Skip to content. | Skip to navigation

Sections
You are here: Home thumper The Stupidity of Spammers
Personal tools
  • Log in
Document Actions
03 Oct 2007

The Stupidity of Spammers

Category(s)
Internet Internet
Ubuntu Ubuntu
Programming & Web Dev Programming & Web Dev

Had a situation pop up today at work. Spammers started to target (at a stupid hour in the morning) one of our customers' servers with referral spam. That is, they try and get their website's links into our logs.

Cue 9 hours later, I get in work, and one of our servers is complaining (seperate issue). Sort of fix that, to get a call "Our server is really slow."

So, go through the motions. Load on the server: 0.50 (for windows guys, think of it as the amount of spare thinking time the computer has, when load hits 1, its running at full capacity, when it goes above 1, it is having to make some tasks wait to run.)
Nothing wrong there.

Ping the server. 20ms response time. Nothing wrong there.

Remember that we installed ntop on a couple of servers a while back, and that this one should have it on as well. Load up the traffic graph. Wooo! Steady incoming traffic of ~2Mbps (~600kB/s).

Check the Apache server-status page. See stuff like this:

88.232.13.34 customerDomain.com GET hxxp://thecric.free.fr/AZenv/azenv.php HTTP/1.0

Referral spamming. See the ever useful wikipedia: http://en.wikipedia.org/wiki/Referer_spam

This is not the first time it has happened, so pull out our trusty tool for dealing with this (blacklist  program and log-scanning tool), and start playing wack-an-ip-address with the spammers. (Blacklisting their IP: no traffic at all will get to the webserver from that ip address.)

Fun.. so, LOTS of IP addresses later, traffic on the server is back to normal.

'So' I hear you ask, 'where does the stupidity come in?'


The server they attacked, is not public-facing. There are no fancy websites for you to visit. No content to be of any use to you. It is a corporate-tool hosting server. The referral statistics are not public. The spammers just wasted their time, and mine. With the sheer number of computers that decided to poke at us, it has to be infected computers in a bot-net.

Still, I like playing wack-a-spammy-ip. It's fun ^^, and the IP addresses can hopefully be used to stop these muppets from hitting our server again.
« January 2009 »
Su Mo Tu We Th Fr Sa
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
Recent entries
Move Pending 27 Apr
General Update Ramble 25 Apr
Centos 09 Apr
Away 04 Apr
Redunancy 03 Apr
Life, Earth and Philoso 29 Mar
Handy Gedit Features. 01 Mar
Duracell batteries
Buy duracell batteries from the UK's leader! Fantastic range of batteries! Masses of sizes and brands. Free delivery on orders over £25!		 Web Site Builder
Are you a small business looking for a flexible and catchy website? Our web site builder is the ideal tool! See what we can do for you!		 Computer Support
Find helpful IT support at affordable rates. You don't have to pay more!
About this blog
Kirrus's web log about web design, the internet, linux/ubuntu, plone, and life in general.
 
(no ads)
Duracell batteries
Buy duracell batteries from the UK's leader! Fantastic range of batteries! Masses of sizes and brands. Free delivery on orders over £25!		Web Site Builder
Are you a small business looking for a flexible and catchy website? Our web site builder is the ideal tool! See what we can do for you!		Computer Support
Find helpful IT support at affordable rates. You don't have to pay more!