This morning, I awoke to find that a spammer had sent no less than 10 spam-comments to my blog. These were created by 2 attacking IP addresses. Interestingly enough, alot of the attacker IPs have HTTP websites and FTP servers running.
The attacker IPs:
68.83.28.204 – pcp01453785pcs.blurdg01.pa.comcast.net
66.219.161.190 – jcarrell-ws-13.direct.neobright.net
The websites those resolve to:
http://downpour.mine.nu/
http://burrotech.net/ [Doesn’t resolve directly]
Are these people aware of what they’re doing? Hard to tell. The sites that these IP resolves to look pretty innate, hardly the work of some evil spammer. Both attack systems run different distros of Linux (one is CentOS, the other is Mandrake Linux); and both run Apache. Maybe this attack is being launched from a common infected PHP page. Or maybe both systems got compromised due to poor knowledge of linux security management. This second option is possible as these are both IPs appear to be those of home-servers, not professional solutions.
Suggestions? I’m going to try to email these blokes ASAP.
Update: I’ve succesfully contacted the second bloke. He apologised, and said he would fix the problem. I have been unsuccesful with the first person however – I can’t find his email anywhere. However, I did leave some comments at his blog, which should automatically send an email to his account.
Update: The second bloke has stopped, but I’m now at the 20th comment submitted by the %#@$#@ first person. It just won’t stop. I’ve been forced to blacklist a particular word that is common throughout all his posts. Anyone posting that word in a comment automatically has their comment deleted; and that said I’m pretty sure normal comments will never use this word, even when referring to spam. Contact me if you wish to know what it is.