I have a theory, but I need some folks to verify it.
I suspect the scum who spam Movable Type blogs have a large distributed network of pwn3d zombie Windoze boxen that they use for the task. I’ve seen runs of as many as 20 or 30 straight MT-Blacklist entries in the activity log that are all denying the same string, maybe two seconds apart, all from different IP addresses (or at least very little IP duplication). I can’t imagine there are this many people who have nothing better to do with their time and are smart enough to organise such a high level of coordination.
Can anyone back up this theory? I suppose I could investigate the Web server logs for more information in the interim, but if anyone has any ideas, let me know below.
Probably not. Last I checked, the spamscript of choice used a series of open proxies and round-robinned between them.
Not that an open proxy wouldn’t also be a spamzombie, but there are a lot of irresponsible folks out there.
Thanks for signing in, . Now you can comment. (sign out)
(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)