THIS AFTERNOON: 9 Visitors From 6 Countries Arrive At PP Blog Within 5 Minutes; All Pull Exact Same September 2010 Story About MPB Today Multilevel Marketing Program, Then Vanish
In a highly unusual — and statistically improbable occurrence — nine visitors from six countries arrived on the PP Blog within five minutes today and sought unsuccessfully to pull the exact same story on the MPB Today multilevel marketing program. With the apparent aid of a script, all of the visitors also attempted unsuccessfully to pull a story about an alleged Ponzi caper in New Jersey.
The MPB Today story was nearly six months old, and the New Jersey story was nearly seven months old. The visitors left as quickly as they came, and appear not to have sought to pull any other stories. Although it is common for individual visitors to pull “old” stories, it is decidedly uncommon for multiple visitors to attempt to pull the same “old” stories from the Blog’s archives of nearly 1,100 stories virtually simultaneously.
Because the pattern suddenly ceased and no other individual reader outside the subset of “sudden” visitors sought to pull the same stories, it does not appear likely that the URLs for the stories appeared on a common website today through which visitors all sought to load the same pages virtually simultaneously.
Readers routinely post links to the PP Blog on forums. But as the forum posts age and are buried by new posts, the Blog receives fewer and fewer visits from the older links.
MPB Today is based in Florida. It purportedly operates a “grocery” program, and the U.S. Department of Agriculture said last year that it was investigating certain claims made about the firm.
The circumstances and motives surrounding the visits were not immediately clear. The Blog recorded visits from IPs in the United States, Russia, Brazil, Spain, Thailand and South Korea. Logs suggest a script of some sort was used, and that the visitors sought to pull an MPB Today story that was published Sept. 25.
Logs also suggest that the same visitors sought to pull a story that appeared Aug. 12 about Eli Weinstein. Weinstein was charged in an alleged Ponzi caper that may involve $200 million or more.
The PP Blog’s Weinstein story included a reference to Nevin Shapiro, who was arrested in New Jersey in April 2010 on charges of running an $880 million Ponzi scheme involving a bogus wholesale grocery business.
In October and November, the PP Blog experienced sustained DDoS attacks. During one three-hour window, the Blog received more than 6 million “hits.” The attacks were reported to law enforcement, and coincided with the Blog’s reporting on MPB Today and Ponzi scheme and criminals’ forums.
The PP Blog also has been subjected to email spoofing, virtually relentless spamming, YouTube attacks, threats of “war” and threats to start “fires” because of its reporting about the alleged ASD Ponzi scheme, and a false registration to a “program” in which the Blog was referred to as “Rat Bastard.” The “Rat Bastard” reference appears to have been associated with a cash-gifting program.
It looks like you are finding out things they want kept quiet. If these MLM business are as legal and above board as they claim, why the attacks? Makes one wonder……
Honestly I have no clue but i have learned one thing, most bots are stupid and even some of the better spam engines are sometimes operated but idiots. Early this year the RealScam forum was inundated with spam bots. It didn’t take too much looking into it to see it wasn’t just us, a lot of forum operators had similar problems but I found a fabulous vBulletin plugin from a company (Sorry Patrick, they earned a plug) named GlowHost which neutralized the vast majority of the problem. Part of their product gives you a log of all attempts to register a posting account on your forum.
Now the real reason for the spam upsurge was the release of some “Black Hat” SEO software (don’t worry Patrick, I wont plug them) and it’s abilities against Google’s reCaptcha. It was a temporary shift in the spam/anti-spam arms race but it did get me to read up on that one area of software and some of the abilities are kinda scary. But I kept reading the log of all the attempts to register a posting account at RS and it amazed me how many would have failed even without any countermeasures. I’ve seen dozens of attempts within about a minute from the same IP but none of them entered an e-mail address. Oh they filled something in but it didn’t have an @ or any of the other format for an e-mail address. Whatever software was being used was fully able to pull that off, if the idiot running it knew how to use it it would have worked (before we made changes).
Long story short, some of the people writing bot spam software are pretty frigging smart but some of the people using it aren’t.
Hi Glim,
Thanks for the note. I’m glad RS warded off the spambot attacks. Sounds as though the GlowHost plug-in is a good one.
The IPs that arrived here didn’t leave a bot signature. Also, there was no spam in their wake.
It’s hard right now to assign a specific motive/meaning. Even so, my logs are downright interesting on some days.
Regards,
Patrick