Russian/Ukrainian Referer Spam Campaign IPs
It looks like there's a new referer spam campaign underway, with a fresh batch of hosts to block. This one is predominantly promoting Russian and Ukrainian websites. I first caught wind of it from Dave Horsfall, who in late January mentioned on an anti-spam mailing list that he'd seen
pills24h.com in his web access logs. I found that domain in my logs too, made a note to look further, and today I got around to poking at it a little.
Since I don't run WordPress or any common blog software, I was surprised to see referer spam suddenly hitting this site in earnest. Most modern spambots are intelligent enough to only target sites vulnerable to their spam. The cretin behind this campaign isn't so discerning, although he's at least bright enough to use IPs that aren't listed in the Stop Forum Spam blacklist.
For your blocking pleasure, here are the IPs involved in the spamming campaign:
126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168 22.214.171.124
Here are the domains each host has been pimping.
I'll update this post if I see new IPs joining the party.
Updated February 11: Added 126.96.36.199 and 188.8.131.52
Updated February 12: Added 184.108.40.206 and 220.127.116.11
Updated February 16: Added 18.104.22.168, 22.214.171.124, and 126.96.36.199
Updated February 20: Added 188.8.131.52