5 ** 6 ** 6 PR 2 PR 10 Backlink PR4 and More
Foreign blogs and comment areas banclink hear or see her friends are and I did some research for you own emegimdir from anywhere you can quote me degildir.azc?k ingilizce is complete and the site name, e-mail them your name, and then thanks to write your thank you is enough

Spam Plugin for WP Hashcash by Wordpress Plugins -> pr6
Subscribe to Comments 2.1 Tempus fugit -> pr6
Better Comments Manager – Wordpress Plugin release -> PR5
Subscribe to Comments 2.1 Tempus fugit -> PR5

Yeah, no. Saying “thanks” and spamming your link is not enough you morons. Stop spamming. For those interested, the signatures in the logs vary, it’s not particularly easy to block this kind of spam, since human are submitting it manually. You could slowly start banning referrers from known sites:

85.103.7.211 – - [25/Feb/2009:16:49:20 -0500] “GET /hashcash/ HTTP/1.1″ 200 11459 “http://www.r10.net/dmoz-ve-diger-dizinler/298686-2-page-ranking-6-6-page-ranking-5-10-pr4-ve-daha-fazla-backlink.html” “Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 GTB5″
85.103.7.211 – - [25/Feb/2009:16:49:21 -0500] “GET /wp-includes/js/comment-reply.js?ver=20081210 HTTP/1.1″ 200 864 “http://wordpress-plugins.feifei.us/hashcash/” “Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 GTB5″
85.103.7.211 – - [25/Feb/2009:16:49:21 -0500] “GET /wp-content/themes/db/style.css HTTP/1.1″ 200 2491 “http://wordpress-plugins.feifei.us/hashcash/” “Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 GTB5″

It’s too bad that Wordpress plugin and theme authors appear to be specifically targeted, as we’re generally a very spam-hating crowd.

Website: ‘ AND 1=0) UNION SELECT 1 FROM wp_users WHERE user_login=’admin’ and substring(reverse(lpad(conv(substring(user_pass,8,1), 16, 2),4,’0′)),4,1)=’1′ /* (IP: 124.217.250.190 , svservers.com)

URI: http://None

Excerpt: None…

It appears to be a known-cryptotext or weak-hash exploit against Wordpress looking for an admin password with an obvious signature. Cute.

I’ve been getting a new species of comment spam. They’re meaningless strings of numbers and letters, often without links. I’ve been calling it GUID (globally unique identifiers) spam because that’s what they most resemble.

I’ve been seeing it too:

Website: 5d0813b34159 (IP: 213.251.189.201 , gw1.ovh.net)
URI : 5d0813b34159.us
Excerpt:
<strong>5d0813b34159…</strong>
5d0813b34159b436b3d8…

Website: 68c95c8a9410 (IP: 64.131.83.138 , srv.anony-mous.info)
URI : 68c95c8a9410.us
Excerpt:
<strong>68c95c8a9410…</strong>
68c95c8a9410017afcac…

Website: 853bf2b234ad (IP: 64.141.108.29 , 64.141.108.29)
URI : 853bf2b234ad.us
Excerpt:
<strong>853bf2b234ad…</strong>
853bf2b234add2151fa1…

Website: 087f722478aa (IP: 67.159.44.134 , TE01.techentrance.com)
URI : 087f722478aa.us
Excerpt:
<strong>087f722478aa…</strong>
087f722478aaf73ffa8f…

Website: 655dec378813 (IP: 74.54.136.66 , corsica.websitewelcome.com)
URI : 655dec378813.us
Excerpt:
<strong>655dec378813…</strong>
655dec3788132527049e…

This kind of spam looks like a partial md5 sum of the URL, or it could just be random. Perhaps the spammer is using compromised hosts to drop these tags, and then coming back over time to see when they are removed, or if they stay up forever. That would give him a list of possible sites to spam in the future.

Author: Rapidshare
Email: fileshunt@gmail.com
Website: fileshunt.com
IP: 212.44.130.15

I completely agree with all that here is told

You can see that this is actually a human from the log:

212.44.130.15 – - [28/Mar/2008:09:12:42 -0400] “GET /hashcash HTTP/1.1″ 200 7439 “-” “Opera/9.26 (Windows NT 5.1; U; ru)”
212.44.130.15 – - [28/Mar/2008:09:12:44 -0400] “GET /wp-content/themes/db/style.css HTTP/1.1″ 200 2646 “http://wordpress-plugins.feifei.us/hashcash” “Opera/9.26 (Windows NT 5.1; U; ru)”
212.44.130.15 – - [28/Mar/2008:09:12:46 -0400] “GET /wp-content/uploads/2008/01/hashcash.png HTTP/1.1″ 200 59975 “http://wordpress-plugins.feifei.us/hashcash” “Opera/9.26 (Windows NT 5.1; U; ru)”
212.44.130.15 – - [28/Mar/2008:09:14:58 -0400] “GET /favicon.ico HTTP/1.1″ 200 1330 “http://wordpress-plugins.feifei.us/hashcash” “Opera/9.26 (Windows NT 5.1; U; ru)”

I highly doubt an efficient bot network would GET requests on my favicon, theme stylesheet, and images. My second spammer sent me this:

Author: penis enlargement
Email: penisenlargementz@gmail.com
Website: naturalherbalz.com
IP: 202.143.112.106

Natural herbal health care medicines, Articles, informations and daily updated health concerns issues and their solutions for better health and better life. www.naturalherbalz.com

If you look at their logs, it is incredibly clear what is happening here:

202.143.112.106 – - [28/Mar/2008:10:02:46 -0400] “GET /hashcash/ HTTP/1.0″ 200 7511 “http://www.google.com.pk/search?q=powered by wordpress blogs comments add url” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13″
202.143.112.106 – - [28/Mar/2008:10:02:50 -0400] “GET /wp-content/themes/db/style.css HTTP/1.0″ 200 2646 “http://wordpress-plugins.feifei.us/hashcash/” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13″
202.143.112.106 – - [28/Mar/2008:10:02:51 -0400] “GET /wp-content/themes/db/img/bg.jpg HTTP/1.0″ 200 8203 “http://wordpress-plugins.feifei.us/wp-content/themes/db/style.css” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13″

This manual spammer searched for “powered By Wordpress blogs comments add url,” came to my site, and submitted his spam comment. So spammers are targeting Wordpress as a platform with cheap labour in foreign countries to post spam comments.

This list of blogs (and other like it) could help introduce you to a sector of the blogosphere which you feel more comfortable working in if you want credit for your comments. It could, but that’s probably not it’s primary purpose.

No, yet again, the great wheel of spam continues to roll as people looking for a few easy links are picking out sites in their niche they know have either do-followed their comments or are running really old blogging software.