A quick note on WordPress spam in comments – Starting 2020 November 26th and continuing until 2020 December 17th, a spammer created a bunch of comments on the one page that had accidentally allowed comments – “About”
In total, there were 33,389 spam comments created. This was caused by (1) migrating this blog from the previous (amateurish) hosting company, and (2) WordPress creating one post by default with “Comments” still active. It was easy enough to stop new comments (edit Post, Discussion, uncheck “Allow Comments”). To remove 33,389 comments, I used the plugin “Delete All Comments of wordpress” by Navneet Soni.
All of the comments had IP addresses from a very small block (5.188.211.x):
22.214.171.124, count=2997 126.96.36.199, count=3346 188.8.131.52, count=3004 184.108.40.206, count=2975 220.127.116.11, count=2985 18.104.22.168, count=3326 22.214.171.124, count=3007 126.96.36.199, count=3070 188.8.131.52, count=2990 184.108.40.206, count=3074 220.127.116.11, count=2615
% Information related to '18.104.22.168 - 22.214.171.124' % Abuse contact for '126.96.36.199 - 188.8.131.52' is 'firstname.lastname@example.org' inetnum: 184.108.40.206 - 220.127.116.11 netname: inf-net country: RU admin-c: MK19775-RIPE tech-c: MK19775-RIPE status: ASSIGNED PA mnt-by: MNT-PINSUPPORT created: 2017-04-13T10:32:21Z last-modified: 2017-04-13T10:32:21Z source: RIPE person: Makary Kwiatkowski address: ul. Zachodnia 20 address: Bialystok 15-345 phone: +48695689091 nic-hdl: MK19775-RIPE mnt-by: MNT-PINSUPPORT created: 2016-10-26T21:03:01Z last-modified: 2016-10-26T21:14:53Z source: RIPE # Filtered % Information related to '18.104.22.168/24AS34665' route: 22.214.171.124/24 descr: PIN DC origin: AS34665 mnt-by: MNT-PIN mnt-by: MNT-PINSUPPORT created: 2019-11-11T07:41:06Z last-modified: 2019-11-11T07:41:06Z source: RIPE