Interestingly enough, someone decided to blog spam me again. This is interesting, because, as I’ve noted before, I have no traffic, which makes it pointless. However, what it did show me is that blog spamming technology is constantly evolving.

Who did the attack? It’s not really important, but here’s the cursory information on the domains spammed:

e-leave
Yukkii (yukkikunikkennen@yahoo.com)
3 Connell Dr.
Berkeley Heights
NY,07922
US
Tel. +1.9082342243

Inna Fridman (FHPAY) gazelhofman@yahoo.com
SilverStar
bolshaya nikitskaya 23
Moscow, RU 52333
Russian Federation
Phone: (095)2917979 x

Was it actually these people who did the spamming? It’s unclear. It might be random spam, or then again, it might be a “screw you” for my previous comments.

What’s interesting is the evolution of attacks. Previously, attacks had been simple: someone would post about their product, and that was that. Easy to track down.

What’s happening now is that random phrases are being used for message comments. Why is this different? It’s not as easily perceived to be a spam message, and it boost relevance ratings in Google. It *appears* to be a valid post, and hence, it seems to have additional credence.

Also, while before posts came from one IP, this one came from at least 28 different IPs. Not all of them reverse-mapped, but the following did:

psalliote.ens.fr
atlantis.eece.unm.edu
nmr500.unl.edu
debian.lhi.is
btcpx8.che.uni-bayreuth.de
trshare.triumf.ca
templa.lnk.telstra.net
194-106-154-19.customer.eircom.net
haruka.tail.gr.jp
mail.tcp-bv.nl
h.orsn-servers.net
www.pfungstadt.de
ns1.ruffdogs.com
h-67-102-112-87.snvacaid.covad.net
cpe.atm0-0-0-1761165.0×50a4c7da.boanxx4.customer.tele.dk
s005.nl.envida.net

A quick look at the countries of these IPs shows they came from Australia, Canada, Switzerland, Germany, Denmark, France, Indonesia, Ireland, Iceland, Italy, Japan, Malaysia, Netherlands, Russian Federation, Taiwan, and the United States. Since the attack seems to be from one perpetrator, but came from several different IPs spread across several different countries, I figure either a) they set up a coordinated attack as a group with others; b) they’re doing some rather broadband and impressive IP spoofing; or more likely, c) these computers have been hacked. The IPs listed above appear to be in many cases (if not all cases) UNIX machines. (If you’re the administrator of one of the above, you might want to do a security audit!)

So now, not only are hacked machines used to send spam. Now they’re used to post to web pages. Strange.

The attack on my blog was very minor. It left a lot of room for improvement, but I can see how it’s only a matter of time before that gets locked down. Interesting times. Considering how ineffective the war on spam has been, can the war on blog spam be any more successful? How long before blog spam is even considered an issue? Only time will tell, but considering the ineffectiveness of the war on spam, I’m not optimistic.