This blog is currently dormant, for reasons explained on my other blog, in a post called Boom and Bust. That post tells about how my Internet habit evolved into an addiction, prompting me to go cold turkey for a while. But while my activity on this blog has stopped, the attacks by spammers have gotten out of control.
I’m cautiously coming back online, mainly to do minimal maintenance upkeep on my different websites, blogs and social networks. I’ve been planning to do a post here about how I’d like to extend this blog’s coverage to the entire realm of Open Source, including but going beyond OpenSim, which is only one particularly fascinating branch of the Open Source phenomenon.
But for the moment a different concern bothers me. I’m referring to the problem of comment spam. Today when I logged in as administrator of this Wordpress blog, I was greeted with the following message: “81 comments awaiting moderation.” These comments were all spam. Maybe I need to upgrade my Wordpress software to a more recent version having better spam protection.
I was going through these 81 spam comments, marking them as spam one by one , so as to catch any real comments. I noticed that the user IP number of each of the spammers is shown as a link. Clicking on one of these links, I discovered that Wordpress is set up so that this link refers me to the search page of the ARIN WHOIS database.
For instance, one of the most aggressive spammers was 194.165.42.137. I entered this number into the ARIN WHOIS search box, but nothing happened. Then at the bottom of the ARIN WHOIS page I noticed a link to the RIPE Database Search.
I entered the IP number 194.165.42.137 into the RIPE Database Search, and it returned the following information:
inetnum: 194.165.42.0 - 194.165.42.255
org-name: NASHIRNET-SA
address: National Computer Systems
Saudi Arabia
e-mail: info@comunmente.info
phone: +96614657070
mnt-ref: COMUNMENTE-MNT
address: National Computer Systems
e-mail: info@nashirnet.biz
So what does this mean? To understand more about it, I entered into the RIPE Database Search my own IP number, which seems to be 212.198.146.203 at the moment. (Each time my routeur reconnects to the Internet, France Telecom assigns me a different IP number. I thought this was cut-rate service, because it prevents certain applications which require a permanent IP address, but the sales representatives assured me this is done for my own protection.) The search returned the following information:
inetnum: 212.198.0.0 - 212.198.255.255
organisation: ORG-NNS2-RIPE
org-name: NC Numericable S.A.
address: NUMERICABLE
Hubert Lesclaux
6 rue Albert Einstein
77420 Champs sur Marne
FRANCE
phone: +33170015631
fax-no: +33170014700
abuse-mailbox: abuse@numericable.fr
In other words, the RIPE Database only indicates the name and contact numbers of the Internet Service Provider. But there is in each case an email one can send complaints to. So I sent an email to the aggressive spammer’s ISP - though I have little hope of receiving a reply.
9 comments ↓
Today there is one new spam from the same spammer, IP number 194.165.42.137. I’m going to send an email to complain to the spammer’s Internet Service Provider, at the address info@nashirnet.biz. I doubt there will be any response, but it is worth a try.
Here is the text of the email that I have sent to info@nashirnet.biz:
___
Dear Sir or Madame,
One of your customers, using IP number 194.165.42.137, is sending large amounts of comment spam to my personal blog.
The comments contain unintelligible text plus links to websites having nothing to do with my blog. These spammy comments are sent regularly once a day, probably by a robot program. I am obliged to spend large amounts of time surveying and deleting these spammy comments.
I consider this massive comment spamming to be unacceptable and anti-social behaviour. Do you have any way to exercise authority over your IP number 194.165.42.137 in order to put an end to this abuse?
Best regards,
Danton Sideways
I had the same ip start on my pages,
I assume as the range of ips is only from *.0 to *.255, that all 256 ips probably belong to the spammers,
I will check back to see if you have any replies, but I guess they will not care what you think.
(your own look up example is much more
*.0.0 - *.255.255 a total of 65,536 possible ips)
Hello Carl. I’m still getting comment spam from that spammer, and several others. And no one answered my email. I expected as much.
It is interesting to observe that one can easily locate at least which internet service provider the spam is coming from. One could thus require service providers to take responsibility for what their customers are doing with the service.
And there are privacy issues. There are probably better ways to protect onself. For example, WordPress asks me if I want to mark the comments as spam - but then lets the same IP post again. It should be easy to at least block a range of IPs, but it would take me too much time to figure out how. I’ll just keep deleting big packets of comments from time to time.
Interestingly enough, the spammer in Saudi Arabia has stopped attacking this blog. But a host of other less punctual spammers have replaced him. Their IP numbers are as follows:
94.102.60.151
94.102.60.152
94.102.60.153
94.102.60.183 (these 4 are probably all the same computer)
86.22.173.95
87.225.34.196
87.225.33.54
87.225.32.99 (again these 3 probably the same)
80.94.174.88
89.142.241.132
68.47.124.232
And today’s thoughts: the Internet Service Providers (ISP) that have these spammers as customers can easily identify exactly who they are. All we have to do is pass legislation making the ISPs responsible for the spam coming off their systems, and they will make it stop right away.
As for email spam, there is also an easy solution. The great majority of it comes from personal computers that have been hijacked and turned into zombies without their owners knowing about it. Now only the Microsoft operating system is vulnerable to such attacks, so if everyone changed to a Mac or Linux system that would bring an end to it.
Here is the new list of spamming IPs:
123.144.164.254
189.111.206.139
193.164.131.39
195.131.84.202
195.131.84.204
195.131.84.219
195.131.84.251
213.130.111.206
61.160.212.134
77.35.151.21
81.95.188.27
83.233.30.32
89.163.66.66
92.241.160.22
92.49.148.239
92.49.177.62
I think there is a way to require “members” to register on the site before they can start spamming. I’ll have to find that: it should slow them down.
Hi there Spamback regarding source spam protection sounds interesting post,but i’m not sure if i could agree with you in 100%.
More Spamming IPs:
194.165.42.137
68.47.124.232
80.94.174.88
86.22.173.95
87.225.34.196
87.225.33.54
87.225.32.99
89.142.241.132
94.102.60.151
94.102.60.152
94.102.60.153
94.102.60.183
Below is the RIPE information for the jerks at IP 195.2.240.99 who posted more than 300 comment spams to this blog:
_________________
inetnum: 195.2.240.0 - 195.2.241.255
netname: PIN-NET
descr: Petersburg Internet Network LLC
country: RU
org: ORG-SISL5-RIPE
admin-c: MNV32-RIPE
tech-c: LAV66-RIPE
tech-c: SEO-RIPE
status: ASSIGNED PI
mnt-by: SPIS-MNT
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-routes: SPIS-MNT
mnt-domains: SPIS-MNT
source: RIPE # Filtered
organisation: ORG-SISL5-RIPE
org-name: PIN LLC
org-type: OTHER
descr: Petersburg Internet Network LLC
address: korp. 1a 40 Slavy ave.,
address: St.-Petersburg, Russia
e-mail: support@internet-spb.ru
phone: +7 812 4483863
fax-no: +7 812 4483863
admin-c: MNV32-RIPE
tech-c: LAV66-RIPE
tech-c: SEO-RIPE
mnt-ref: SPIS-MNT
mnt-by: SPIS-MNT
source: RIPE # Filtered
person: Metluk Nikolay Valeryevich
address: korp. 1a 40 Slavy ave.,
address: St.-Petersburg, Russia
e-mail: nm@internet-spb.ru
phone: +7 812 4483863
fax-no: +7 812 2683113
nic-hdl: MNV32-RIPE
mnt-by: SPIS-MNT
source: RIPE # Filtered
person: Ladoha Anton Vladimirovich
address: korp. 1a 40 Slavy ave.,
address: St. Petersburg, Russia
e-mail: admin@internet-spb.ru
phone: +7 812 4483863
fax-no: +7 812 2683113
nic-hdl: LAV66-RIPE
mnt-by: SPIS-MNT
source: RIPE # Filtered
person: Strukov Evgeny Olegovich
address: korp. 1a 40 Slavy ave.,
address: St.-Petersburg, Russia
phone: +7 812 4483863
nic-hdl: SEO-RIPE
mnt-by: SPIS-MNT
source: RIPE # Filtered
Leave a Comment