Distributed comment spamming

Today I had my first distributed, coordinated comment spam attack. This one was interesting because within a five minute time span, twenty comments were posted to three separate entries. The comments used a similarly formated message but linked to different, legitimate web sites. They were also from completely different IP addresses (list below the fold).

Clearly something in the Movable Type 3.3 upgrade broke my captcha. I have comments moderation on until I have time to deal with it.

62.206.75.78
62.23.185.221
64.34.193.106
65.202.103.135
66.135.34.11
66.98.162.34
80.73.148.235
80.93.238.120
163.148.100.85
193.225.86.182
200.122.16.50
200.148.206.62
200.176.199.96
200.179.238.9
201.17.157.34
201.17.169.143
201.17.235.73
201.36.143.93
201.44.199.71
201.44.7.35
202.212.58.10
219.117.201.240

4 thoughts on “Distributed comment spamming”

  1. I see these come in swarms. I have a plugin in WordPress that chews through all this stuff, and sends me an email once a day telling me what a good boy he’s being. Since July 28th he’s caught 1188 spam and let 130 comments through, all correctly.

  2. I’ve been seeing these for the better part of a year now. I know I haven’t upgraded to the current version of MT, mostly because I don’t want to give up the convenience of MT Blacklist (yeah, try and comment on my very first entry (now more than 2 years old) and see what happens…I’m embargoing your butt you evil creature you)). I’m not sure what this is about, what purpose it serves the [email protected] but it’s made me look at what I add to the centralized blacklist, and learn to use regular expressions!, more carefully.

Comments are closed.