![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
terrikoI maintain a couple of blogs outside of this one, and the most popular one I'm involved with gets a lot of spam. There seemed to be a particular uptick about a month back, and I went to look into it.
What I discovered is that quite a lot of our spam (around 80%) was coming from one company called IPTelligent LLC. There's no easy way for me to tell if they are a legit company who simply have the worst IT staff in the history of IT staffs and all of their machines are compromised, or if they are, in fact, evil jerks who are repeatedly attempting to pollute the internet with really terrible spam. Given a short websearch, it seems pretty likely that IPTelligent is intentionally evil. I suppose one could argue that the level of incompetence displayed by someone who not only runs that many compromised machines but also serves up malware consistently is a form of evil even if it wasn't intentional. Whatever.
Either way, they are responsible for a rather large percentage of the spam we were receiving, and not responsible for any legit visits that we could see.
Since this particular blog uses Wordpress, solving the problem was pretty simple. Wordpress has built in lists for blocking comments, but they simply send to the moderation queue, as does popular plugin Akismet. Since we were seeing hundreds of messages per day from IPTelligent, I needed something that banned them more completely so our moderators wouldn't even see the messages and have to scan through them. Thankfully, there are lots of plugins for this. I settled on one called wp-ban that seems to be working well for my needs.
Once that's installed, the settings are under Settings->Ban. At the top of my list, I now have
Which covers the majority of the IP that were hitting us with spam. A glance at a more specific list of IPTelligent IPs suggests that those lines are good enough right now, although it's possible that they'll buy more IP blocks eventually. (We also have a longer list of other ips that appear to be compromised and were causing problems, but they look more like temporary compromises than intentional, long-term malice so I'm not listing those IPs here).
Of course, it would be better if someone took the company to court for this. I am not a lawyer, but it seems to me that the Computer Fraud and Abuse Act must cover at least some portion of their activities. I mean, the things they charged Aaron Swartz with under that act seem less sketchy than what IPTelligent is doing. But court cases take time and money, and banning them right now is pretty easy, so I figured I'd share the short-term solution in case it's useful to anyone who'd like to get a little less spam right away. (We are indeed getting ~80% less spam since the bans went into place.)
For the record, here's the company info as I get from the whois database right now:
What I discovered is that quite a lot of our spam (around 80%) was coming from one company called IPTelligent LLC. There's no easy way for me to tell if they are a legit company who simply have the worst IT staff in the history of IT staffs and all of their machines are compromised, or if they are, in fact, evil jerks who are repeatedly attempting to pollute the internet with really terrible spam. Given a short websearch, it seems pretty likely that IPTelligent is intentionally evil. I suppose one could argue that the level of incompetence displayed by someone who not only runs that many compromised machines but also serves up malware consistently is a form of evil even if it wasn't intentional. Whatever.
Either way, they are responsible for a rather large percentage of the spam we were receiving, and not responsible for any legit visits that we could see.
Since this particular blog uses Wordpress, solving the problem was pretty simple. Wordpress has built in lists for blocking comments, but they simply send to the moderation queue, as does popular plugin Akismet. Since we were seeing hundreds of messages per day from IPTelligent, I needed something that banned them more completely so our moderators wouldn't even see the messages and have to scan through them. Thankfully, there are lots of plugins for this. I settled on one called wp-ban that seems to be working well for my needs.
Once that's installed, the settings are under Settings->Ban. At the top of my list, I now have
# IPTelligent owns these ips, and they seem to be a spam company 96.47.225.* 173.44.37.* 96.47.224.*
Which covers the majority of the IP that were hitting us with spam. A glance at a more specific list of IPTelligent IPs suggests that those lines are good enough right now, although it's possible that they'll buy more IP blocks eventually. (We also have a longer list of other ips that appear to be compromised and were causing problems, but they look more like temporary compromises than intentional, long-term malice so I'm not listing those IPs here).
Of course, it would be better if someone took the company to court for this. I am not a lawyer, but it seems to me that the Computer Fraud and Abuse Act must cover at least some portion of their activities. I mean, the things they charged Aaron Swartz with under that act seem less sketchy than what IPTelligent is doing. But court cases take time and money, and banning them right now is pretty easy, so I figured I'd share the short-term solution in case it's useful to anyone who'd like to get a little less spam right away. (We are indeed getting ~80% less spam since the bans went into place.)
For the record, here's the company info as I get from the whois database right now:
OrgName: IPTelligent LLC OrgId: IPTEL-1 Address: 2115 NW 22nd Street Address: #C110 City: Miami StateProv: FL PostalCode: 33142 Country: US RegDate: 2009-03-31 Updated: 2012-07-16 Ref: http://whois.arin.net/rest/org/IPTEL-1 ReferralServer: rwhois://rwhois.iptelligent.com:4321 OrgNOCHandle: NOC3572-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-888-638-5893 OrgNOCEmail: sysop@iptelligent.com OrgNOCRef: http://whois.arin.net/rest/poc/NOC3572-ARIN
no subject
Date: May 6th, 2013 08:46 pm (UTC)I stopped bothering with discerning intent quite a while ago, and just skip directly to countermeasures against the effect: access denied, egregious offenders named and reported, apologies neither expected nor given. I doubt the EPA cares whether one intended to pollute a town's water supply, only that one did.
no subject
Date: May 6th, 2013 08:51 pm (UTC)Thanks for the info
Date: January 3rd, 2014 09:42 pm (UTC)Theres an even better plugin
Date: July 12th, 2013 02:34 pm (UTC)Stop Spammer Registrations Plugin
I got through to them
Date: February 20th, 2014 07:29 am (UTC)http://www.linkedin.com/company/iptelligent
I found their abuse@quadranet.com address. But there was no response.
I Googled some more, and found LinkedIn pages and Facebook pages from QuadraNet.
When I wrote them on Facebook, they replied.
I got another mail address for a guy called Jordan Goldman <j.goldman@quadranet.com>
Their answer was: "This has been forwarded to our client to remove the abusive user."
Hope it helps