11
clockico
16:59
October '06
Administrator

spamming
0 Comments
Persistent spammer

A blog spammer, has recently been trying to leave its rubbish on this site. Interstingly, each time it was denied, it tries again pretending to be a different user agent, without any repeats.

Access from the same IP address (64.28.178.66) repeatedly tries to access random blog pages, some of which don’t even exist.

Here’s an extract from the log…

64.28.178.66 – - [10/Oct/2006:20:17:50 +0100] “GET /blog/?p=13 HTTP/1.1″ 403 279 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461; SV1; .NET CLR 1.1.4322)”
64.28.178.66 – - [10/Oct/2006:20:37:34 +0100] “GET /blog/?p=21 HTTP/1.1″ 403 279 “-” “Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1″
64.28.178.66 – - [10/Oct/2006:21:52:26 +0100] “GET /blog/?p=6 HTTP/1.1″ 403 279 “-” “EVE-minibrowser/”
64.28.178.66 – - [10/Oct/2006:22:16:38 +0100] “GET /blog/?p=14 HTTP/1.1″ 403 279 “-” “Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/412.7 (KHTML, like Gecko) Safari/412.5″
64.28.178.66 – - [10/Oct/2006:22:22:55 +0100] “GET /blog/?p=11 HTTP/1.1″ 403 279 “-” “Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)”
64.28.178.66 – - [10/Oct/2006:22:53:52 +0100] “GET /blog/?p=34 HTTP/1.1″ 403 279 “-” “Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1)”
64.28.178.66 – - [10/Oct/2006:22:54:48 +0100] “GET /blog/?p=22 HTTP/1.1″ 403 279 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; Maxthon; iOpus-I-M; SV1; .NET CLR 1.1.4322)”
64.28.178.66 – - [11/Oct/2006:00:34:53 +0100] “GET /blog/index.php?p=30 HTTP/1.1″ 403 288 “-” “OmniExplorer_Bot/3.11c (+http://www.omni-explorer.com) WorldIndexer”
64.28.178.66 – - [11/Oct/2006:01:29:30 +0100] “GET /blog/index.php?p=30 HTTP/1.1″ 403 288 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; [eburo v1.3]; .NET CLR 1.1.4322)”
64.28.178.66 – - [11/Oct/2006:01:31:14 +0100] “GET /blog/?p=10 HTTP/1.1″ 403 279 “-” “Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)”
64.28.178.66 – - [11/Oct/2006:03:09:43 +0100] “GET /blog/?p=18 HTTP/1.1″ 403 279 “-” “Mozilla/4.0 (firatnyvr; MSIE 6.0; ; SV1)”
64.28.178.66 – - [11/Oct/2006:04:50:30 +0100] “GET /blog/?p=14 HTTP/1.1″ 403 279 “-” “OmniExplorer_Bot/3.11c (+http://www.omni-explorer.com) WorldIndexer”
64.28.178.66 – - [11/Oct/2006:12:01:03 +0100] “GET /blog/?p=13 HTTP/1.1″ 403 279 “-” “Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041116 Firefox/1.0 (Ubuntu) (Ubuntu package 1.0-2ubuntu3)”
64.28.178.66 – - [11/Oct/2006:12:18:56 +0100] “GET /blog/?p=21 HTTP/1.1″ 403 279 “-” “Mozilla/4.0 (cOsmO&SoNnE; MSIE 6.0; Windows XP)”
64.28.178.66 – - [11/Oct/2006:13:33:53 +0100] “GET /blog/?p=6 HTTP/1.1″ 403 279 “-” “LinkWalker”
64.28.178.66 – - [11/Oct/2006:13:57:28 +0100] “GET /blog/?p=14 HTTP/1.1″ 403 279 “-” “Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)”
64.28.178.66 – - [11/Oct/2006:14:04:21 +0100] “GET /blog/?p=11 HTTP/1.1″ 403 279 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firechicken/1.0″
64.28.178.66 – - [11/Oct/2006:16:39:33 +0100] “GET /blog/?p=2 HTTP/1.1″ 403 279 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1″

Does anyone know anything about this outfit?



 
RSS feed for comments on this post.
TrackBack URL


Write a comment

You need tologin.