North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Comment spammers chewing blogger bandwidth like crazy

  • From: Phil Rosenthal
  • Date: Sat Jan 13 15:35:09 2007

Thomas,

Can you please send logs of what you have from 195.225.177.46 to [email protected]?

Thanks,
--Phil
On Jan 13, 2007, at 12:04 PM, Thomas Leavitt wrote:


A friend of mine operates a blog at seeingtheforest.com, and he pays for traffic over a (fairly minimal) cap. He posted this comment recently:

http://www.seeingtheforest.com/archives/2007/01/eating_bandwidt.htm


Eating Bandwidth

Last month something ate up a tremendous amount of bandwidth at Seeing the Forest, costing me a lot of money. So now I regularly check bandwidth use.

Why has 209.160.72.10, HopOne in DC, been eating a HUGE amount of bandwidth? Gigabytes! What are they doing? (I banned them.)

Why has 220.226.63.254, an IP in India, been eating a tremendous amount of bandwidth? What are they doing?

Why has 195.225.177.46, an IP in Ukraine, been eating a tremendous amount of bandwidth? What are they doing?

Why has 62.194.1.235 AND 83.170.82.35 AND 89.136.115.220 AND 62.163.39.183 AND 212.241.204.145, all from the /same company/ in Amsterdam, been eating a TREMENDOUS amount of bandwidth? What are they doing?

Why is 206.225.90.30 and 69.64.74.56 and Abacus America Inc.eating a TREMENDOUS amount of my bandwidth,

***

One of the comments said:

Yeah, I've seen a huge bump in my blog's traffic, I haven't figured out what they're doing, but it ate like 4Gb of bandwidth last month. Now that you mention it, I checked last month's stats and yep, there's 209.160.72.10 producing 62% of my blog traffic. I did a little checking around the web and they're an obvious spam host. Banned.

***

They also chew up a lot of CPU (comment filter code). At few times, myself, I've had to simply take code offline that was getting hit too heavily... seems like the IPs (and their ilk) listed above are good prospects for a "bad behavior" blacklist, at a level below that of "collaborative spam filter" (which doesn't prevent traffic or CPU cycles from being consumed). Given the volume of traffic mentioned, this must be a real problem for some hosts and networks... although, on the other hand, if their marginal use rates are high enough, they might actually be making money off this.

Regards,
Thomas Leavitt

--
Thomas Leavitt - [email protected] - 831-295-3917 (cell)

*** Independent Systems and Network Consultant, Santa Cruz, CA ***