Over the last couple of days a number of bloggers have been targeted by a new type of comment spam.  The spam typically comes from a different name and email address, but the same IP number range of 94.102.60.15x.  The x can be anything from 0 – 4.

The comment text is populated by about 17 characters of what appears to be random text.  In fact the email address populated in the comment also appears to be randomly populated.

The IP address appears to be the only item that remains the same.  This then becomes the easiest thing to block via WordPress or at a CPanel level.

To block using WordPress, simply login to WordPress and go to Settings>Discussion and scroll to the bottom to the Comment Blacklist section. 

Some older versions of WordPress locate the Discussion tab under Options.

Once you are there, in addition to actual words that you want to blacklist, you can also individually on separate lines list IP addresses.

I’d recommend adding this IP range right away:

94.102.60.151
94.102.60.153
94.102.60.152
94.102.60.150

Sometimes website owners will incorrectly be associated and reported as a spammer.  (I’m talking email spam here.)

Unfortunately it is all to easy for an email spammer to simply code your email address into the header of an email, even though they are actually sending the email from some other email account and then your email account gets associated with grand titles like term life insurance quotes or the latest Brittany Spears viral image teaser of the day or sometimes it is used in PayPal or Ebay phishing emails.

I’m sure you have probably seen an email that appears to be coming from someone or some site that you know, but if you dig into the properties of the email address, the real email address is something entirely different.

The issue is that some hosting companies will receive a spam complaint and simply shut down your account without doing the appropriate level of due diligence.

This afternoon, I came across some good technical advice to both help you prevent this from happening in the first place and the right responses to que your webhost up with to defend against your account being shut down inappropriately on a forum at Lunar Pages.

You may not be doing anything that can be reasonably construed as spam, but are you absolutely certain that your account and site haven’t been hacked? Could code have been inserted into your site to generate spam? Have you confirmed that there are no changes to your files that were not made by you, or without your knowledge and consent? You’re going to have to go through your files with a fine tooth comb looking for unexplained changes. I find it handy to do a weekly ls -alR of all my files (via cron) to flag changes — if you haven’t been doing that, it’s a lot more work for you to find what’s changed.
You should ask LP if they have any logs of outgoing mail from your account, which might give you a hint as to what got hacked. It’s also very possible that some jackass has simply forged your email address to their spam, and you’re paying the price (even though the spam never went through your account). Demand that LP produce the “spam” emails, with full headers, so they can be examined to find out exactly where they came from. If they won’t, tell them you’ll see them in court if they try to close your account. They need to learn that some twit claiming you’re spamming is not sufficient grounds to disrupt your business — they need to prove it’s originating from your account. It may or may not cut any ice with them that you didn’t know about it, but if you can show you’re taking steps to stop it and prevent future problems, they should relent.

Spam Suspension Warning???  from the Lunar Forums