Spamming Bastards: Part Deux



My spam Blocklist has been slowly growing since I created it in order to stem the tide of comment spam coming from Nobis/Ubiquity Server-owned address blocks. Ultimately I made the choice to block all the netblocks that they had allocated from ARIN and that seemed to have worked, up until today when I started getting comment spam from some brand new Nobis/Ubiquity addresses.

It would seem that they’ve got themselves a netblock from RIPE and started using that for spamming as well; the range in question is 176.31.50.64/27 but given their apparent dedication to illegal activity, it wouldn’t surprise me if others start popping up here and there as well. Thankfully, the relative scarcity of available IPv4 blocks is making it much tougher for these spamming fuckers to evade blocking mechanisms without resorting to botnets.

That said, when you’re getting more than 10 times as many spam comments as legitimate ones, it doesn’t exactly fill you with confidence that we’ll ever get a real handle on the problem.

4 Replies to “Spamming Bastards: Part Deux”

  1. This same phenomena, (pinging?), has beset Red Pill Media as well in the past few days. We are a non-commercial, News commentary site. It would be a shame to block all legitimate commentary as this helps drive traffic.

    Is there any way of finding out who NOBIS Tech fronts for? The registrant is Clint Chapman. We suspect these attacks may be part of the Pentagon’s documented Road Map scheme; full spectrum dominance attack dogs.

    1. Best I can tell they’re just a hosting company with a very lax attitude towards dealing with spammers. Blacklisting their netblocks shouldn’t cause you too many issues as most legitimate traffic will be coming from residential netblocks.

  2. I’ve found enormous success with the G.A.S.P. plugin. If the hidden “email” field is filled, WordPress generates a 500 error code and the comment is discarded. The only caveat is that you have to check the box that says “I am not a spammer”.

    I use a script which retrieves the IP addresses from the access log for two days, which I then “array_unique” and compile into a “forbidden” file – I use NginX vs. Apache, but the same thing can be done with .htaccess file. I only consider it necessary to reduce the bandwidth usage.

    I’m not using any other spam plugins, not even Akismet anymore. The only comment spam I get now is from human spammers. I get over 2000 unique visitors per day and probably about 10 human spams a day (and half of those are simply because they’re using keywords as the author name).

    Every Ubiquity spam bot ends up on my list, along with Hostnoc and many more.

Leave a Reply

Your email address will not be published. Required fields are marked *