I’ve been neglecting XDev, a group blog Andrew McLaughlin and I tried to get off the ground last fall. Given that the blog runs on Moveable Type 2.64 and that I didn’t have anti-spam plug-ins installed, I expected to need to trim a few weeds before attempting to revive it.
But I didn’t expect 2,200 comment spams. Wow. BlogAfrica was comment spammed recently and I thought the 250 spams it generated in a week constituted a heavy attack. I guess the Google Juice of cyber.law.harvard.edu makes XDev a tempting target.
I installed Jay Allen’s lovely MT-Blacklist and was able to lop off 1,800 spams in a single pass. But that left me with 400 spams not yet detected by Jay’s blacklist. So I spent a decent amount of time combing through spam, creating keywords and adding them to my blacklist.
Early in the process, I discovered a couple hundred spams posted by the same IP address, all using a variant on the email address “email@example.com”. Most were promoting various online casinos. But a few dozen looked decidedly different:
Tom’s Blog: The answer to the bleeding hearts, the liberals, the tree-huggers, and those who prefer Soy to Whole Milk….Sorry, I guess it’s pretty obvious what my sentiments are, but joking a part, yes I think it’s time for a reality check and such a check takes the form of a little conservativism…and there’s nothing wrong with that, let me assure you.
I’m reluctant to censor dissenting voices, so I checked out the site. It looks like a personal blog focused on issues of legalizing gambling – lots of news stories about video lottery terminals and local battles over casinos. Midway down the page, there’s an “blogroll” which contains dozens of links to online casinos, and a couple of links to other “blogs”, with names like hanksblog.us, harrysblog.us, ryansblog.us, and so on.
It’s a search engine trap. Linked to dozens of times from my blog – and from other people’s blogs – it’s got exactly the sort of content engines are most vulnerable to – actual human-written text on the subject at hand – and it’s got dozens of links to the sites the author is trying to promote. The dozen or so .us “blogs” I found all contain the identical text and links, despite different, creative descriptions when they’re posted to my blog as comments.
The author appears to be Brendan Meehan, the proprietor of “The Plaza Marketing Group”, allegedly of Cheshire, CT. The phone number he provided to the dot.us registry through his registrations at GoDaddy matches an address in Cheshire, an Edmund Meehan, Jr., but given that the spams were emerging from an OpenTransit IP in Miami, I decided not to call Ed, who may well be Brendan’s father or brother.
I am, however, having a hard time resisting posting to Brendan’s blogs. You see, while Brendan was smart enough to install Moveable Type 2.661, tweaked to help prevent blog spam, he wasn’t smart enough to change the default usernames and passwords. So if one were to, for example, go to http://www.go4itblog.us/cgi-bin/mt.cgi and log in with Username “Melody” and Password “Nelson”, one would have full control over that Moveable Type server, including the ability to shut out the administrator and create one’s own password-protected blogs. This would appear to work on any of Brendan’s sites, including tomsblog.us, ryansblog.us, perspectivesblog.us, newsblog.us, jerrysblog.us, ikesblog.us, harrysblog.us, hanksblog.us, generalnewsblog.us, dicksblog.us, bobosblog.us, artsblog.us, archiesblog.us.
I am, of course, not advocating electronic trespass or any other illegal activity. Just observing that internet vandals should consider locking their doors lest they find themselves vandalized in turn.