A steady change in the source of blog comment spam attempts
Wandering Thoughts has been in operation for long enough that I've been able to observe a slow shift in the sources of comment spam attempts over the years. Roughly speaking (and relying on a fallible memory), in the beginning much of the comment spam attempts came from what appeared to be open proxies or otherwise compromised machines, to the point where I tried using DNS blocklists like the CBL and SBL as defenses (which didn't work out in the end). Then, at least as I perceived it, the comment spam sources largely shifted to dodgy foreign hosting providers broadly located where you'd expect them to be (Eastern Europe, Russia, and China). And then lately the majority of the still-unblocked sources have shifted to US based hosting providers and datacenters.
At the moment, the largest group of sources seem to emerge from IP address space assigned to 'DataShack LC' and 'WholeSale Internet, Inc'. Where sub-delegation information is readily accessible through whois, the specific IP addresses appear to have been delegated in very small slices to entities that appear to be Chinese based on their names; a typical example is 188.8.131.52, currently assigned to 'Zhou Pizhong' via 184.108.40.206/29. The IP addresses almost never have reverse DNS information available.
For a long time I've been reluctant to explicitly block US hosting providers, for various reasons. I've now decided that that's over for me; large netblocks for these persistent sources are now going in my blocks. Hopefully it will never affect someone using a VPN (or a personal cloud Unix machine) to try to leave a legitimate comment here.
One of several reasons that this depresses me is that it implies that being a source of repeated persistent comment spamming is no longer enough to get people terminated from even US-based hosting (if it ever was). Or at least from second-tier US hosting, since I still don't see much or any comment spam attempts from the large but inexpensive providers like AWS, Linode, and so on.
(I noticed part of this shift to hosting providers a couple of years ago, but back then it was mostly to European hosting providers and many of them were in dodgy areas.)
PS: Mind you, some of this apparent shift in comment spam sources turns out to be a bit illusory. My very first spam comment came from a US hosting provider, as did a lot of sources from a big incident early on. And I haven't kept any sort of records over the years, or even often tried particularly hard to identify the sources and keep notes. The most extensive sort of 'notes' I have are all of the various network areas I've blocked from leaving comments because their volume of comment attempts irritated me, and that's not exactly a scientific process.
Comments on this page:Written on 21 December 2014.