wikipedia has a spamming problem

Discussion in 'Computer Support' started by richard, Dec 9, 2009.

  1. richard

    richard Guest

    checking my one forum site for bot attacks, I found an interesting IP
    listed.
    http://38.109.44.71
    According to ARIN, this IP is owned by cogentco.com which is a worldwide
    broadband internet provider for businesses. So I plugged it in to my google
    page and sure enough, spam.
    Most of the time though, when I plug it into the address bar, I get nothing
    back. This time was a little surprisingly different.
    What's this? The wikipedia? Ruh roh. Somebody's got a security problem.

    I have written owners of the IP's a few letters and most have been unaware
    of the spam bots using their IP's. But I do like simple machines forum as
    it allows me to take full control over spam bots and shoot them down for
    good.
    richard, Dec 9, 2009
    #1
    1. Advertising

  2. richard

    Mike Easter Guest

    richard wrote:
    > checking my one forum site for bot attacks, I found an interesting IP
    > listed.


    Checking for the IP of hits is good, but you are misinterpreting/
    misusing the information.

    > http://38.109.44.71


    Translating the IP from the logs into an http form is not an appropriate
    strategy. It would be better to say that the IP of the visit/hit was
    38.109.44.71 no rDNS and what block that belongs to.

    > According to ARIN, this IP is owned by cogentco.com which is a

    worldwide
    > broadband internet provider for businesses.


    Here's what you can see from ARIN; that the IP belongs to a huge /8
    (previously) under PSI which was acquired by Cogent in 2002. PSI and
    Cogent are 'famous' for writing pink contracts for spammers.

    whois -h whois.arin.net 38.109.44.71 ...
    OrgName: PSINet, Inc.
    NetRange: 38.0.0.0 - 38.255.255.255
    CIDR: 38.0.0.0/8

    .... and that particular much smaller /23 in the cogentco whois belongs
    to WANSecurity Inc.

    network:IP-Network:38.109.44.0/23
    network:Org-Name:WANSecurity, Inc

    > So I plugged it in to my
    > google page and sure enough, spam.


    At the present time that IP doesn't have any webserver or open port 80
    handling requests for the address http://38.109.44.71

    Exactly what do you mean when you say 'I plugged it in to my google
    page'?

    > Most of the time though, when I plug it into the address bar, I get
    > nothing back.


    Your 'strategy' of taking the IPs which hit your site and converting the
    IP into an http URL is not a particularly logical approach to
    determining what is going on.

    > This time was a little surprisingly different.
    > What's this? The wikipedia? Ruh roh. Somebody's got a security

    problem.

    What are you talking about here? And what are you talking about
    plugging into a google page? Show the place that you plugged in the IP
    or the http form of the IP.

    > I have written owners of the IP's a few letters and most have been
    > unaware of the spam bots using their IP's.


    It is true that spambots take over people's machines at a particular IP
    address and you would see that hit.

    > But I do like simple
    > machines forum as it allows me to take full control over spam bots and
    > shoot them down for good.


    I don't know what that sentence means either.



    --
    Mike Easter
    Mike Easter, Dec 9, 2009
    #2
    1. Advertising

  3. richard

    Mike Easter Guest

    Evan Platt wrote:
    > "Mike Easter"


    >>> But I do like simple
    >>> machines forum as it allows me to take full control over spam bots

    and
    >>> shoot them down for good.

    >>
    >> I don't know what that sentence means either.

    >
    > Simple Machines Forum = the hosting software


    Ah, so. SMF webforum freeware. I know about that. I should've
    figgered that out.

    > And apparently, it allows RtS to block IP addresses.


    http://docs.simplemachines.org/index.php?topic=166 SMF Online Manual »
    Glossary » Feature List » Topic: Banning -- Ban members based on their
    username, email address, IP address or hostname.

    --
    Mike Easter
    Mike Easter, Dec 9, 2009
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chuck
    Replies:
    12
    Views:
    1,579
    John Thompson
    Dec 2, 2005
  2. x

    wikipedia

    x, May 16, 2006, in forum: Computer Information
    Replies:
    5
    Views:
    544
  3. Alfred Molon

    Wikipedia for Olympus cameras

    Alfred Molon, Nov 24, 2005, in forum: Digital Photography
    Replies:
    5
    Views:
    381
    Alfred Molon
    Nov 25, 2005
  4. Replies:
    17
    Views:
    872
    Bob Harrington
    Jan 2, 2006
  5. Scribner

    English Wikipedia problem

    Scribner, Jan 14, 2007, in forum: Computer Support
    Replies:
    6
    Views:
    550
    Just Me
    Jan 15, 2007
Loading...

Share This Page