Welcome to Geeklog Monday, October 23 2017 @ 02:48 pm EDT

[Spam] Are contact lenses the new fad?

  • Contributed by:
  • Views: 14,881
Spam

Well, we've had spam for porn, pills, and poker - but contact lenses?

Last week, someone actually registered with several Geeklog sites only to post comment spam for contact lenses. I actually thought that was somewhat amusing, but it seems there's more of this coming.

We are now seeing referer spam for a site advertising contact lenses:

Spamvertized site:contact-lenses-x7 DOT com
Domain registered with:Names4ever.com
Site hosted at:72.9.234.170,
Global Net Access LLC,
Atlanta
Referer spam came from:63.247.74.90,
Global Net Access LLC,
Atlanta

It doesn't look like the two incidents are directly related, though. Last week's spam was for:

Spamvertized site:lens DOT excellentoffers DOT info
Domain registered with:DirectNIC
Site hosted at:216.195.42.217,
APS Telecom

I don't have the IP address of that spammer any more, but it belonged to an ISP in Hong Kong.

The excellentoffers site is apparently registered to some Alex Antuacesko in Romania, while contact-lenses-x7 is registered to some Marlon Santos in Seattle, WA. Both addresses may be fake, of course, but at least the Seattle address looks legit.

Anyway, it can't hurt to add both domain names to your Personal Blacklist. And throw in a few key phrases like "contact lens" (so that it also matches "contact lenses"), too, while you're at it.

[Spam] Meet The Bulgarians

  • Contributed by:
  • Views: 17,581
Spam

Comment spam is a huge problem for a lot of sites these days. And since geeklog.net gets its share of comment spam, we thought we'd give you some information about the spam that hits geeklog.net so that you can use this to protect your own site.

The most persistent wave of spam that's been hitting us for months now comes from two brothers, nicknamed The Bulgarians.

Have you been getting waves of comment spam for poker / casino sites, alternating with spam for pills / drugs, and finance / mortgage sites? Then you're most likely on the Bulgarian's list.

Ann Elisabeth Nordbo has collected some background information on these two. An interesting read (and I highly recommend her other site, Spam Huntress, which is dedicated to fighting comment spam).

Fortunately, there is a very effective method to block these particular spammers. If your webhost lets you edit your own .htaccess file, see Cindy's spampop for the recipe. Cindy also used to keep a list of all the domains that the Bulgarians have registered (over 2500), but had to take it down due to heavy traffic. Ann Elisabeth is now keeping track of the recently used domains.

If you can't create your own .htaccess file, then you should feed your personal blacklist (in Geeklog's Spam-X plugin) with a few typical phrases and keywords from the comment spam you may see. We will also be releasing an update to the Spam-X plugin soon that will include a filter module that lets you apply the "spampop" method from within Geeklog.