A quick note on WordPress spam in comments – Starting 2020 November 26th and continuing until 2020 December 17th, a spammer created a bunch of comments on the one page that had accidentally allowed comments – “About”
In total, there were 33,389 spam comments created. This was caused by (1) migrating this blog from the previous (amateurish) hosting company, and (2) WordPress creating one post by default with “Comments” still active. It was easy enough to stop new comments (edit Post, Discussion, uncheck “Allow Comments”). To remove 33,389 comments, I used the plugin “Delete All Comments of wordpress” by Navneet Soni.
All of the comments had IP addresses from a very small block (5.188.211.x):
220.127.116.11, count=2997 18.104.22.168, count=3346 22.214.171.124, count=3004 126.96.36.199, count=2975 188.8.131.52, count=2985 184.108.40.206, count=3326 220.127.116.11, count=3007 18.104.22.168, count=3070 22.214.171.124, count=2990 126.96.36.199, count=3074 188.8.131.52, count=2615
% Information related to '184.108.40.206 - 220.127.116.11' % Abuse contact for '18.104.22.168 - 22.214.171.124' is 'firstname.lastname@example.org' inetnum: 126.96.36.199 - 188.8.131.52 netname: inf-net country: RU admin-c: MK19775-RIPE tech-c: MK19775-RIPE status: ASSIGNED PA mnt-by: MNT-PINSUPPORT created: 2017-04-13T10:32:21Z last-modified: 2017-04-13T10:32:21Z source: RIPE person: Makary Kwiatkowski address: ul. Zachodnia 20 address: Bialystok 15-345 phone: +48695689091 nic-hdl: MK19775-RIPE mnt-by: MNT-PINSUPPORT created: 2016-10-26T21:03:01Z last-modified: 2016-10-26T21:14:53Z source: RIPE # Filtered % Information related to '184.108.40.206/24AS34665' route: 220.127.116.11/24 descr: PIN DC origin: AS34665 mnt-by: MNT-PIN mnt-by: MNT-PINSUPPORT created: 2019-11-11T07:41:06Z last-modified: 2019-11-11T07:41:06Z source: RIPE