Is EC2 a Spam Platform? · 15 July, 03:20 PM
I ran into a few comments on my weblog that caught my eye – mainly because 2 of the comments came from the same IP, but were apparently left by different people. Normally, I don’t spend much time thinking about comment spam, but this has some interesting features: the source of the comments resolves to ec2-67-202-49-217.compute-1.amazonaws.com. So it appears that an EC2 server was the source of the comments, which is odd because EC2 isn’t an interactive system – why am I getting comments from there. So, theories:
- Some legitimate comment service is using EC2 to post to weblogs. I don’t think that’s likely because I haven’t gotten other referrers for those posts.
- A comment spammer has decided EC2 is a good platform for spam.
The comments aren’t egregious spam, but they didn’t really add anything to the post – they’re relevant to the content but ultimately just “thanks for posting this”. The comments are signed with a real name, with an email address in the form fistnamelastname@yahoo.com or gmail.com along with a URL in the form http://firstnamelastname.com
13 Jul 2008 20:28:46 67.202.49.217 ec2-67-202-49-217.compute-1.amazonaws.com weblog/article/58/?commented=1 13 Jul 2008 20:28:22 67.202.49.217 ec2-67-202-49-217.compute-1.amazonaws.com weblog/article/58/?commented=1 13 Jul 2008 20:28:05 67.202.49.217 ec2-67-202-49-217.compute-1.amazonaws.com weblog/article/58/?commented=1 13 Jul 2008 20:28:02 67.202.49.217 ec2-67-202-49-217.compute-1.amazonaws.com weblog/article/58/?commented=1 13 Jul 2008 20:26:59 67.202.49.217 ec2-67-202-49-217.compute-1.amazonaws.com weblog/article/58/?commented=1 13 Jul 2008 20:26:58 67.202.49.217 ec2-67-202-49-217.compute-1.amazonaws.com weblog/article/58 13 Jul 2008 20:26:47 67.202.49.217 ec2-67-202-49-217.compute-1.amazonaws.com weblog/article/58 13 Jul 2008 20:25:31 67.202.49.217 ec2-67-202-49-217.compute-1.amazonaws.com weblog/article/58
13 Jul 2008 16:30:52 67.202.49.217 ec2-67-202-49-217.compute-1.amazonaws.com weblog/article/58 13 Jul 2008 16:30:52 67.202.49.217 ec2-67-202-49-217.compute-1.amazonaws.com weblog/article/58/?commented=1 13 Jul 2008 16:27:21 67.202.49.217 ec2-67-202-49-217.compute-1.amazonaws.com weblog/article/58
13 Jul 2008 13:44:16 75.101.208.78 ec2-75-101-208-78.compute-1.amazonaws.com weblog/article/54 13 Jul 2008 13:44:16 75.101.208.78 ec2-75-101-208-78.compute-1.amazonaws.com weblog/article/54/?commented=1 13 Jul 2008 13:44:01 75.101.208.78 ec2-75-101-208-78.compute-1.amazonaws.com weblog/article/54
— Gordon Weakliem
Comment
Commenting is closed for this article.
Money for Nothing and Interop for Free A Tale of Two Regexps
It’ not strictly true that EC2 isn’t interactive – there’s no reason someone couldn’t deploy a distro with an X server on EC2 or use an EC2 instance as an anonymizer. That said, yeah, could very well be someone setting up a comment spam system.
— Justin Pitts · Jul 15, 05:08 PM · #
Interesting point, I suppose you could set it up as a interactive server – I’d believe it if the data itself wasn’t so odd.
— Gordon Weakliem · Jul 15, 09:38 PM · #