I am surprised to see that a spammer is spoofing his IP address. I got some spam from
200.90.74.226 - "226" is out of range for IPs and so isn't even a valid IP
address. I confirmed that the number is not a wiki username and the apache log shows the
same IP. It appears maybe the spammer's script has a bug and not range-checking the
generated numbers which made it obvious that the IP is spoofed; otherwise I would have
never noticed.
I thought IP spoofing was a fairly sophisticated tactic and didn't expect to see a
common wiki spammer using it, or am I wrong? I'm also surprised apache even allowed
the connection, much less the Amazon AWS firewall. Am I missing something?
Al