North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Comment spammers chewing blogger bandwidth like crazy

  • From: Alexander Harrowell
  • Date: Sat Jan 13 13:40:30 2007
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=XZzrtdbN7VHofj4Ec6ZhlEwMn4wA0J69R14r2NbZsfJ1gP1ZP7hAX3qhKskUxwkTD1rTpuqX6+ajqCC+6Ui2ymgzCWmtvXsLyocrGf0AU6inLFqx6HSsbBDbBSE2BX8uIh3Ge+I5DWqI0oo5HWutFRbrUefYDCeTfM3GitiU9QA=
Yes. Fistfulofeuros.net has seen dramatically higher levels of comments spam since last autumn. Not as much as below, but we were offline due to supposed overuse (I say supposed because our host claimed a script we don't have was responsible) over Christmas.

On 1/13/07, Thomas Leavitt <[email protected]> wrote:

A friend of mine operates a blog at seeingtheforest.com, and he pays for
traffic over a (fairly  minimal) cap. He posted this comment recently:

http://www.seeingtheforest.com/archives/2007/01/eating_bandwidt.htm


      Eating Bandwidth

Last month something ate up a tremendous amount of bandwidth at Seeing
the Forest, costing me a lot of money. So now I regularly check
bandwidth use.

Why has 209.160.72.10, HopOne in DC, been eating a HUGE amount of
bandwidth? Gigabytes! What are they doing? (I banned them.)

Why has 220.226.63.254, an IP in India, been eating a tremendous amount
of bandwidth? What are they doing?

Why has 195.225.177.46, an IP in Ukraine, been eating a tremendous
amount of bandwidth? What are they doing?

Why has 62.194.1.235 AND 83.170.82.35 AND 89.136.115.220 AND
62.163.39.183 AND 212.241.204.145, all from the /same company/ in
Amsterdam, been eating a TREMENDOUS amount of bandwidth? What are they
doing?

Why is 206.225.90.30 and 69.64.74.56 and Abacus America Inc.eating a
TREMENDOUS amount of my bandwidth,

***

One of the comments said:

Yeah, I've seen a huge bump in my blog's traffic, I haven't figured out
what they're doing, but it ate like 4Gb of bandwidth last month. Now
that you mention it, I checked last month's stats and yep, there's
209.160.72.10 producing 62% of my blog traffic. I did a little checking
around the web and they're an obvious spam host. Banned.

***

They also chew up a lot of CPU (comment filter code). At few times,
myself, I've had to simply take code offline that was getting hit too
heavily... seems like the IPs (and their ilk) listed above are good
prospects for a "bad behavior" blacklist, at a level below that of
"collaborative spam filter" (which doesn't prevent traffic or CPU cycles
from being consumed). Given the volume of traffic mentioned, this must
be a real problem for some hosts and networks... although, on the other
hand, if their marginal use rates are high enough, they might actually
be making money off this.

Regards,
Thomas Leavitt

--
Thomas Leavitt - [email protected] - 831-295-3917 (cell)

*** Independent Systems and Network Consultant, Santa Cruz, CA ***