Hit by Weight Loss Spambot, Heavy Day for Content Scrapers

Hit I was, by a terribly time wasteful spambot pushing weight loss ads. Yes, my Recaptcha did send them to my spam folder for analysis, but it was still a lot. I just wished they would simply stop. All the comment spammers were pushing weight loss. I’m sure they are telling me something about my slightly widening girth, but I am already making amends. There is no need for added pressure, nor waste of bandwidth and technology.

The spambot all employed the clever dual IP address technique, where they read my site with one IP address, then spam me with yet another. It is the second IP address that gets recorded, and ff you ban this second IP address the spam continues. You need to read your raw access log in order to find the first IP address, and to see this exploit. This spambot attack was from the US, though one was from Canada. Comcast was the most heavily used.

93.126.112.202 ip-70ca.proline.net.ua, POST fake to 196.22.241.169
98.167.210.192 ip98-167-210-192.ph.ph.cox.net, POST to fake 23.243.64.206
69.243.96.174 c-69-243-96-174.hsd1.md.comcast.net, POST to fake 71.219.45.209
73.192.194.226 c-73-192-194-226.hsd1.ca.comcast.net, POST to fake 74.69.36.149
5.15.194.47 5-15-194-47.residential.rdsnet.ro, POST to fake 92.167.55.221
70.122.247.252 cpe-70-122-247-252.tx.res.rr.com, POST to fake dynamic.vdc.vn 222.255.216.123
86.123.247.134, POST to fake bsn-142-6-145.dynamic.siol.net 89.142.6.145
24.126.144.95 c-24-126-144-95.hsd1.ga.comcast.net, POST to fake s0106602ad07e6d8a.cn.shawcable.net 24.64.87.21
100.36.64.186 pool-100-36-64-186.washdc.fios.verizon.net, POST to fake 23.233.28.8
74.12.82.10 toroon2928w-lp130-05-1242321418.dsl.bell.ca, POST to 67.204.223.36
67.208.251.172, POST to 184.146.128.70
71.163.4.250 pool-71-163-4-250.washdc.fios.verizon.net, POST to 74.140.117.5
73.9.112.237 c-73-9-112-237.hsd1.il.comcast.net, POST to 76.185.85.15
68.199.90.104 ool-44c75a68.dyn.optonline.net, POST to 68.108.8.30
174.29.8.23 174-29-8-23.hlrn.qwest.net, POST to 72.220.123.208
204.210.244.81 cpe-204-210-244-81.columbus.res.rr.com, POST to 199.126.155.244
24.32.192.145 24-32-192-145.res.dyn.suddenlink.net, POST to 71.220.33.138
81.152.197.49 host81-152-197-49.range81-152.btcentralplus.com, POST to 46.47.118.2

Apart from the weight loss spambot cleanup it was a particularly heavy day for content scrapers in general. I also had visits from the US military and the Commission scolaire Des Samares / Samares School Board from Quebec. The French school has no emglish on their site but I can read enough French to understand. How they got their gc.ca URL I do not know.

Leave a Reply

Your email address will not be published. Required fields are marked *