http://wordpress.org/support/ WordPress › Support User Favorites: mickmel en Wed, 25 Nov 2009 23:08:46 +0000 http://wordpress.org/support/topic/217088#post-953560 Mon, 12 Jan 2009 17:12:04 +0000 ehanson 953560@http://wordpress.org/support/ <p>I'm having similar issues, although not from the same IP block. Does anyone know if these problems disappear with version 2.7?</p> <p>thanks </p> http://wordpress.org/support/topic/217088#post-904853 Fri, 21 Nov 2008 18:20:12 +0000 Happyworker 904853@http://wordpress.org/support/ <p>Nope not fishing...just haven't updated my profile in awhile. </p> http://wordpress.org/support/topic/217088#post-904740 Fri, 21 Nov 2008 16:07:20 +0000 ronchicago 904740@http://wordpress.org/support/ <p>since i commented on this post a day or so ago i did put several ip addresses in the blacklist because they are submitting a lot of what looks like trackbacks, not comments. well, i just noticed that they are back today. akismet caught them. does that mean coming from inside? i did look at my db two weeks ago on another issue but did not notice anything while lurking around.</p> <p>also, the last last 2-3 months of spam here most are formatted in a similar fashion = 20-40 links, flush left, one link per line. it does not matter what ip it comes from but the layout suggests same source or copycats.</p> <p>the blacklist thing though is bothersome. </p> http://wordpress.org/support/topic/217088#post-904193 Fri, 21 Nov 2008 01:13:04 +0000 moshu 904193@http://wordpress.org/support/ <p>Hmmm...<br /> The website linked to your profile goes to a "domain for sale" page.<br /> Are you fishing for buyers? </p> http://wordpress.org/support/topic/217088#post-904189 Fri, 21 Nov 2008 01:10:54 +0000 Happyworker 904189@http://wordpress.org/support/ <p>Hi there, not sure if this is the correct place to write this.</p> <p>I just received a comment which is awaiting moderation. According to this comment my site is being used to solicit bank details.<br /> Is this just another spam, or can this really happen? Not sure how to stop this if it is indeed real.<br /> Obviously I don't want this to happen.<br /> Has this happened to anyone else?</p> <p>Cheers </p> http://wordpress.org/support/topic/217088#post-903676 Thu, 20 Nov 2008 15:27:51 +0000 ronchicago 903676@http://wordpress.org/support/ <p>not sure if this is " new " phenom as i have recently turned off my spam blocker on isp. i've given up scrutinizing over all the ip's, which i did in the beginning but became overwhelmed.</p> <p>now i use akismet and quickly scan at least 10-times a day what this plug catches and hit the "delete all." this has proven to be much more efficient.</p> <p>will continue this process until something better / worse develops. </p> http://wordpress.org/support/topic/217088#post-897890 Thu, 13 Nov 2008 16:19:41 +0000 Storyman 897890@http://wordpress.org/support/ <p>Like Doubletake, I've elected to use WP's comment IP blocker even though approval of comment is required.</p> <p>Still, I'd like to know if the person doing this is a genius or lunatic. The purpose eludes me and can only think that if it does have a purpose it is malicious.</p> <p>Any ideas? </p> http://wordpress.org/support/topic/217088#post-897765 Thu, 13 Nov 2008 14:16:22 +0000 cbahm 897765@http://wordpress.org/support/ <p>I noticed this on all three of my blogs over the last couple of days. Glad I've got it set so that I approve all comments! </p> http://wordpress.org/support/topic/217088#post-897526 Thu, 13 Nov 2008 04:53:48 +0000 doubletake 897526@http://wordpress.org/support/ <p>I've just gone over one of my server logs.</p> <p>It's definitely automated as the whole process from the first GET to POST takes just a second or so.</p> <p>Interestingly, there's also another 'random username signup' process originating from within the same IP block (I saw it on <a href="https://www.showmyip.com/?ip=94.102.60.77">94.102.60.77</a> This whole IP range seems to be owned by the same company in the Netherlands.</p> <p>I'm seriously wondering whether I should block the whole range :/</p> <p>I don't like to be too quick to block ranges as legitimate users can be affected. </p> http://wordpress.org/support/topic/217088#post-897515 Thu, 13 Nov 2008 04:35:11 +0000 doubletake 897515@http://wordpress.org/support/ <blockquote><p>I've just gotten hit today (11/12/08) and written this article. I think it's better to block the IP via WordPress built in comment blacklist.</p></blockquote> <p>Ah yes, I'd forgotten the Wordpress has a built-in blacklister.</p> <p>I think it may be a bit more resource intensive to block this way than via htaccess but in this particular case, the hit rate is low and I've elected to use your method. </p> <p>Thanks :) </p> http://wordpress.org/support/topic/217088#post-897446 Thu, 13 Nov 2008 03:04:15 +0000 AldebaranJill 897446@http://wordpress.org/support/ <p>I've just gotten hit today (11/12/08) and written this article. I think it's better to block the IP via WordPress built in comment blacklist.</p> <p><a href="http://aldebaranwebdesign.com/blog/wordpress-comment-spam-from-amsterdam/">http://aldebaranwebdesign.com/blog/wordpress-comment-spam-from-amsterdam/</a></p> <p>J </p> http://wordpress.org/support/topic/217088#post-897384 Thu, 13 Nov 2008 01:29:20 +0000 Storyman 897384@http://wordpress.org/support/ <p>Doubletake,</p> <p>We are on the same page. I'm thinking that they post to every imaginable site, then later search for those identifers left as a comment. Eventually, they will spam all of those sites that posted their comment(s). Still, it doesn't make a lot of sense because they could be spamming while going through this exercise.</p> <p>An alternative is that they are going to sell the list for some nefarious activity. </p> http://wordpress.org/support/topic/217088#post-897366 Thu, 13 Nov 2008 00:52:31 +0000 doubletake 897366@http://wordpress.org/support/ <p>Hi, I'm having the same trouble tonight.</p> <p>It looks very much like some sort of automated 'water testing' kit looking for wordpress sites to which it can automatically post.</p> <p>It doesn't appear very bright, although it posts a hash or random code to presumably identify itself with it's own kit, it doesn't seem to test whether it can post links or not (perhaps they've dreamed up a nefarious use which doesn't involve links?!)</p> <p>In the mean time, all the hit's I'm getting seem to originate from one of three servers on the same range from 94.102.60.151-153 in the Netherlands (so says RIPE)</p> <p>If you want to block them off for now, you can use your .htaccess file for Apache and block 94.102.60.151-153 with a 'Deny' statement but make sure you know what you're doing with htaccess Allow/Deny or you could block the lot ;)</p> <p>That should at least stop this bot posting. I don't think Akismet is going to handle it as all it will get is an apparently random string.</p> <p>It's not going to help much if this starts coming from other servers outside that range though </p> http://wordpress.org/support/topic/217088#post-897331 Thu, 13 Nov 2008 00:03:22 +0000 mickmel 897331@http://wordpress.org/support/ <p>I've been getting a LOT of these today, across virtually all of my sites. I have no idea what's going on... </p> http://wordpress.org/support/topic/217088#post-897317 Wed, 12 Nov 2008 23:38:45 +0000 Storyman 897317@http://wordpress.org/support/ <p>Just received comments on 2 different sites. They each have a different user name and email address, which I'm sure are fakes.</p> <p>IP Addresses:<br /> Site 1) 94.102.60.151<br /> Site 2) 94.102.60.152</p> <p>Messages:<br /> Site 1) zpwb08bg3d254up<br /> Site 2) nmmle0g7hpdjo7h7</p> <p>Are they testing to see if the comments are automatically posted? Or is there some other nefarious purpose </p>