For those of you who actually look at who is using your blog to make more money from your blog than you do, and who noticed the twinky-dot-org comment-spam (in the extended entry) its has three interesting properties: All 31 names were purchased from Moniker, and all on 13.01.05, and all resolve to 161.58.59.8 (a box in a wee customer cage in a bigger customer cage in Verio's LA colo facility), which is also the nameservers for every one of the domains, which is about as obvious in the names-and-hosting trade as hitting your thumb with a hammer, 31 times in succession, quickly.
The writers (insertion engines that blacklists bother with) that I see (sample size of 13) are in India, Hungery, Spain, Columbia, and so on. A bunch of M$ boxen like the one you are reading this from (for high confidence values of "you"). So they're not important, or rather, can't be fixed until the End Days or M$ moves to a new population of hosts, having wiped out this one, say on Mars. If you want to know how the write-side is done, the sale of 'bots is a commercial (criminal) activity. How "criminal" it is you can judge for yourselves. The EFF BEE EYE is more likely to knock on our door for failure to admire W than to ask us to do paid work for the prosecution of malfunction-for-pay.
Moniker is the culprit of the day (there are others), and Verio is running second in the culpability races.
If you buy or renew with Moniker, you are doing your part to make comment spam a way of life. I'm waiting for Verio to tell me they've turned off the power to the box.
Then there is the bigger question. We all know that dozens of search engines scour our sites, and that the purpose of jamming spam in comments weeks behind the "present" is so that they will be harvested by the search engines, and like Technoratii's ranking of our social relationships, rank some penis enlarger or casino or drug (a lot less socially useful than non-medical marijuana ) above ... legitimate paid advertizing for similar dreck, or things people who aren't insane actually want, because of all the dreck that has been jammed into our archives.
So, should we as a body of bloggers ban these indexing parasites, who account for a quarter of everyone's bandwidth costs, until they cease to provide the critical "lift" for comment spammers?
Click on "comments" and say your piece before viagra and pacific casinos and texas holdem beat you to it.
Verio has replied. They are going to treat it as an AUP violation. I'm going to invoice for the clean up.
"@" = a, "3" = "e", "1" = "i" and "0" = "o"
@ns@r-u-d33n-dot-org
@tl@nt@2000-dot-org
@z1@n-dot-org
c@s1no3qu1pm3nts@l3s@ndr3nt@l-dot-com
c@tch@th13f-dot-org
d3v1lofn1ghts-dot-org
h@ssl3r3nt3rpr1s3s-dot-org
hd1c-dot-org
hom3t3@m1nsp3ct1on-dot-org
1ngy3nsms-dot-org
kr@nt@s-dot-org
lvcp@-dot-org
m@rsh@lly@chts-dot-org
m1ddl3c@y-dot-org
mor-l1t3-dot-org
n3hrucoll3g3-dot-org
n3w31ghw3b-dot-org
p@g3two-dot-org
p@r@mounts33df@rms-dot-org
p@rkv13wsocc3r-dot-org
psych3x@ms-dot-org
r3s3rv3d1n1ng-dot-org
r3thy@ssoc1@t3s-dot-org
r1fp-dot-org
sport1ngcolors-dot-org
stor13s-on-cd-dot-org
suttonj@m3s-dot-org
tcl1ght1ng-dot-org
t3@mb3ck-dot-org
t3cr3p-1nc-dot-org
tw1nky-dot-org
Well, I am not included in the "you" using Windows boxes right now, as I'm logged into a Linux system.
However, I detest these spammers as well. My WordPress system has been getting hit more and more lately, but not as bad as those running Movable Type from what I've heard...
My blacklist plugin seems to work pretty well, so I'm content to stick with simply using it for the time being.
Posted by: Forrest at January 14, 2005 01:26 PMSee "for high confidence value of you", above ;-) The Koufax M$ bloggers are 90% or more of the total. I'll post stats when this is all done.
You're content because you've a working mechanism. Fine. It is possible that Barry's problem with Alas was that when a 100+ node insertion gang (I logged several of these that attacked Alas) interacted with his BL mechanism (MT's not WP), the resulting 100+ simultanious invocations of perl, which took down (well, to be precise, ran the load average up well over 100, making resposiveness ... not) Alas and Wampum and the other vhosted static and dynamic websites common to all the Apache instances on the physical SMP box "agaskwa", was because he was attempting to block writers.
There are lots of ways to reduce the window of vulnerability. No comments. Comments only for a fixed period of time. Interarrival blocks to prevent a single source from jamming (but see today's data, multiple writers and carefully no archive got more than one insert), content filtering, queued publishing conditional upon human eyeballs, no urls in comments (which kind of defeats the purpose of social links), even whitelists (my adoring friends whom I trust, until they are turned by the hack-o-the-day into the Devil's Instruments.
How well do these scale when the number of insert nodes is actually a very large number?
The whole scheme runs off of ranking, so kneecapping the searchengine operators scales. But it depends on ... you ... being ... convinced ... by ... me (or life).
Posted by: Eric at January 14, 2005 02:08 PM[deleted. use your muzak.com address to play stupid. ebw]
Posted by: Yosef at January 14, 2005 03:46 PMug, they hit my server over the past week as well. i've got buds who work at verio if you need to, er, escalate your request.
Posted by: anna at January 14, 2005 08:25 PMThere is someone/are some people in Roumania who are apparently under the impression that Google pays a great deal more attention to me than they actually do.
On the other hand, the Texas Hold'em guys don't seem to think I'm a good market.
Posted by: julia at January 15, 2005 03:48 AMI've sent an e-mail to Verio for the same reason also. More here:
http://www.annelisabeth.com/blog/archives/000153.html
I'll keep on clickin' until my keys are stickin'.
--Rev. A. D. Bea, Church of the Nude Life.