Stopping the guestbook spammer
If you’re looking for the Michael Pollitt who left a spam message in your guestbook (or in other response forms), it wasn’t me. Please read the rest of this post carefully.
Some of the guestbook spammer’s messages include:
Very good site. Thanks for author!
Your site is very cognitive. I think you will have good future.:)
It’s my first visit to your website. After just a quick browse, I’m really impressed!
Hello there! Just want to say that I find your site enough interesting for me. Usefull information and all is good arranged. Thank you for your work. I will visit your site more ofter from now and I bookmarked it.
Great website! Bookmarked! I am impressed at your work!
This is a wonderful wealth of information. Good Luck!
So interesting site, thanks!
I can’t be bothered with anything these days, but such is life. I don’t care. So it goes. More or less nothing seems worth thinking about. I’ve just been hanging out waiting for something to happen, but that’s how it is.
Not much on my mind right now, but it’s not important. I’ve just been letting everything happen without me. I just don’t have anything to say right now.along with drug-related URLs.
Have you ever been mailbombed? On February 24, I started to come under attack by a deluge of e-mail resulting from somebody – or most likely their spambot – visiting guestbooks to leave spam links. This often triggers an e-mail and adds you to a mailing list.
Over 350 e-mail messages have been received, 330 of which came from a single source. On February 27 (the worst day), I received over 200 e-mail messages from that source in quick succession before it was finally stopped. I’m still getting some e-mails through from other guestbooks.
The February 27 e-mail messages were sent by a specialist hosting company in the USA on behalf of its customers. I was able to contact the company which very swiftly suspended the e-mails. They also initiated an urgent investigation.
The IPs responsible for my deluge of e-mail (the IPs that spammed guestbook forms on web sites) are:
85.255.116.178
85.255.116.179
85.255.116.180
85.255.116.182
These are the same IPs that Spamhuntress (Ann Elisabeth) reported here.
The hosting company now says that the e-mails were only directed at me. Technical investigations are continuing. My e-mail address might have been a lucky guess or, more likely, the spammer knew what he was doing and the consequences.
Whoever this person is (Ann Elisabeth has a well-researched suggestion), they’ve gone too far. E-mail filters and blog defences can cope with normal day-to-day spamming. But where a spammer fraudulently uses my details across the web and crosses the boundary into a denial of service attack, then it’s quite another matter.
As a journalist, I strive to give fair coverage. I’ve had people from the spam and anti-spam communities comment on this blog. I’ve interviewed spammers, written about spam and will do so again. But when you’re on the receiving end of a continuous e-mail stream like I was earlier this week, it’s very difficult to remain impartial.
If anybody else has problems with these IPs, please leave your comments (moderation is currently on) here (or e-mail me). The more evidence that can be gathered, the better. And if the spam community knows the person responsible, please have a word and tell him to stop. If he continues to use real names and e-mail addresses for guestbook spamming, innocent people are going to be annoyed.
Update 3 March: Warning! The IPs I mention above are in a SANS – Internet Storm Centre blocklist. See also Sunbelt Software. If you have .htaccess support on your host, you might consider blocking the entire address ranges.
Update 8 March: I’m still getting e-mail messages as a result of this spammer’s activities.
Update 8 March: I have just sent a complaint to Inhoster.com (owner of the IPs). We’ll see what happens. And I’ve just found 1750 results with an msn.com search for my e-mail address – that’s a lot of guestbook/form spamming.
Update 9 March: I have also complained to the upstream provider as I continue to receive e-mails and the number of search results increases. Nothing heard from Inhoster (which I’m not surprised by). The upstream provider’s abuse department is looking into my complaint.
