Stupid Russian Blog Spammers Still Wasting Their Time
"Stupid Russian Blog Spammers Still Wasting Their Time" makes for a catchy, surreal title, but it's true. The same country that produced the brilliant criminal masterminds behind the Storm and Grisbi Worms has also produced some of the stupidest blog spammers to ever set finger to keyboard!
Let me explain what I am referring to regarding stupid blog spammers. First of all, look up in the upper right corner of this blog, just under the Google search field. Here's what it says in capital letters: "SORRY: NO COMMENTS, NO TRACKBACKS!" That should be self explanatory to almost anybody who can read English words, including people intent on spamming a blog such as this one, using English words. You know the crap I'm talking about; links to buy unlicensed or illegal drugs or herbal solutions, to cure "ED" or enlarge one's "natural size." When I first started this blog I did allow trackbacks and comments and that is what I was getting submitted, all in English and all traced to Russian and Ukrainian IP addresses.
As soon as I realized that only blog spammers were trying to comment on my blog I decided to disable the codes and modules that allowed comments and trackbacks. Still, these idiots in Russia and the Ukraine continued trying to POST comments and trackbacks to the now disabled modules that used to handle those functions. This led me to write three articles about these incidents, during the spring and summer of 2007. Their names and links to them are as follows:
- Stupid Blog Trackback Spammers Don't Understand Server 403 Responses
- Russian and Ukrainian Blog Spammers are STUPID!
- Blog spammers still wasting their time tying to spam this unspammable blog
I wrote those articles about a year ago, yet, I still see daily access log entries being blocked with server 403 responses, belonging to Russian IP addresses trying to POST spam comments or Trackbacks to this blog. It is obvious that these spammers are using scripts, but, being stupid spammers they don't bother to verify if those scripts are being allowed to complete their submissions, or check my blog to see if their comments were even posted. I'll bet somebody is paying these idiots to send blog spam for them and they are ripping off the guys with the money. If my blog is any indication of their lack of any level of intelligence, then I am guessing that they are having a similar lack of success trying to spam your blogs. Still, some of their attempts may work on unsecured servers.
Anyway, insults to the enemy aside (it feels good though!), I never see the comments they are typing, just an access log entry containing a 403 Forbidden, or 302 redirect back to their own websites (lol). My Apache-based, shared-hosting web server is protected with a custom ".htaccess" file that contains my entire, now-famous, "Russian Blocklist!" Many webmasters are using this blocklist to keep Russian and Turkish spammers and hackers from accessing their web sites.
If your web site and blog is hosted on a shared Apache/Linux based web server and you want to block access to IP addresses in the former Soviet Union and Turkey, just download my Russian .Htaccess Blocklist and either use it as your new .htaccess file, or merge the "deny from" list into your existing .htaccess. Full instructions are included on my .htaccess blocklists landing page and on each blocklist page. The landing page has links to all of my existing .htaccess IP blocklists (Chinese, Nigerian, Russian and Exploited Servers), as well as my iptables Linux firewall blocklist equivalents.
An actual access log entry and codes you can use to block web site access to these people, are in my extended content.
Take 10% Off 1 year of Trend Micro Internet Security 2009 - Use Coupon Code: TrendIS
Here, for the immediate protection of your blogs, is the IP address of this latest Russian blog spammer, whom I am redirecting back to his own Russian server (he-he), which laughably is a password protected login page requiring his credentials to access it (results in a 401 Authorization Required error):
82.146.58.235 - - [06/Jul/2008:23:15:03 -0600] "POST /blogs/2007/08/stupid_blog_trackback_spammers_dont_understa.html HTTP/1.1" 302 763 "-" "-"
.htaccess block rule:
order deny,allow
<Files *>
deny from 82.146.58.235
# other deny from IPs
</Files>
Better yet, let's block his entire ISP; "ISPsystem-RU at CORBINA," using their CIDR:
order deny,allow
<Files *>
deny from 82.146.56.0/21
# other deny from IPs
</Files>
These rules deny HTTP or https access to all files and folders on an Apache hosted web site, to all IP addresses encompassed by multiple individual IPs, or CIDRs.
Here is my .htaccess mod_rewrite rule to redirect blog spammers back to their own IP address:
RewriteCond %{THE_REQUEST} ^POST\ /blogs/.+
RewriteRule (.*) http://%{REMOTE_ADDR} [L]
To block access to ALL services, including ftp, ssh and email, you must have administrator access to the Linux operating system. If you have root access you can apply my iptables blocklists to the APF.
Spyware Doctor is a multi-award winning spyware removal utility that detects, removes and protects your PC from thousands of potential spyware, adware, Trojans, keyloggers, spybots and tracking threats.
Spyware Doctor is fully capable of detecting and removing hidden processes associated with complex threats and rootkits. Such threats are otherwise difficult to remove by conventional means since they may be hidden to the operating system.
A Startup Scanner removes references to malicious programs that run at startup in the registry and Windows startup files, as well as malicious files in Windows startup locations.
State-of-the-art scanning engines, including file scan, memory scan, registry scan, browser helper objects scan, cookie scan and much more.
