« Spiders are sneaky... | Main | Knowledge Retention not Employee Retention »

Comment spam attack

Sunday 17 September 2006 | Written by Richard Brunton | Internet | Comments (2)

Just moments ago my site reported that an IP Address had been banned due to excessive comments in the last 200 seconds. One can only assume that this is an automatic spam attack.

For those of you running sites that would like to avoid this, here are the details of the IP that attacked over the page, as well as listings from various Spam databases for the attacker.

The following results are for the IP Address 203.113.13.3 which traced through DNS Stuff gave this...

netname: tot-ip-1-cmi-pop-ap
descr: tot ip network #1 chiengmai province dial up pool ip address and LAN pop infrastructure
person: pansak arpakajorn
nic-hdl: PA82-AP
e-mail: pansaka@tot.co.th
address: 89/2 Moo 3 Chaengwattana Rd, Laksi,Bangkok 10210 THAILAND
phone: +66-2574-9178
fax-no: +66-2574-8401
country: TH

person: tawat kerdput
nic-hdl: TK56-AP
e-mail: tawath@tot.co.th
address: 89/2 Moo 3 Chaengwattana Rd, Laksi, Bangkok 10210 THAILAND
phone: +66-2505-6117
fax-no: +66-2574-8401
country: TH

person: surachet sripolkrang
nic-hdl: SS110-AP
e-mail: suraches@tot.co.th
address: Data Services Management Department
address: TOT Corporation Public Company Limited
address: 89/2 Moo 3 Chaengwattana Rd., Laksi,Bangkok 10210 THAILAND
phone: +66-2-5008105
fax-no: +66-2-5759737
country: TH

Run through their Spam checker identified that various mail servers class it as spam, here's some more details...

SORBS
Netblock: 203.113.0.0/20 (203.113.0.0-203.113.15.255)
Record Created: Sat Aug 21 23:11:52 2004 GMT
Record Updated: Sat Aug 21 23:11:52 2004 GMT
Additional Information: Dynamic/Generic IP/rDNS address, use your ISPs mail server or get rDNS set to indicate static assignment.

Distributed Sender Blackhole List
IP: 203.113.13.3
State: Listed

SpamCop
Causes of listing
* System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)
* SpamCop users have reported system as a source of spam about 10 times in the past week

Additional potential problems
(these factors do not directly result in spamcop listing)
DNS error: 203.113.13.3 has no reverse dns
Because of the above problems, express-delisting is not available

Listing History
In the past 6.1 days, it has been listed 3 times for a total of 4.1 days

My apologies if you are running through that range of addresses and are a legitimate user. I would suggest either changing host or complaining directly to them.

Tagged with: |

Comments

Simone
17-09-2006
11:50

I have noticed that the site is not getting much spam like it used to, is it because you are using this tool? Obviously doing its job eh?
Richard Brunton
18-09-2006
06:58

No, actually it's all down to MoveableTypes anti-spam features which are catching everything - this tool is just to find out where the attacks came from.

To be honest it probably doesn't originate with these people, but their systems may be so lax that others are using their addresses for spamming, or maybe they are the ones to blame. Who knows, but what other action can someone who has been attacked take?

Post a comment


If you haven't left a comment here before, you will need to be approved before your comment will appear. Please be patient.

Search


Recent Posts

Recent Comments

Richard Brunton on Comment spam attack

Simone on Comment spam attack

Filmstalker Latest

Filmstalker

↑ Grab this Headline Animator

Archives

For my Mum

Categories

Site Feed

richardbrunton:BLOG feed
Subscribe to this blog's feed
[What is a feed?]

Subscribe with...

Content License

Creative Commons License
Site Disclaimer


Built using

Movable Type 3.34