Real and pretend women fighting spam

Awhile back, when this blog was on my other Web site, I asked Miss K for help tracking down Moldovan spammers. She wrote me back, and like a bastard I haven’t got around to posting her reply… until now.

My Moldovan spammer (makes it sound endearing doesn’t it, like a special breed of poodle?) came in from: 87.248.167.124, and they turn out to resolve to two people from Chisinau, Moldova (looked up using RIPE http://www.ripe.net/whois):

% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-proposal-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
%       To receive output for a database update, use the “-B” flag.

% Information related to ‘87.248.167.0 – 87.248.167.255’

inetnum:         87.248.167.0 – 87.248.167.255
netname:         STARNETMD
descr:           SC STARNET SRL
descr:           Chisinau, Moldova
country:         MD
admin-c:         OB1145-RIPE
admin-c:         MG3934-RIPE
tech-c:          OB1145-RIPE
status:          ASSIGNED PA
mnt-by:          MNT-STARNETMD
source:          RIPE # Filtered

person:          Maxim Gatman
address:         SC STARNET SRL
address:         Chisinau, Moldova.
org:             ORG-SS50-RIPE
phone:           +37322844444
fax-no:          +37322844445
e-mail:          mg@starnet.md
nic-hdl:         MG3934-RIPE
source:          RIPE # Filtered
mnt-by:          MNT-STARNETMD

person:          Oleg Burlacu
address:         SC “STARNET” SRL
address:         55 Maria Cibotari str.
address:         Chisinau
address:         Moldova
phone:           +373 22 844960
e-mail:          oleg@starnet.md
nic-hdl:         OB1145-RIPE
source:          RIPE # Filtered

% Information related to ‘87.248.167.0/24AS31252’

route:           87.248.167.0/24
descr:           StarNet SRL
descr:           Chisinau, Moldova.
origin:          AS31252
mnt-by:          MNT-STARNETMD
source:          RIPE # Filtered
Initially I blocked them using a rewrite rule on my server root .htaccess file (I don’t claim to know how it works, I got the technique from some mailing list), and it worked for a while, but for some reason they started to circumnavigate the block and still come in on the same IP, which none of the other spammers I blocked in this way have ever managed.

They were specifically targeting four posts on my blog (so definitely robots IMO), so it was easy to delete the comments, but eventually I got bored with that so I changed the number of the fake captcha on the comment form to a different number – I have a simple plugin running on my comment form that checks the numbers match up.

It’s a fake captcha because it’s not generated – it’s the same number every time and seems to stop most bots.

That seemed to stop it, touch wood.

That’s it really. Any help?

In a similar vein, you might find this site amusing: http://www.clickmonkeys.com/

I *think* it’s a joke…

the draGnet 4.0
———————————————————————–
the weblog of Miss K, transgendered z-list celeb
http://www.thedragnet.org/

 

Thanks, Miss K! There’s nothing z-list about your Interneting skills.

Miss K’s Moldovan spammer has a different IP address than my Moldovan spammer, but in the shadow world of spam this means nothing. The two names mentioned above, Maxim Gatman and Oleg Burlacu, may be pseudonyms. However, I did find a mention of Maxim Gatman here: http://spamhuntress.com/wiki/Evgheni_Tariuc

Which raises the question: Who is this “Spamhuntress“? And can she really fold metal objects with the power of her sidekick? Turns out her Web site has lots of good spam resources. And, through the power of her hunting skills, she outs spammers and engages others in rambling dialogs. Go Spamhuntress!

 

 

This entry was posted in spam in blogs. Bookmark the permalink.

2 Responses to Real and pretend women fighting spam

  1. David says:

    I hope this is germane enough to this topic… but I’ve been wondering…

    The Wacky visual, squiggly letters-and-numbers that only a real person can perceive thingy — is that a feature of this blog host, or is it something I can add to any form on my site?

  2. surly says:

    The features of which you speak is called “Captcha,” and you can read about it here: http://en.wikipedia.org/wiki/Captcha

    There’s a Captcha plugin for WordPress, which is what I use. But I’ve also seen Captcha plug-ins for a lot of other Content Management Systems (blogs, wikis, etc.) You can probably adopt it for whatever system you’re using.

    What is it that powers Moocat?

Leave a Reply

Your email address will not be published. Required fields are marked *