The latest spammer scam: sophisticated comment abuse

Over the past few days I’ve noticed a pattern: four new comments on my weblog for which I did not receive a notification. When I checked the comments, they were completely unrelated to the post on which they’d been made and had websites which seemed like larger, general interest ones. One on Macs and one on Linux. Odd. I did what I always do – ripped out the URL so they won’t get any Google love from being linked to – and blocked the IP from future comments.

Tonight’s was different. Now they’re trying to take on a blogger’s identity. Look at this comment. The bracketed part is my comment on the comment. Notice the URL – “bllogspot”. I looked at that domain and it redirects to the real blogspot.com. But stuarthughes dot bllogspot doesn’t; it looks, on the surface just like stuarthughes.blogspot.com. Until you view source. There is the text for a page promoting a bunch of beastiality sites which I’m sure they’re hoping will rise in Google’s rankings due to being “linked to” from a blog.

So why doesn’t the regular visitor see that text? Because they’re drawing Stu’s site in right on top of it with Javascript and, if I read this rightly, storing the text of Stu’s site encrypted and then unencrypting it on the fly when the page is drawn. Maybe they do this to prevent those terms being indexed?

Who’s doing this? Well, that’s easy to figure out, up to a point. bllogspot dot com is hosted by 3FN dot net who are in Malta. If anyone knows anyone in Malta and if 3FN are a legitimate company, someone might suggest to them they should clean up their act. That IPO could buy Google a lot of lawyer time and they are infringing on copywritten material and a trademark, as well as soiling Google’s well.

And who’s behind the linked sites? Whois says it’s
Registrant:
Crutop
Alexander Morozov (webmaster@se-traf.com)
Volgogradsky prospekt, 16
Moscow
null,126003
RU
Tel. +1.4156656387

and

Registrant Contact:
Fethard
Andrey Shchegolikhin (dyakon@pisem.net)
1-800-342-6424
Fax: none
Servibox, buzon N 442,
Patrisio Ferrandiz 40
Denia, NA 03700
ES

[Actually posted on Sunday, May 23rd, after my blog-software-producing pals had a chance to respond to the scam]

Published by

dinahsanders

Author. Discardian. Defender of life, liberty, & the pursuit of happiness. she/her

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s