Friday, July 23, 2004

Spammer from .gov

Manni just discovered a pretty upsetting case. There is spam appearing on wikis with a hostname from a .gov address. The spam is for 1stop-cash-advance-payday-loans . com and 1stop-directv-dish-network-satellite-tv . com.

Obviously Manni and I don't think its right to be spamming in the first place, but using government resources to do it is very troubling.

Update 7/28: The spammer in question has apparently stopped and has admitted to spamming to the higher ups. Its nice to see someone taking responsability for their actions. Supposedly this spammer's idea to spam came from Philipp's Nigritude Ultramarine SandBox spamming article. Isn't it nice to see more bad effects comming from that "wonderful" article.

Tuesday, July 20, 2004

Google fighting spam

Google is doing something to fight spam, the fake add click kind. Here is the ZDNet story, Google's fraud squad battles phantom clicks. It doesn't say how exactly, but that is good so the spammers have a harder time working around it.

I posted about this problem way back at the begining of this blog as my 5th post, Slashdot: India's Secret Army Of Online Ad 'Clickers'.

It's nice to see Google is doing something about any kind of spam. With their IPO comming up they really had no choice since advertising is their main source of revenue.

Can a fix for wiki spam from Google be near? I don't think so. That spam isn't actually hurting Google's cash flow so its unlikely we will see any major work to fix spamdexing through vandalizing wikis. Its going to be up to the wiki software designers to implement features to solve wiki spam.

Sunday, July 18, 2004

A Win?

Is this really the end of the Casino Spammer?

Stay tuned for more information.

Update 7/19: The poster was from the right IP address range. I just hope they meant they will stop spamming all together (including wikis and guestbooks) rather than just stop spamming blogs because "it is not optimized to work with those forms." Let us know if you are still seeing new spam for Casino-Online-On-Line.

Tuesday, July 13, 2004

BTD, Cyprus, and DirectedMarket

I found TC Advertising's client list at tcads . net/clients.html:

The contact information for TC Advertising is:

Then I discovered this at tcads . net/services.html:
Seems like there was a connection between my email and all the hits and comment bombing.

DirectedMarket's Reply

I wonder if its why we all the sudden got all those hits from the Casino spammer and friends. I got this reply to my spam complaint to DirectedMarketing dot com about one of their affiliates.If they are as connected as our suspisions make us think they are they already found my site.

Was it really Hakdata?

Not very likely. Manni caught on to that fact before I did. Sorry Hakdata. This was the Casino Online spammer trying to disguise his revenge.

This poster's IP address is:
80.230.158.139

He has been spamming all day with:
80.230.158.117

Thank you Hakdata

Hakdata (actually it was the Casino Spammer in disguise) has gone on a comment bombing spree on my blog so I have had to disable comments. He also defaced a picture of Manni and posted it and submitted links as a spam submission at chongqed.org.

In other retarded spammer news, the Casino spammer read most of chongqed.org today (from IP 80.230.158.117). And then continued spamming.

Update: Turns out it wasn't really Hakdata, it was the Casino spammer in disguise.

Friday, July 09, 2004

Comment and Referrer Spam

MT BlackList is getting hurt by spammers spamming for good domains for the purpose of making the blacklist unusable. Major news sites like washingtonpost.com and cnn.com were being blocked. Article: Blacklisted Comment Spammers Attack Legitimate Domain

Burningbird has a really good post about the MT Blacklist problem, some advice on removing existing comment spam, and preventing future spam. Post: MT Comment Help

From Burningbird's article this link sounds very useful, its a MoveableType plugin that disables commenting on posts more than a set number of days. Since most spam is on pages listed in Google this should really help: Closing comments on old entries.

Typepad's official post about comment spam Fighting Comment/Trackback Spam

A Referrer Log Spamming story at komar.org

And then here is our friend IrishEyes where I discovered the above links:

Thursday, July 08, 2004

More about BeTheDealer

http://www.downloadseries.com/owners/16.html

BeTheDealer
Netherlands Antilles
http://www.bethedealer . com
support@BeTheDealer . com

Someone else upset about the casino on-line spam has done a little research of his own.

Here is some more interesting information from BTDCasino.

BeTheDealer and DirectedMarket

I have done a bunch more casino chongqing today. Be The Dealer Casino appears to be the main site of a casino affiliate program now run from DirectedMarket dot com and/or privatelabelcasino dot com. For more information about BeTheDealer see this article:
Be the Dealer Unvails Its New Private Label Casino Program.

I just wrote this to DirectedMarket and BTDCasino support addresses:
If I get a response, you know I will post it right away. :-)

Casino Online On-Line (part 3)

Well, the casino moron struck POPFile again. That got Manni agitated enough to do some heavy chongqing research to go along with what I have already done in part 1, part 2, and more on this topic.

I am not 100% certain they are connected, but if you click many of the links on the casino-online-on-line site it takes you to an identical looking site at btdcasino.com. And at the top of the page of both sites it says Be The Dealer Casino. There is little useful whois info on either except they were both registered through GoDaddy which could be more than coincidence. Manni did get some possible clues out of the info though.

I suspect casino online on-line a cover for their spamming. Their real domain looks totally legitimate and non-spammy so if their spam url's host gets complaints they can't be directly connected to the real site. Hopefully we can find a way to prove it.

For more evidence I did a diff between the main pages at casino-online-on-line dot com and btdcasino dot com. Its obvious they are trying to cover their tracks. On casino on-line they removed the note about who wrote the javascript, but they used a lot of identical javascript and HTML code between pages.

Both sites have a link to the same install program on the same server from Netherlands Antilles hidden in some javascript:

btdcasino dot com : 193.109.194.162

casino-online-on-line dot com : 63.241.136.201

This is btdcasino's HTTP header:

Here is casino-online-on-line's:

Also take a look at:

Wednesday, July 07, 2004

A bunch of blog spammers

Here are just a small sample of the blog comment spam I just found at craigblog:
upskirt-school dot com
    upskirt school girls
fuckingmachines-fucking-machines dot com
    fucking machines
free-inthevip dot com
    sex vip free
realitysexo dot com
    reality sexo
give-u-the-perfect-mortgage dot com
    give you the perfect mortgage
linkspider dot us
    linkspider links
adult-dvd-dot dot com
    adult dvd
jinlong dot co dot uk
    horse buy news racing bet
waldner-msa dot co dot uk
    order purchase cheapest diet adipex prescription pill phentermine
texasholdem-flip-flop dot com
    texas holdem
casino-gambling dot inforceable dot com
    casino gambling
online-casinos dot go dot ro
    online casinos
1-online-casino-portal dot com
    casino portal
videopoker-online-casino dot com
    video poker online casino
happy-shopping-online dot com
    order 4gb ipod music players
tramadol-ultram dot cjb dot net
    Buy Tramadol
pilldrugs dot com
    Phentermine
buy-generic-viagra-sildenafil-citrate dot com
    Generic Viagra
kontaktanzeigen-bild dot de dot ms
    Kontaktanzeigen
loans dot de dot vu
    loans
buy-discount-cheap-cigarettes-online dot com
    Discount Cigarettes
mms dot gongi dot pl
    dzwonki polifoniczne nokia
waterbeds-dot dot com
    waterbeds
idebtconsolidation dot org
    debt relief


More on Casino Online On-Line

I got a comment about the casino-online-on-line dot com spammer. Thanks to whoever sent it in. I hadn't Googled him yet and had no clue how big this guy is. So far it appears he is not quite as widespread as Mr. Chongqing, but still really bad. His tactics are worse and dumber. I have seen him spam the top of a RecentChanges page. The main difference is Mr. Chongqing won't continue spamming if spammy links are somehow prevented, this guy just keeps going and going. He is a much bigger spammer in the forum / bulitin board area than Mr. Chongqing though. He has been spamming forums at least since December 10, 2003, that was the earliest I saw quicly.

From the anonymous commenter:I wouldn't be that supprised. Many other wiki users believe any heavy spamming is done by automated bots, but after experiencing Mr. Chongqing I am 100% certain that is not the case. Any big time spammer would have some sort of automation, but Mr. Chongqing is certainly human driven. I have not done enough researching of how the casino spammer works, but he/she/they may be human using mostly automated software. He is far more consistant in his spams than I usually see. But as with POPFile he does not notice his spams didn't work. Perhapse his spamming program doesn't even display the page after editing so he never knows when the spam is blocked only from displaying. The POPFile wiki will let him post as many links as he wants, but until they are whitelisted (custom addition by the POPFile author AFAIK) they won't display when viewing the Wiki. From what I have seen in Google the wikis he appear to be going after most are UseModWiki sites.

While I doubt either Casino Online On-Online or Mr. Chongqing are going to pull a Hakdata and close up shop, we will continue to do all we can to hurt their PageRank and get our sites above them in Google for their favorite keywords.

Some more of his hostnames:

Wikipedia Spammer

I just cleaned spam from an in-quito dot com spammer who hit the Wikipedia's blogspam page. Spamming an antispam wiki page is just about as stupid as you can get! And this isn't the first spammer to spam this page.

Some keywords from in-quito dot com's site:
Quito hotels review
vacation resorts deals
Ecuador Quito embassies

Wikipedia 300000

Today after being online for about 3 years Wikipedia reached 300,000 articles. Thanks for the links here and there. :-)

Casino Online On-Line Spam (part 2)

Well, the casino online on-line spammer hit the POPFile Wiki again twice early this morning. Luckily for Manni thats middle of the day so he cleaned the first spam less than an hour after it appeard. Then the spammer noticed his missing spam and respammed the same page which again didn't stay messed up long thanks to Manni. This guy is a real jerk though, not only is he spamming repeatedly he is replacing the entire page with his spam text so its completely unusable. He even leaves www dot casino-online-on-line dot com as the comment of the spam, hoping I guess for a link (which doesn't work).

casino-online-on-line dot com's wikispam text:casino-online-on-line dot com is just a frontpage for btdcasino dot com which stands for Be the Dealer Casino. Some of their keywords are:So far he has spammed us as:

Tuesday, July 06, 2004

More Email Spam News

First we have another fantasy attempt at ending spam, this time by the UN. Its a good fantasy, but it won't work. Computer crimes just aren't delt with seriously enough when someone is caught (which is far too rare if you don't count the RIAA's going after kids and grandmothers). Even a large fine is nothing to a spammer who is making millions off of the small percentage of idiots who buy their crap. Jail time might be a bigger deterant, but for every spammer they catch there will be hundereds to take his place. And compared to drugs and murder cyber crimes aren't taken very seriously because they don't physically hurt people and police forces are often short on manpower and the knowledge to go after cyber crimes.

Well, here is the link I have been babbling about UN takes aim at spam epidemic, and here is the Slashdot coverage.

And now another email spam story, Comcast Port 25 Blocks Result In Less Spam (port 25 is the port outgoing mail is sent on). It is only done when they notice a problem IP address and they try to contact the user first. This is a really good step. I hope they can keep it up, this fix is no fantasy. People are already seeing the results. For lots of discussion about this see Slashdot.

When are people going to wake up and see that email spam is not the only kind of spam? Other than us Wiki and Blog users no one else even knows it exists. And most blogs now prevent comment spamming so its getting less attention now. I wish I had more actual chongqing news to post here, but obviously as connected as Manni and I are to POPFile email spam is of great interest to us too. So thats why you see so much email spam news on our pages.

Casino-Online-On-Line Spam

I should have posted about this guy a week ago, but hadn't found the time yet. Now that he struck again I couldn't put it off any longer. This spammer had struck the POPFile wiki twice already and this morning he hit a bunch of pages. Its obviously an automated spammer since urls are only visible after being whitelisted. If this guy isn't automated he sure is stupid. Even Mr. Chongqing quit bothering us when he realized he couldn't get any links there.

So now its time to talk about online casino gambling on-line and how playing poker and roulette is fun and easy over the internet. As you can probably tell that sentance is just loaded with his keywords. And just in case I haven't used enough of his keywords yet:
For ways of blocking idiots like this see Meatball Wiki: WikiSpam. For fighting back against them, link to our sites with their keywords and let us know about them if we don't have them on the Spammers pages.

For more info on wikispam visit Wikipedia:Spam and c2.com's WikiSpam page.

Monday, July 05, 2004

Spam Articles

Not exactly chongqing, but some related topics:

Saturday, July 03, 2004

Email Spammers Suck Too

I recently started getting a bunch of Delivery Failure and Undeliverable Mail messages for email I am not sending. Some spammer has started spamming with my antispam subdomain at Mailshell. I don't think its retaliation related to having this site, its just coincidence since that address isn't listed here.

I am still trying to figure the best way to deal with it. Mailshell has a way to work around it, but it won't be as convinant to use as before. And it won't do anything to stop the spammer or prevent getting the undeliverable messages, I just wont seem them.

Mailshell definatly makes my life easier. They don't appear to encourage personal users to sign up anymore as the link to sign up is well hidden. Just like other big antispam services are only after the business market now. I am still using only the Free option, which may not exist anymore, when you sign up you are getting a 30 day Premium trial, which I assume turns into the free option afterwards, but I am not sure.