Today I had my first distributed, coordinated comment spam attack. This one was interesting because within a five minute time span, twenty comments were posted to three separate entries. The comments used a similarly formated message but linked to different, legitimate web sites. They were also from completely different IP addresses (list below the fold).
Clearly something in the Movable Type 3.3 upgrade broke my captcha. I have comments moderation on until I have time to deal with it.
62.206.75.78 62.23.185.221 64.34.193.106 65.202.103.135 66.135.34.11 66.98.162.34 80.73.148.235 80.93.238.120 163.148.100.85 193.225.86.182 200.122.16.50 200.148.206.62 200.176.199.96 200.179.238.9 201.17.157.34 201.17.169.143 201.17.235.73 201.36.143.93 201.44.199.71 201.44.7.35 202.212.58.10 219.117.201.240
Want harder, natural OTC stocks worth $1 million dollars in Nigeria?
I see these come in swarms. I have a plugin in WordPress that chews through all this stuff, and sends me an email once a day telling me what a good boy he’s being. Since July 28th he’s caught 1188 spam and let 130 comments through, all correctly.
I’ve been seeing these for the better part of a year now. I know I haven’t upgraded to the current version of MT, mostly because I don’t want to give up the convenience of MT Blacklist (yeah, try and comment on my very first entry (now more than 2 years old) and see what happens…I’m embargoing your butt you evil creature you)). I’m not sure what this is about, what purpose it serves the sp@mhaus but it’s made me look at what I add to the centralized blacklist, and learn to use regular expressions!, more carefully.
Can I interest you in any drugs or watches? 🙂