• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Comment SPAM Bad Neighborhood Analysis (2013-Mar)

March 25, 2013Daniel Cid

0
SHARES
FacebookTwitterSubscribe

We track and block a lot of comment SPAM via our WordPress plugin and our CloudProxy WAF. One thing we noticed is that the majority of the SPAM we detect come from the same “bad neighbors” (IP ranges that are known for sending a lot of SPAM).

We did a little query for the month of March (just in 23 days) and these are the top 20 networks used by comment Spammers:

# of comments sent | IP range
42455 96.47.225.0/24
16502 173.44.37.0/24
13748 46.227.68.0/24
13597 194.71.223.0/24
13521 194.71.222.0/24
13422 194.71.224.0/24
13358 194.71.225.0/24
10563 117.21.225.0/24
10505 96.47.224.0/24
10325 91.236.74.0/24
10173 91.231.40.0/24
9262 142.91.81.0/24
8909 195.190.13.0/24
8423 94.242.241.0/24
7494 5.144.176.0/24
6980 94.242.237.0/24
6789 46.227.70.0/24
6772 46.227.71.0/24
6283 142.4.98.0/24
5860 91.236.75.0/24


Those 20 small network blocks were responsible for more than 230,000 SPAM comments sent to the sites we are monitoring (that’s almost 20% of the total that we blocked during the same period). And if you are curious on what were the most common SPAM were, these were the top 5 messages for the month so far:

#1: 6861 SPAM comments had: Hello Web Admin, I noticed that your On-Page SEO is is missing a few factors, for one you do not use all three H tags in your post, also I notice that you are not using bold or italics properly in your SEO optimization. On-Page SEO means more now than ever since the new Google update: Panda. No longer are backlinks and simply pinging or sending out a RSS feed the key to getting Google PageRank or Alexa Rankings, .. bla bla bla… just watch this 4minute video for more information at. httx://www.searchengineoptimizationtips .info

#2: 2723 SPAM comments had: We have decided to open our POWERFUL and PRIVATE web traffic system to the public for a limited time! You can sign up for our UP SCALE network with a free trial .. bla bla bla .. Visit us today: httx://bag.sh/16M (redirects to httx://voxseo.com/traffic/)

#3: 2344 SPAM comments had: Hello Web Admin, I noticed that your On-Page SEO is is missing a few factors, .. bla bla bla (same as #1) .. just watch this 4minute video for more information at httx://www.SEO-SOLUTIONS .INFO

#4: 2079 SPAM comments had: Brokersring .com – Learn how to turn $500 into $5,000 in a month!

#5: 1397 SPAM comments had: You need targeted traffic to your website so why not try some for free? There is a VERY POWERFUL and POPULAR .. bla bla bla .. Sign up before it is too late: http://bag.sh/16M

And these were the top URLs included in the link field of the SPAM messages:

15976 [url] => httx://www.kitdeemail.com
11119 [url] => httx://bag.sh/16M
6968 [url] => httx://www.searchengineoptimizationtips.info
6453 [url] => httx://www.trxsuspensiontrainersale.net
6253 [url] => httx://aerotraffic.com/web-traffic/
4985 [url] => httx://himovie.org
4427 [url] => httx://tiny.cc/zsbvsw
4092 [url] => httx://www.NicoleBerryPsychic.com
3671 [url] => httx://www.gucci–online-shop.com/
3319 [url] => httx://www.busquemail.com.br
3316 [url] => httx://www.emailsvip.com.br
3309 [url] => httx://www.seomaster.com.br

Most of them related to SEO companies and web traffic/link exchanges. Now you know which companies to avoid and what links and networks to block.

If you want to know anything else specific to the comment SPAM we track, let us know and we can add to our reports and post about them.

0
SHARES
FacebookTwitterSubscribe

Categories: Security EducationTags: SEO Spam, Sucuri Firewall

About Daniel Cid

Daniel B. Cid is Founder of Sucuri and the VP of Engineering for the GoDaddy Security Products group. He is also the founder of OSSEC and CleanBrowsing. You can find more about Daniel on his site dcid.me or on Twitter: @danielcid

Reader Interactions

Comments

  1. Mark de Scande

    March 26, 2013

    Cool just added them to CSF on the BlogLines Server thx for always posting cool tips well done

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2022 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.