02 January 2005

Errant Comments

In the past 24 hours we’ve had several dozen pornography links pasted into the comments of the various articles advertising one particular site. Thankfully that, combined with some other attributes has made it fairly easy to filter the bad guy to a special page just for him (or her, as the case may be).

It seems kind of ridiculous that someone would bother with this sort of thing nowadays. Google already has filtering in place to prevent such postings from impacting their search results, or at least so they say.

In this case the spamming is by some Russian guy advertising a site with various pornography. I don’t really expect their upstream to do anything about the “spamvertised” site. Maybe it is just the Russian mob looking for some hard currency to help with laundering. Throw in the KGB, a rogue CIA agent with amnesia and lots of black Mercedes sedans racing around St. Petersburg and you might have the makings of a good action movie.

The blog spamming itself was being done by a rather unsophisticated tool being run from some number of compromised Windows machines on cable modem networks. Again, I don’t expect the cable modem internet providers will actually bother doing anything to get infected boxes off their network. It’s not like they perceive these costs at all. And I’m quite sure none of those end users know their machines are compromised. Just do us all a favor and remember the following: a computer running Windows will be infected by a virus within 16 minutes of being connected to the Internet if measures (like never ever using MSIE) aren’t taken to protect it, even with countermeasures it’s a crap shoot. You can help by using something else.

For now, he/she/it is blocked and all comments are forced through moderator approval, at least until I’m satisfied that the threat has passed for the time being. Having to waste a few hours on this was annoying. The naughty person in question (and perhaps a few others running ancient Windows) get to see this friendly message for every request they make to this website now:

Hi there!

Someone with a similar browser as you has been spamming the comments with
pornography ads hoping to trick Google into thinking that my site’s good
ranking is some how associated with porn from this guy (probably not real)
in Russia:

Morozov, Alexander se-traf@mail.ru
Tverskaya 13-123
Moscow, Moscow 123456

I’m sick of deleting this garbage out of the pending comment queue, so you’re
seeing this page instead. If you’re a legitimate reader, you have my utmost
apologies, but you shouldn’t be running Windows 98 nowadays anyway unless you
want your computer cracked…

Feel free to direct complaints to…

This person’s host: abuse@atrivo.com
This person’s upstream transit: abuse@nlayer.net
This person’s further upstream transit: abuse@gblx.net

Really, you can stop trying to spam the site now. Go bother someone else
with all the poor Windows cable modem machines you’ve cracked.

No comments: