Comment spam attack

Just moments ago my site reported that an IP Address had been banned due to excessive comments in the last 200 seconds. One can only assume that this is an automatic spam attack.

For those of you running sites that would like to avoid this, here are the details of the IP that attacked over the page, as well as listings from various Spam databases for the attacker.

The following results are for the IP Address 203.113.13.3 which traced through DNS Stuff gave this…

netname: tot-ip-1-cmi-pop-ap

descr: tot ip network #1 chiengmai province dial up pool ip address and LAN pop infrastructure

person: pansak arpakajorn

nic-hdl: PA82-AP

e-mail: pansaka@tot.co.th

address: 89/2 Moo 3 Chaengwattana Rd, Laksi,Bangkok 10210 THAILAND

phone: +66-2574-9178

fax-no: +66-2574-8401

country: TH

person: tawat kerdput

nic-hdl: TK56-AP

e-mail: tawath@tot.co.th

address: 89/2 Moo 3 Chaengwattana Rd, Laksi, Bangkok 10210 THAILAND

phone: +66-2505-6117

fax-no: +66-2574-8401

country: TH

person: surachet sripolkrang

nic-hdl: SS110-AP

e-mail: suraches@tot.co.th

address: Data Services Management Department

address: TOT Corporation Public Company Limited

address: 89/2 Moo 3 Chaengwattana Rd., Laksi,Bangkok 10210 THAILAND

phone: +66-2-5008105

fax-no: +66-2-5759737

country: TH

Run through their Spam checker identified that various mail servers class it as spam, here’s some more details…

SORBS

Netblock: 203.113.0.0/20 (203.113.0.0-203.113.15.255)

Record Created: Sat Aug 21 23:11:52 2004 GMT

Record Updated: Sat Aug 21 23:11:52 2004 GMT

Additional Information: Dynamic/Generic IP/rDNS address, use your ISPs mail server or get rDNS set to indicate static assignment.

Distributed Sender Blackhole List

State: Listed

SpamCop

Causes of listing

* System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

* SpamCop users have reported system as a source of spam about 10 times in the past week

Additional potential problems

(these factors do not directly result in spamcop listing)

DNS error: 203.113.13.3 has no reverse dns

Because of the above problems, express-delisting is not available

Listing History

In the past 6.1 days, it has been listed 3 times for a total of 4.1 days

My apologies if you are running through that range of addresses and are a legitimate user. I would suggest either changing host or complaining directly to them.

2 comments on “Comment spam attack”

  1. Simone Reply

    I have noticed that the site is not getting much spam like it used to, is it because you are using this tool? Obviously doing its job eh?

  2. Richard Brunton Reply

    No, actually it’s all down to MoveableTypes anti-spam features which are catching everything – this tool is just to find out where the attacks came from.

    To be honest it probably doesn’t originate with these people, but their systems may be so lax that others are using their addresses for spamming, or maybe they are the ones to blame. Who knows, but what other action can someone who has been attacked take?

Leave A Reply

Your email address will not be published. Required fields are marked *