My Moldovan spammer (makes it sound endearing doesn’t it, like a special breed of poodle?) came in from: 87.248.167.124, and they turn out to resolve to two people from Chisinau, Moldova (looked up using RIPE http://www.ripe.net/whois):

% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-proposal-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
%       To receive output for a database update, use the “-B” flag.

% Information related to ‘87.248.167.0 - 87.248.167.255′

inetnum:         87.248.167.0 - 87.248.167.255
netname:         STARNETMD
descr:           SC STARNET SRL
descr:           Chisinau, Moldova
country:         MD
admin-c:         OB1145-RIPE
admin-c:         MG3934-RIPE
tech-c:          OB1145-RIPE
status:          ASSIGNED PA
mnt-by:          MNT-STARNETMD
source:          RIPE # Filtered

person:          Maxim Gatman
address:         SC STARNET SRL
address:         Chisinau, Moldova.
org:             ORG-SS50-RIPE
phone:           +37322844444
fax-no:          +37322844445
e-mail:          mg@starnet.md
nic-hdl:         MG3934-RIPE
source:          RIPE # Filtered
mnt-by:          MNT-STARNETMD

person:          Oleg Burlacu
address:         SC “STARNET” SRL
address:         55 Maria Cibotari str.
address:         Chisinau
address:         Moldova
phone:           +373 22 844960
e-mail:          oleg@starnet.md
nic-hdl:         OB1145-RIPE
source:          RIPE # Filtered

% Information related to ‘87.248.167.0/24AS31252′

route:           87.248.167.0/24
descr:           StarNet SRL
descr:           Chisinau, Moldova.
origin:          AS31252
mnt-by:          MNT-STARNETMD
source:          RIPE # Filtered
Initially I blocked them using a rewrite rule on my server root .htaccess file (I don’t claim to know how it works, I got the technique from some mailing list), and it worked for a while, but for some reason they started to circumnavigate the block and still come in on the same IP, which none of the other spammers I blocked in this way have ever managed.

They were specifically targeting four posts on my blog (so definitely robots IMO), so it was easy to delete the comments, but eventually I got bored with that so I changed the number of the fake captcha on the comment form to a different number - I have a simple plugin running on my comment form that checks the numbers match up.

It’s a fake captcha because it’s not generated - it’s the same number every time and seems to stop most bots.

That seemed to stop it, touch wood.

That’s it really. Any help?

In a similar vein, you might find this site amusing: http://www.clickmonkeys.com/

I *think* it’s a joke…

the draGnet 4.0
———————————————————————–
the weblog of Miss K, transgendered z-list celeb
http://www.thedragnet.org/

Thanks, Miss K! There’s nothing z-list about your Interneting skills.

Miss K’s Moldovan spammer has a different IP address than my Moldovan spammer, but in the shadow world of spam this means nothing. The two names mentioned above, Maxim Gatman and Oleg Burlacu, may be pseudonyms. However, I did find a mention of Maxim Gatman here: http://spamhuntress.com/wiki/Evgheni_Tariuc

Which raises the question: Who is this “Spamhuntress“? And can she really fold metal objects with the power of her sidekick? Turns out her Web site has lots of good spam resources. And, through the power of her hunting skills, she outs spammers and engages others in rambling dialogs. Go Spamhuntress!

Well, Ms. K wrote saying she’d get back to me regarding Moldovan spammers. That was a week agon, and I had hoped to get a follow-up by now. But then, Ms. K has a complicated, energy-intensive social life.

While we wait, let’s check in with Wired, whose August issue includes The Sleazy Life and Nasty Death of Russia’s Spam King. Pity fast-living Vardan Kushnir, found in his bathroom with his head bashed in. Was it spam related? Not everyone thinks so, but come on–the guy was known and hated for his spamming. At least one Russian newspaper said he had it coming.

Makes me wonder. Maybe this is why my mysterious Moldovans stay on the down low–they like their skulls round and not so pulpy.

For a couple of days after my “Living in Moldova” post, I didn’t get any comment spam. I worried that I had offended the spammers of that proud-but-impoverished nation. But no, a few days later they were back!

Unfortunately, they declined my offer to post their links in return for information about life in Moldova. As far as I know, that offer is unique in the world of blogging. But some people just can’t be bothered.

I’m still curious about these Moldovan spammers. Are they impoverished techies just trying to put bread on the table? Ruthless Russian-style gangsters? Go-hung capitalists shaking off the dust of the old Soviet command economy?

On the off chance that spamming is illegal in Europe, I decided to check with Interpol. Not only did they not have any useful information, but their home page says they’ve got spam problems of their own:

Beware of fake email messages related to money transactions using Interpol’s name

Googling for information didn’t turn up much. I did find a tranny named Ms. K who left a comment on another tranny site about Moldovan spammers. As Ms. K seems to know a lot about IP blocks, htaccess and “pseudo captcha,” I thought she might be able to help me find out something about the Moldovans. But so far, she hasn’t written me back.

I haven’t posted here lately, but that doesn’t mean this site has been idle. I’ve got 15 comments in the moderations cue, waiting for me to approve them for display or delete them.

Sadly, they’re not real comments. They’re comment spam, also known as blog spam or spam in blogs. It works like this: the spammers (or more likely their software) get onto a blog and place a trival comment like “Wow that’s a nice post” to which is appended a link to some product or service.

I approved one such comment–it’s attached to the entry for Rock’em Sock’em Theater. The text makes it sound like the link will take you to a massage therapist in Miami, Florida, but the actual destination page is mostly gibberish. (Not sure why.)

Anyway, after I got more than a dozen of these things, I decided to try my hand at a little Internet sleuthing, to see if I could find out anything about the spammers. The trail seems to lead back to the small nation of Moldova, a former Soviet republic squashed between the Ukraine and Romania.

How cool is that! Somebody has been mucking with my Web site all the way from Moldova. I looked up Moldova in the CIA World Factbook, and found out the following:

• Before it was annexed by the Soviety Union at the end of World War II, it was part of Romania.
• The easternmost part of the country has declared itself a republic and goes by the name Transnistria.
• It’s either one of the poorest or the poorest nation in Europe (the CIA can’t seem to make up its mind).

So, greetings to visitors from Moldova! No, I’m not going to post your ads for bean bag chairs, cigar humidifiers, or “cell epilepsy stem study therapy” (whatever the hell that is). But tell me something about life in Moldova, and maybe I’ll approve your comment.

For instance: What kind of alcohol is most popular in Moldova?