Dropsafe

by Alec Muffett

Blog Spammers are geting Tricksy

2006/03/24 10:18:31 GMT

I was just watching my logs, and the following trio of events came in over a period of two seconds:

1143195321 64.151.75.252
GET /dropsafe/articles/news/post20050809161409.comments
PEAR HTTP_Request class ( [pear.php.net] )
1143195322 66.97.174.196
POST /dropsafe/articles/news/post20050809161409.comments
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; MyIE2; Maxthon)
1143195322 64.151.75.252
GET /dropsafe/articles/news/post20050809161409.comments
PEAR HTTP_Request class ( [pear.php.net] )

…so the first one comes in and retreives the page, parses the text boxes and other CGI elements; it passes it to another system on a different IP address which makes a POST (which is incidentally blocked by a text-matching algorithm) – and then the first one comes back to see if it worked.

An admirable amount of coding and synchronising, for something so bent.

⊞

Comments

One response to “Blog Spammers are geting Tricksy”

2006/03/24

acb

re: Blog Spammers are geting Tricksy

They could have been using a botnet.

I noticed that blog spam to my blog was coming in from literally hundreds of IP addresses, with many being used only once. Though installing baffletext/captchas put an end to it.

Reply

Dropsafe

Blog Spammers are geting Tricksy

Comments

One response to “Blog Spammers are geting Tricksy”

Leave a Reply Cancel reply

More posts

UK Government King’s Speech proposes “Cyber ASBO” with obvious risk of scope creep into censorship

Don’t take away our freedom to play games when we want | 38 Degrees

‘Von der Leyen Announces the EU’s New Age Verification App Claiming it is “Completely Anonymous” & users “Cannot be Tracked”’ | …the EU is about to have its ‘Clipper’ moment

From 2019: ‘If there were 5 million “bad people” on Facebook – terrorists, criminals, drug-dealers, whatever – that would be 0.2% of the userbase’