Blog-Spamming Scum

I have a theory, but I need some folks to verify it.

I suspect the scum who spam Movable Type blogs have a large distributed network of pwn3d zombie Windoze boxen that they use for the task. I’ve seen runs of as many as 20 or 30 straight MT-Blacklist entries in the activity log that are all denying the same string, maybe two seconds apart, all from different IP addresses (or at least very little IP duplication). I can’t imagine there are this many people who have nothing better to do with their time and are smart enough to organise such a high level of coordination.

Can anyone back up this theory? I suppose I could investigate the Web server logs for more information in the interim, but if anyone has any ideas, let me know below.

posted by Chris on 05 August 2004 at 0008 in computing

Trackbacks

TrackBack URL for this entry:
http://chrislawson.net/blog/t.pl/236
 

Comment by Raena Armitage

Probably not. Last I checked, the spamscript of choice used a series of open proxies and round-robinned between them.

Not that an open proxy wouldn’t also be a spamzombie, but there are a lot of irresponsible folks out there.

posted at 0008 on 05 August 2004

Post a Comment

Thanks for signing in, . Now you can comment. (sign out)

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


Remember me?