by Eric Duncan in archives

Google Condones Spamming?

Please note that this post was migrated to my new blog platform. There may be bad formating, broken links, images, downloads and so on. If you need an item on this page, please contact me and I will do my best to get it from my backups.

~E

Precursor: BlogSpot (owned and operated by Google, Inc ) is spamming. 

"There, I said it.", quoting David Spade as it's what I'm saying now.

Ever since I upgraded to CS 2.0 from a previous version, I have been getting flooded with a large number of spam comments to my blog posts, about 20 to 30 a day. Where they come from seems to be related to online poker and porn sites.

Now I've set CS 2.0 to allow anonymous comments, but they will be Disapproved when posted here – until I go in and approve them.

But somehow these spambots get past this restriction in CS 2.0, and flood my blog comments.  I have this logged as a bug in CS 2.0, to be resolved in CS 2.1.  But for now, we must fight this.

One way is to enable the Spam CSModule that now comes with CS 2.0.  Have it look for more then 5 links in a comment, then automatically disapprove or even delete the post. 

I went a more drastic approach and started to find the source of these boneheads. 

I found them – BlogSpot.com is the home to all of this Poker spamming.  I found them by looking at my Urchin web stats and started comparing these odd Referral urls below to the time entries of the recent spamming comments.  Here are but a few of the DNS names that are spamming the comments:

3.party-poker-i.blogspot.com/ 43  0.87%     
4.online-poker-the.blogspot.com/ 41  0.83%     
5.poker-a.blogspot.com/ 35  0.71%     
6.casino-there.blogspot.com/ 32  0.65%     
     
8.online-poker-those.blogspot.com/ 26  0.53%     
9.online-poker-that.blogspot.com/ 25  0.51%     
10.online-casinos-i.blogspot.com/ 22  0.44%   

11.

online-casino-i.blogspot.com/ 22  0.44%     
12.casino-this.blogspot.com/ 21  0.42%     
       
14.online-casino-the.blogspot.com/ 19  0.38%     
15.online-casinos-there.blogspot.com/ 18  0.36%     
    
17.poker-this.blogspot.com/ 18  0.36%     
   
19.online-casinos-that.blogspot.com/ 16  0.32%     
20.poker-the.blogspot.com/ 16  0.32%   

 

And this was just over the last 48 hours. 

As you can see, blogspot is using Google resources (Google's own DNS servers) to generate these valid DNS names/servers to almost legit the spam to you.  One thing I noticed is they all point to the same IP address, that is hitting my server.

I dug a little deeper and it doesn't seem they have any MX, TXT or PTR records (much less SPF) for any of these domains, or even blogspot.com.  Just the parent domain of blogger.com:

Server:  ns1.google.com
Address:  216.239.32.10

blogger.com     MX preference = 10, mail exchanger = mail.blogger.com
blogger.com     nameserver = ns1.google.com
blogger.com     nameserver = ns2.google.com
blogger.com     nameserver = ns3.google.com
blogger.com     nameserver = ns4.google.com
mail.blogger.com        internet address = 66.102.15.85
ns1.google.com  internet address = 216.239.32.10
ns2.google.com  internet address = 216.239.34.10
ns3.google.com  internet address = 216.239.36.10
ns4.google.com  internet address = 216.239.38.10

So today, I blocked their IPs from being able to access my server at all.  I even blocked their parent company (blogger.com) as it was just one IP address lower from the same thing.

Here are the IP addresses I blocked and I highly suggest you do the same:

66.102.15.100 (blogger.com – parent company web address)
66.102.15.101 (where all of my spam comments are sourced from)

I will start investigating my Junk Mail now to see if any of the Poker-related junk is from the mail records above.  If so, I may start to block those IPs as well.

Here is the Whois record for BlogSpot, owned and operated by Google, Inc:

Registrant:
Google Inc.
(DOM-345046)
1600 Amphitheatre Parkway
Mountain View
CA
94043
US

    Domain Name: blogspot.com

Registrar Name: Markmonitor.com
Registrar Whois: whois.markmonitor.com
Registrar Homepage: http://www.markmonitor.com

    Administrative Contact:
DNS Admin
(NIC-1467103)
Google Inc.
1600 Amphitheatre Parkway
Mountain View
CA
94043
US
dns-admin@google.com
+1.6502530000
Fax- +1.6506188571
    Technical Contact, Zone Contact:
DNS Admin
(NIC-1467103)
Google Inc.
1600 Amphitheatre Parkway
Mountain View
CA
94043
US
dns-admin@google.com
+1.6502530000
Fax- +1.6506188571

Domain servers in listed order:

NS1.GOOGLE.COM
NS2.GOOGLE.COM
NS3.GOOGLE.COM
NS4.GOOGLE.COM

I hate spammers.  And now Google allows it?

So who do we yell at?  Who would be the authority on this?  Who do we report this to?

This is the same as if President Bush decided that Homeland Security is our safest bet for inter-department communications, but then allows oil companies to spam you by allowing the oil companies access to all of Homeland Security resources to use for the task.

Am I the only one saying, "What the ****?"

Perhaps Mr Anti-Google was right in creating Google-Watch.org.  Maybe someone does need to take a good hard look at Google and what they are doing.

For now, let's give Google Inc. the benefit of the doubt and say they re-sold some resources (such as DNS Server usage) to some 3rd party.  And it's that 3rd party that is responsible for the spamming.  I'll attempt to contact Google via the registry info above to see if that is the case.

 

> Revision History
  • Wed Apr 9 20:49:43 2014
    imported into new blog platform

View on Github

> About the author

Eric has been in a wide variety of software development roles with 18+ years experience developing and managing technologies for several industries such as prepaid card services, advertising, legal and manufacturing. He is a pioneer of open-sourced social networking and communication solutions.