Tag: strategy

The UN and North Korea: Using the Same Strategy and Failing

Sometimes you need to change course. Zag when you have previously ziged. And so it goes that Kom Jong Un and North Korea have splintered the UN. It is clear that economic sanctions are not effective against North Korea. The current sanctions, imposed in 2006 have been an abysmal failure, as North Korea displays its nuclear ambitions.

As the US and Trump shout ever louder, North Korea launches yet another test, making the US and the UN look like fools. After using one strategy one needs to reassess its effectiveness. It has been very clear that a pivot is required. The 11 year strategy of economic sanctions have not worked. The UN is no further ahead in convincing North Korea to stop their nuclear program.

Documenting A Referrer Spam Campaign

Get, I do, a lot of referrer spam on my site. I’m pretty sure that every site gets referrer spam, they are ubiquitous. Usually I have already banned them and they are usually from Russia, such as xrus, dealing with lovely, nubile, young Russian women. These I treat like background noise: I glance at the error 403 and move on. Then occasionally, about once a month, I get a bona fide referrer spam marketing campaign, where someone really wants to make a negative impression on both my Google Analytics and myself. I then find and ban them.

tanyadokterkeluarga.blogspot Referrer Spam: Research, Ban

tanyadokterkeluarga.blogspot is a persistent referrer spammer. They use a huge amount of Ip addresses that do not repeat the third octet. It has similar strategies to kosmetik-freaks.blogspot, in fact sharing identical IP ranges. They are sister referrer spammers. Both are not banned by the HTTP_REFERER in htaccess. If you kill one you kill the other, a nice double prize. As with the sister, this spammer runs out of Indonesia.

These are the referrers:

hvvc.us Content Scraper: Research, Ban

There are some scrapers and there are others that are ridiculous. I just got scraped hard by, 209-133-216-182.static.hvvc.us, with 105 server entries and 7 unique user agent names. Excessive, to say the least.

Here are the UA’s used:

Mozilla/5.0 (BlackBerry; U; BlackBerry 9900; en) AppleWebKit/534.11+ (KHTML, like Gecko) Version/ Mobile Safari/534.11+
Mozilla/5.0 (compatible; heritrix/3.3.0-SNAPSHOT-20160721-2308 +http://www.exif-search.com)
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201
Opera/12.02 (Android 4.1; Linux; Opera Mobi/ADR-1111101157; U; en-US) Presto/2.9.201 Version/12.02
UniversalFeedParser/3.3 +http://feedparser.org/
Windows-Media-Player/11.0.5721.5145 –
NOC4Hosts, HIvelocity Network

I have sent an email to their ISP, abuse@hivelocity.net.

kosmetik-freaks.blogspot Referrer Spam: Research, Ban

This kosmetik-freaks.blogspot is a referrer spammer that has been harassing me for quite a long time. I have tried to ban them with an HTTP_REFERER ban but this does not work. My ISP, Site5, will not help me. They are predominantly out of Indonesia. They are pret103.47.135.43
too sophisticated to evade my detection for so long.

The sister referrer spammer is tanyadokterkeluarga.blogspot, which uses the identical method and largely shares the same IP ranges. When you kill one you kill the other. Almost all these UAs are mobile devices, leading me to believe these are mobile customers that have downloaded the same spam app.

kwpublisher.com Referrer Spam: Research, Ban

kwpublisher.com is a long-time referrer spammer that I would like to remove. I have tried to ban them with an HTTP_REFERER ban but this does not work. My ISP, Site5, will not help me. This guy seems to have a similar method to kosmetik-freaks.blogspot. They seem to be out of Pakistan mostly, but have gone to Indonesia and China. I am now tracking them closely.

Conclusion: Tracked down the code hotlinking to my site. Complained to their domain names provider. Them they disappeared. Goodbye. x 4 – Pakistan Tel

Host Name 0 Zero or localhost in your Raw Access Log

Does your raw access log display a host name of “0”, or zero? Very odd, is it not? I have been struggling with this for a couple of months, and my ISP Site5 had no answers. It turns out that one of my spammers, NFORCE_ENTERTAINMENT, puts an unprintable character into their host table, so that when my ISP looks them up, they display the unprintable character in my log as “0”.

Trying to control your site’s spam can be challenging. If you try to ban an IP that is simply 0, or a host name of “0” you will fail, because there is no zero in their host name, but an unprintable character. Ban these guys instead.

no-ptr.as20860.net Comment Spammer: Research, Ban

no-ptr.as20860.net is a dual Ip spammer with a twist. The originating IP hostname lookup returns three IPs! You’ll need to ban all three, but there’s a lot more. They use IOMart, GB as their ISP.

It seems like this hostname also morphs to numerous IP addresses, making them difficult to track down.

no-ptr.as20860.net hostname lookup

no-ptr.as20860.net not only uses the dual ip spammer strategy, but also changes its host name through many ip addresses, making it double difficult to ban.

fvds.ru Content Spammer: Research, Ban

fvds.ru spammed me, so I researched them. A good portion of their IPs are in the range of but there are others. They use a wide variety of names.

t-testing.fvds.ru host lookup is bogus. Research revealed and



static.vdc.vn: Research, Ban

static.vdc.vn is regular content scraper, but it did POST to me and left its IP address. I have been trying to track this one down for a while, but it uses such a wide variety of IP addresses that this is difficult. I could ban large ranges but this would also ban a wide swath of Vietnam, which I do not wish.

static.vdc.vn 2017-feb-27
static.vdc.vn 2016-nov-03
static.vdc.vn 2017-jan-14
static.vdc.vn 2016-nov-22
static.vdc.vn 2016-oct-31
static.vdc.vn 2017-jan-18
static.vdc.vn 2016-dec-27
static.vdc.vn 2017-feb-20
dynamic.vdc.vn 2016-dec-26
dynamic.vdc.vn 2017-jan-30
dynamic.vdc.vn 2017-jan-23
dynamic.vdc.vn 2016-dec-18
dynamic.vdc.com.vn 2017-jan-22
dynamic.vdc.vn 2016-oct-21
dynamic.vdc.vn 2017-feb-08
dynamic.vdc.vn 2017-jan-09
dynamic.vdc.vn 2016-nov-21
dynamic.vdc.vn 2016-nov-25
static.vdc.vn 2016-nov-03
static.vdc.vn 2016-dec-23
static.vdc.vn host name actual