Another trackback spam storm overnight….

All of the the swarms of trackback spam seemed to last an hour give or take a few minutes, so it does look kind of like “rent-a-bot” activity, lots of different IP addresses, trackback spam sites seem to have a common theme – the last batch was insurance type sites…. a sampling of about three or four found that they were all cloaked redirects for the same site/page …. ALL are registered with and all the insurance related domains being spammed (that I checked) redirect to the site above which is registered to a “Bill Bilton” whose email is given as bill at ….

Interestingly…,, and
which were some of the names used (with subdomains a plenty), had either or email addresses as tecnical contacts… looking up THOSE domains led to, (from and finally had emails as the contact information. seems to be the “lowest common denominator” that all roads lead to… Curtis Joe curtis_joe at
Mancill Rd
Phone: +1.8993488105

The address does not seem legit (at least running it through google), but… it does turn up other stories of the same type swarm..

And that’s just looking at one of the three trackback spam swarms over the last 24 hours. If I have time I may look into the casino spam if I still have some samples…. I forget what the first batch was now.


Just after I posted, I thought I’d better go ahead and look before the casino spam got pushed off the list and into oblivion….

So, it looks like the casino spam subdomains aren’t necessarily cloaked redirects, but slightly different look for each “doorway” subdomain. I just sampled two, so I don’t know about ALL of it… anyway… here’s one domain, that was registered with surprise – moniker what a small world. Anyway, the administrative/technical contacts list team-support-24× (hmm… someone really likes -support- domains…) Well WHAT a coincidence…. team-support-24× lists as it’s administrative contact and email address at now this is just too much…. Checking out which is another of the spammed domains… low and behold their contact emails are at as well. (Which if I recall has for it’s contact information.) Seems like all roads lead to Now their web site announces that it has been registered at and is “coming soon”.

I just can’t wait to see wait useful and interesting products and services they’ll have. Judging by this google search for spam, I don’t think I’m the only one to have discovered their “services”.

While looking through the google results, I found a couple interesting “war against spam posts. Also, there’s this outing spammers post which helps put a name to the bulgarian twin spammers responsible. (You just can’t make this stuff up….) Iavor Zahariev and and Todor Zahariev. Spamhuntress has some evasive techniques… apparently they’ve used open proxies. Here’s a page with LOTS of history on the duo…

And as I check the logs I see I’m in the midst of another swarm… They still seem to be on the insurance kick and spam filtering still seems to be working quite well. Here are a couple of log entries covering about a minutes worth of the swarm… - - [18/May/2006:09:57:47 -0600] "POST /2005/07/25/daylight-savings-changes-in-the-works/trackback HTTP/1.1" 200 90 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; NetCaptor 6.5.0RC1)" - - [18/May/2006:09:58:32 -0600] "POST /2005/08/22/the-passing-of-dr-bob-moog/trackback HTTP/1.0" 200 78 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Maxthon)" - - [18/May/2006:09:58:53 -0600] "POST /2005/08/24/more-on-wireless-networking-security/trackback HTTP/1.0" 200 78 "-" "Mozilla/4.0 (compatible; MSIE 4.01; Mac_PowerPC)" - - [18/May/2006:09:58:54 -0600] "POST /2005/07/25/trademark-issue-over-microsoft-vista/trackback HTTP/1.1" 200 91 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; iOpus-I-M)" - - [18/May/2006:09:58:54 -0600] "POST /2005/08/15/dhsus-certnist-launches-nvd/trackback HTTP/1.0" 200 79 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; iRider 2.21.1108; FDM)"

A sampling of IP addresses brings us to (from bottom to top) Pakistan, Kuala Lumpur, Thailand, and another Thailand entry…. interesting a southeast asian sampling this time. The last sampling of IP’s I took were mostly US/European/ entries, with one Asian country of origin that I don’t recall. One ip couldn’t be traced at and I really am not energetic enough to follow.

Well…. have fun storming the castle and all…. I’m moving on to other topics.

Can’t help coming back again – this has been a longer sustained storm – “the 2PM eastern hour today brought to you by phentermine….” it seems that is really heavily promoting in the trackback spam right now. They’re the last 98 or so entries in akismet’s filter and picked up right where the insurance sites left off.

Looks like I may have tagged the wrong spammers… Zahariev spam not done by Zahariev – interesting twist and it will be interesting to see what further info may come out.

BTW, I’m now up to something like 1200 on this site and another 100 or so on another two domains. Akismet has acted like a champ with just 1% getting through. I wish there were a way to tag a trackback as spam and report to akismet. I don’t see a way to do that (without moderating ALL trackbacks… which I may have to look into if this keeps up.) This storm seems to have subsided, the last 10 minutes being quiet – about 3 hours and a few minutes *(15 minutes at the most). The fact that’s it’s relatively closely time to last x hours makes it look quite bot-ish.

If you’re having trouble with trackback spam, I’d highly suggest akismet, it’s free and the API key to use it is free as well. I signed up for a site at and have put maybe 1 post there. At some point in time, if I ever make more than $500 a month from my sites, I’ll be glad to pay them for the service. It’s acted like a true champion…. 1% of the trackback spam has slipped through and I suspect if I can find a way to slip the trackbacks into the moderation queue I should be able to tag that pretty easily.

Related Posts

Blog Traffic Exchange Related Posts
  • Ubuntu Gutsy Gibbon coming The release date for the 7.10 Ubuntu release is coming soon. I've installed a beta into a virtual machine to see what's what and so far haven't had much time to play around. I seem to recall the localization question being new in the installer, but then it's been a......
  • The connection between Spam and Viruses After comparing MANY of these delivery failures (a fraction of what has gone out with my domain name forged I'm afraid...) They are all advertising essentially the same site (sometimes different gateways to it, but I've traced it all back to a close group of domains that have been unresponsive......
  • The Google Problem, or why I'm starting to use MSN and Yahoo more. This weekend has been a bit of an introspective for me on why google is still the primary search engine I use. I know, I've been a big "fan(?)" of google for quite some time, I've obviously incorporated many of their products into my pages and used Google for 99%......
Blog Traffic Exchange Related Websites
  • Getting Out of Debt Quickly pt 2 This is part 2 of a 4 part series on getting out of debt quickly. Make sure that you read all four parts in order to get the most out of this sequence of hints on getting yourself or your family out of the debt trap. Next you are going......
  • How to Relocate your Wordpress Blog to a New Domain Name Making the decision to move my blog from to was a big one, and a good one, and it taught me a lot about learning how to relocate your Wordpress blog to a new domain name under the same hosting provider. Course Ladder suited me for a while,......
  • CitySights NY getFlashHtml('eplay', 300, 250, '', '', '', '') CitySights NY is one of the leading sightseeing tour companies in New York City. We offer hop-on hop-off double-decker bus tours in Manhattan and Brooklyn as well as night tours and daily trips from New York City to Woodbury Commons Premium Outlets,......    Send article as PDF   

Similar Posts

See what happened this day in history from either BBC Wikipedia
Amazon Logo

3 Responses to “Another trackback spam storm overnight….”

  1. Trackback Spam - Steffen Rusitschka’s Blog Says:

    [...] My blog has been bombed by hunderts of trackback spams the last 2 hours. And I’m not the only one as I figured out via Technorati, there’s for example Twig, Beau, Avery, and bronzefinger having the same problem. [...]

  2. Trackback spam and countermeasures like Akismet and trackback validation-- Avery J. Parker - Web site hosting and computer service Says:

    [...] As I’ve already commented today…. there has been a massive trackback spam swarm going on the last 24 hours. I’ve now racked up 1300 or so in the Akismet filter on this site and another 150 or so on another two sites. Akismet has been very impressive in defending this attack. Only 1% of the trackbacks slipped through, or about 14 or so across three sites. I’ve looked to see what other measures I can take against trackback spam and found one that looks like it should eliminate the 1% that got through. [...]

Switch to our mobile site