Spammers might be using something similar to the IPfuck Firefox/Chrome extension, which fakes an IP address instead of allowing the real IP to be recorded, not sure how we can defend against that sort of thing at present.
Date: Fri, 24 Oct 2014 16:25:42 -0400 From: phoenixoverride@gmail.com To: alj62888@yahoo.com; mediawiki-l@lists.wikimedia.org Subject: Re: [MediaWiki-l] Off topic: Wiki spammer is using spoofed IP addresses???
The IP address belongs to CANTV Servicios which I have seen a LOT of spam from recently
On Fri, Oct 24, 2014 at 3:25 PM, Al alj62888@yahoo.com wrote:
I am surprised to see that a spammer is spoofing his IP address. I got some spam from 200.90.74.226 - "226" is out of range for IPs and so isn't even a valid IP address. I confirmed that the number is not a wiki username and the apache log shows the same IP. It appears maybe the spammer's script has a bug and not range-checking the generated numbers which made it obvious that the IP is spoofed; otherwise I would have never noticed.
I thought IP spoofing was a fairly sophisticated tactic and didn't expect to see a common wiki spammer using it, or am I wrong? I'm also surprised apache even allowed the connection, much less the Amazon AWS firewall. Am I missing something?
Al _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l