Just when you throught comment spam could not get any worse, I get this posted to my site today a couple times with some minor variations (and with a link that I will not be repeating):
here is a free tip:
if you don't know what you are talking about don't post online.
I'm sorry I don't buy this, but this is how I feel.
What the hell is this crap? Blatant advertising is one thing. Semi-blantant advertising while masquerading as a jerk is even worse.
; "Feed Stats Widget")
; "Google Referrer")
; "MediaConsumer Template Output")
; "MediaConsumer List Items")
; "MediaConsumer Edit Item")
; "mt-qotd.png")
; "Vox-qotd.png")
Were all of yours from 212.179.199.5 as well? Looks like we have cause to alert people -- I was hit twice and Feedster shows a few others were hit too, and since the message is almost identical and I'll bet the URL too (in the one's I got, the URL didn't resolve, so Verisign picks it up)
And no, I don't see the value except for one thing: As a marker. I have heard that spammers who find open comment blogs will leave a marker that can be found with a subsequent search (Feester?) and that may explain why the previous blog-comment spam I've received always goes to the same three blog posts. I used to edit their comments to remove the URLs and then ridicule them, but maybe this is a mistake, maybe they just want that highly recognizable string to stay there so they can find it later ... or (as I believe is the case today) where robots can find them.
I got another today, simply some guy's name "rules" with a link to the same name dot com, nothing more, and that link was bogus as was the name@aol ... it must be some sort of marker they are leaving to bootstrap some other planned deployment. That's the only explanation I can think of that makes sense.
I got one with the same exact wording 2 days ago from IP 212.179.199.5. I have been adding these to my MovableType banned IP list, but would not be surprised if they are spoofed or IPs change with different ISP connections.
It would not be hard for some fiend to write a script to blast multiple blogs with this stuff if they can discern the patterns of the comments posting CGIs.
See:
http://www.jayallen.org/journey/2003/09/killing_comment_spam_for_dummies
I came up with this sort-of solution - basically you rename you mt-comments.cgi file so that it can't be automatically hit by a bot that sends POST requests to a random entry number whenever it encounters said file.
a friend's blog got the exact same message on two different entries yesterday. she was a little offended. i'm glad i can tell her it's nothing personal; just some weird spam. i went ahead and setup the closecomments script though. we figured that was better than leaving all those entries open.
yep, got the same comment, twice. on absolutely ancient (i.e. almost a year old!) entries.
same IP address.
the commenter's email seems to work, so far. i sent a test message to say i have removed his comments ... we'll see what new fiendish behavior this brings! if any.
got the same thing - what gives.. I was totally confused because the comment was on a post recommending an HTML tool so the comment made no sense... Didn't get the point... even wierder now...
Oooooh, I thought it was really somebody being rude, as it kinda made sense in the context of the post. Now I feel silly for being so guillible and feeling offended. LOL!
Rock on and power to the people! After our talk the other day I got hit five or six more times with this comment spam crap. That's a new project somebody should take on, creating a major list of comment offenders' IP addresses so others could just cut and paste the list into their config. in MT.
I got the EXACT same worded comment on my blog on a post about adware recently ..hrmm.
I have an entry with comments that I use as a guestbook on my blog which has also been getting hit. Similar kind of thing, although the sites they link to vary (always commercial sites tho, sometimes porn, sometimes credit companies etc). The three that hit today were from IP 200.12.238.168
Great comments guys. Peter FDA
Wow, and here I thought it was aimed at me. This exact comment was left on my site had me real confused!! I didn't really understand it since it was a reply to my laughing about a commercial on TV.
I moderate all my comments, so it never reached the site at least. Glad to know it wasn't aimed at me, but is just some moron trolling for attention *laughs*
I got one with the same exact wording 2 days ago from IP 212.179.199.5. I have been adding these to my MovableType banned IP list, but would not be surprised if they are spoofed or IPs change with different ISP connections.
It would not be hard for some fiend to write a script to blast multiple