence of the spamming and asked that they also null route the IPs. WV Fiber abuse says that they are still waiting on a response from Inhoster. Update: It’s taken nLayer just two hours to respond to me: “We have nullrouted 85.255.117.18 pending a response from our customer in the matter”. (85.255.117.250 is currently not sending spam to me). I have also reported Intercage IP 69.50.170.178 to nLayer (they also route Intercage – another host well known to the anti-spam community) for comment spamming my blog. Let’s hope that IP is nullrouted too. Update: And, thanks to prompt action by nLayer, Intercage IP 69.50.170.178 has just been nullrouted so that’s several spamming IPs cut off from your blogs. Yes, I know it’s just a few but my efforts have demonstrated that, given the right evidence, upstream providers will quickly block abusive IPs. Inhoster and Intercage do have a bit of a reputation according to SANS. Update 10 July: No spam from the Netcathost IP that I also reported last week (195.225.177.40 – upstream ISPrime) for the last two days. It’s not nullrouted, though. The number of spam I’m seeing today has dropped very substantially. That’s success – for now.
Update: 26 July. Further reporting of comment spam on various Inhoster IPs has resulted in more nullrouting. This time, the spamming IPs were reported to Intercage abuse (abuse@ support@) at the suggestion of nLayer. You should therefore try Intercage first and then, if no results, report to the appropriate upstream provider (do a traceroute for this – it’s WV Fiber or nLayer Communications depending on the IP). Please ensure you send spam examples when reporting and, preferably, grepped access log entries. Suggesting a google search on the IP is useful too.
I’m glad Worst Offenders is helping! If fact, I’m surprised at how well received it’s been, so I’m reworking it to stand outside of Akismet so it can help with other tools that mark stuff as spam.
Well done there – always good to see a spammer or two get their come uppance.
Also kudos to Rich for his work on the Akismet extensions, hopefully his PhD work is coming on just as well.
cheers!
Chris
Hahahaha, stupid bitch, try to null route my korean server motherfucker! we will fucking spam you to the death!!!
[I've left this comment unedited. I've also been looking for spam from Korea!]