Category: Sad Spammers

When I want to vent about the morons who spam email systems and bombard forums with their useless junk

Final Proof that Semalt are rogue scum

This site, along with others I run, was swamped by traffic from Semalt in the past .  Today the following article came to my attention which just confirms what I think myself and many other people had realised – that Semalt really are rogue and should be avoided and blocked at all costs. Here is the opening paragraph.

The software known as Semalt, which claims to be an ‘SEO tool,’ has been found to be using Soundfrost malware to hijack hundreds of thousands of computers. In the last 30 days, it has organized a huge spambot that is originating from more than 290,000 different IP addresses around the globe, with a concentration in South America.

Info Security Magazine

Also there is a very detailed blog entry over on nabble which gives a lot more detail and makes for pretty scary reading.

Moronic spammers

None of the blogs on this site have a META section. There is NO registration allowed but still I get spammers calling the wp-login page. I protected with a .htaccess rule but apparently the software used by these sad morons is so stupid that it can’t understand an authorisation issue and just goes into an endless loop hammering the server.

So I’ve turned on Fail2ban’s wp-login monitor and its working well :

spammers

So please take note – calling the wp-login page on this site too often will simply block you…..

Moronic Comment spammers

What a stupid comment spam:

silly spammers

If you are going to post spam comments (which automatically get trapped by my spam filters) the least you could do is post stuff that is slightly amusing and makes sense rather than this complete bullshit The offending IP ( 84.232.199.214 ) is Canadian – which makes a change from the usual Chinese or Russian or Indian culprits.

Semalt – the SEO company who lie to you.

On January 24th Andrew Timchenko from Semalt sent me a Private message on Facebook:

Dear Stephen
From now on your websites:
tty.org.uk
Canalplan.org.UK
Canalplan.EU
Canalplan.co.UK
Pubnight.org.uk
won’t be visited by our robots.
I would like to bring apology on the behalf of our company if our service caused you some troubles.

I’d told him that I wanted all subdomains on those domains removing from their systems and I was stupid enough to believe him although for a while their annoying bots stopped visiting.

But they came back – not as stupidly fast as before but doing exactly the same call to the home page, over and over again.

So if you’ve had promises from Semalt to take your domains out of their system.. double check and make sure that you’ve got a rule in your .htaccess rule to ban them

Semalt really don’t get it

I posted on Semalt’s facebook and they deleted my posts. I made another post suggesting that deleting my posts simply confirmed that they were a rogue element.

Then they tried to friend me… I have a rule on Facebook : If I don’t know you and I’ve not met you or had a drink or three with you then don’t expect me to friend you.

So then they sent me a message:

I would like to bring apology on the behalf of our company if our service caused you some troubles.

Our bots have accidently visited your site, as well as the sites of other webmasters. These bots harvest statistics for our service and cause no harm. I don’t think this can be an issue, since nobody complains on bots that belong to Google, Bing and other search engines. There are so many services on the web that are believed to mess up the webmaster’s statistics.

This shows that they have no clue.

I have no problems with Google, Bing and other search engines running over my sites as they help bring traffic to me. Also they obey robots.txt and crawl at a sensible speed and don’t just sit there hammering the home page. Also they clearly identify themselves and come from recognised blocks of IP addresses.

Semalt do NONE of these – they use random IP addresses from all over the world, they don’t obey robots.txt. They don’t clearly idenfify that they are a bot. They don’t crawl my site and they don’t access it at a sensible request rate. On top of all of that they offer me NOTHING of any use – all they do is suck bandwith and give me nothing in return.

I had added a rule to my .htaccess rule to ban them (and I’ve left it in there because I don’t trust them) – but they did accept a list of domains from me and have removed them from their rogue bot.

Semalt.com – Rogue element? Or just scum?

So Google is full of sites posting about the above company … they would seem to be trying to do some sort of SE ranking or are they just complete arses?

This is an example from one of my site logs … there is NO reason for this behaviour but their repeated use of IP addresses in various countries suggests that they’re either paying people to do this shit or they’ve paid for time on a bot-net.

Ask yourself…would you really trust a company who resort to these sort of tactics as a business model?

189.78.19.14 - - [16/Jan/2014:20:29:43 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:43 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:43 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:43 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:43 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:43 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:43 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:43 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:43 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:43 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:43 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:43 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:44 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:44 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:44 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:44 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:44 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:44 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:44 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:44 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:44 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:44 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:44 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:45 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:45 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:45 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:45 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:45 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:46 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:46 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:46 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:46 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:46 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:46 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:46 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:46 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:46 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:46 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:46 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:46 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:46 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:46 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:47 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:47 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:48 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:48 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:48 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:48 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:48 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:48 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:58 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:58 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:58 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:58 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:58 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:58 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:59 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:59 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:29:59 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:30:00 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:30:00 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here
189.78.19.14 - - [16/Jan/2014:20:30:00 +0000] "GET / HTTP/1.1" 200 5720 "http://their url removed?u=http://my website here" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" my website here

I hope the sad little Indian who connects from 125.63.89.66 and spends his time…

I hope the sad little Indian who connects from 125.63.89.66 and spends his time trying to break into Yahoo email accounts to send spam gets screwed over by who ever is paying people to spam people with links to a page on lefsky.com

View this post on Google+

Post imported by Google+Blog for WordPress.