Friday, November 14, 2008

Comments are re-enabled after I identify the spammers' IP addresses

I had 41,000 spam comments in my photo gallery. I had thousands of unpublished spams on my blog here. Spam comments were showing up as valid keywords attracting traffic on Google searches. So a couple of weeks ago, I shut down commenting in MovableType. It turns out that one other problem, mt.cgi consuming 2 G of RAM and all my processor time, was a separate issue. ImageMagick is NOT optional in MT 4.2. I had installed it, but MT couldn't find it. Thus an infinite loop consumed all my resources through our favorite cgi-bin, mt.cgi. Fixed that, but what about comments?

I didn't think Gallery was popular enough to be targeted by automated scripts. I thought CAPTCHAs could stop them. I was quite wrong. I upgrade Gallery to 2.3 and got me a WordPress API key for Akismet, which I'm now using in MT and Gallery.

I also looked at my logs, and found that 99% of my Gallery spam comments came from a limited set of IPs. Since I started blocking them at the firewall, I've seen 13,000 attempted hits from them. Here they are. If you're running Gallery, ban them now.

91.121.108.25

91.121.110.118

91.121.111.27

91.121.111.28

91.121.120.173

91.121.143.168

91.121.169.207

91.121.179.28

91.121.71.155

91.121.81.48.3

91.121.81.48.5

91.121.84.162


Posted by at
Labels: , ,

2 comments:

  1. larryDecember 1, 2008 at 3:18 AM

    Update: these comment spambots have now attempted to connect 144,543 times, and show no sign of giving up.

    ReplyDelete
  2. LarryMarch 20, 2009 at 5:16 PM

    So I missed one of these IPs, and now I just block all of 91.121.0.0/16.

    ReplyDelete

Subscribe to: Post Comments (Atom)