The whole idea of course, is that alot of bloggers will display top ten search results, etc on their sites, the spamvertisements show up on the top 10 list, and this bypasses your normal spam filters, yet they still achieve their goal of getting their spamvertisement shown on your blog.

More than likely it is a script being run to first get the spamvertisements listed, and then to keep them listed by checking in now and then and automatically performing a search with their query terms.

Hey! I have not been here in a very very very long time. HI! Happy New Year. Spammers are dorks.

How’s it going, Rori? Good to see you again. I admit my blogging the last few months has been less than spectacular as I dealt with the ongoing grind of being unemployed. Now that I’m working again and the once looming problems of being unemployed are shrinking back down to minor concerns I think I’ll be getting back into focusing on problems beyond my immediate concerns.

I never had the joys of dealing with ‘blog spammers’
but have seen it often eneough. Having run mailservers in the past for companies spam turns into a full time job. People dont make it any easier. Fishing attacks and @work porn surfing CEOs
get mad when they get spam, but really dont wanna lay off the porn and use decent mailtools to help
prevent it. IP to country searches were a great help and is worth every bit of time put into it. Country exclusion was wonderful. like all of korea and melanisia, but you draw a crowd from all over Les..
hmm.. maybe just dropping repeat offenders would help. are you using iptables scheeme to accomplish the task? like a prefilter?

I get occasional referrals from RIPE too, but that’s actually kind of meaningless. Based in Amsterdam, they’re the European version of ARIN/InterNIC. APNIC covers the Asia-Pacific region, and I think they’re based in Sydney. LACNIC is Latin America & the Caribbbean.

Actually, RIPE just allocated the IP address - see http://whois.sc/80.178.147.17 for who actually owns it. It belongs to a broadband ISP in Tel Aviv, Israel. Whois.sc is very good for finding out information about domains and IP addresses.

As for the searches, what the spammer is probably doing is checking to see how good you are at removing his links. If you get rid of them quickly, or block them completely, then there’s less point in wasting time pinging you. But if you’re lax and don’t remove spam, then the spam becomes more effective.

I have an interesting time keeping SIMU afloat and have just about reached the conclusion that the world needs another tool to deal with referrer spam. One suggestion I picked up elsewhere is to spider spam sites - for the purposes of training your own spam filter, of course. Of redirect referrer spam back to itself or a know spam IP. I suppose if enough people do it, the sites they hawk will go down or force them to deal with what they subject others to.

I have missed SIMU lately - every time I go there it says; ‘account suspended’.  Hope you can put it on solid ground.

DOF, your DNS cache is hosed. SIMU is up and running again…

By the way, I mean to post about what needed to be done to resurrect SIMU. What keeps me back is that spammers may read it, too.

I hadn’t checked it for quite a while.  You know, extinction of unrewarded behavior.