I have a theory, but I need some folks to verify it.
I suspect the scum who spam Movable Type blogs have a large distributed network of pwn3d zombie Windoze boxen that they use for the task. I’ve seen runs of as many as 20 or 30 straight MT-Blacklist entries in the activity log that are all denying the same string, maybe two seconds apart, all from different IP addresses (or at least very little IP duplication). I can’t imagine there are this many people who have nothing better to do with their time and are smart enough to organise such a high level of coordination.
Can anyone back up this theory? I suppose I could investigate the Web server logs for more information in the interim, but if anyone has any ideas, let me know below.
Probably not. Last I checked, the spamscript of choice used a series of open proxies and round-robinned between them.
Not that an open proxy wouldn’t also be a spamzombie, but there are a lot of irresponsible folks out there.