Monday, September 27, 2004

Comment spam? - What about comment rubbish?

I've noticed 42 comments posted to the post about the billing system troubles and looking through them they are all relating to the same thing. Looking at the stats, there have been 264 hits to that post as of now, which is quite high given the time since posting.

A quick grep on the access logs shows the first access and then POST request coming from an IBM address.

Here are all the hosts that have submitted POST requests to that entry so far:

bi-02pt1.bluebird.ibm.com
vc1-232-1.adsl.indra.com
212.42.181.32
help.anu.edu.au
d9-89.rb.lax.centurytel.net
198.213.56.82
63-231-138-195.mpls.qwest.net
1-1-3-9a.kt.gbg.bostream.se
adsl-63-197-36-42.dsl.lsan03.pacbell.net
h36n1fls27o1079.bredband.comhem.se
65.90.52.195
152.160.7.130
wcs1-cbus.nipr.mil
blk-222-64-197.eastlink.ca
66-7-225-40.cust.telepacific.net
pool-162-84-160-10.ny5030.east.verizon.net
255.1.252.64.snet.net
hosta.sixcontinentshotels.com
redgate.kcc.com
adsl-64-108-125-78.dsl.euclwi.ameritech.net
207-171-180-101.amazon.com
12-202-217-219.client.insightbb.com
63-253-43-58.ip.mcleodusa.net
gate1-sandiego.nmci.navy.mil
63.119.250.95
host81-156-234-232.range81-156.btcentralplus.com
dial-156-112-113-216.megacom.net
69-167-181-191.snbrca.adelphia.net
customer-hmo-131-129.megared.net.mx
64.114.213.97
yymkcxxxix.dsl.saunalahti.fi

As you may have noticed, there are some interesting hosts there. What makes it even more interesting is the fact all of the comments posted by all hosts are about the same thing and all around the same time. If you have not already guessed, I would think these hosts are compromised & possibly being used as relays to spam and other rubbish. Either way, I'm not bothered. It's all junk and all gone.

Another interesting thing is that hits from the IBM host have been coming in for ages - so either a regular visitor or web proxy. Some Google searches have resulted in visits from that host, quite a number of varied searches in fact.

I'm not interested in looking over this any more, however I may just contact the appropriate contacts for the hosts above just to alert them to the fact that something could well be up.

UPDATE: 28/09/04

It would seem the reason for all the Betty comments, would be due to Suso. He's posted a number of comments in the past on here and decided to post a comment on this Slashdot post asking people to post about Betty on here.

I think this guy has lost the plot. I did notice references to him but due to past comments I ignored it. Maybe I should have trusted my own judgement before passing it off as some rubbish. It was logical to think a link must have been posted somewhere asking for such a stupid thing, why - I do not know.

So, Suso - As they always ask - What is your motive? And yes, of course I have heard of a page referrer, it's late here, you know.

Post ID: 518, posted by jase at 11:14 PM
Permalink | TrackBack ID: 491, (22) | Category: Misc | Google Search
Comments

"I'm not interested in looking over this any more"

So actually you don't see any chance of figuring out so-called "Betty" ?

Posted by: k2r at September 27, 2004 11:53 PM

Well apart from Betty Boo, there must be another Betty that Suso knows, considering for some strange reason he asked the /. massive to post here about it.

Very strange.

Posted by: jase at September 28, 2004 12:17 AM
Valve Media Ltd
Search Engine Compliance