Thanks for your message. Yes, indeed, but I'm not sure what domain he's coming from. As I've mentioned, the only piece of information of this SPAMMER's presence in the website logs is this...
The websites he submits (all fields properly filled out) are all random and are not related to his domain nor are they related to our specific directory. We go to great lengths in making sure people understand what is appropriate to submit to the directory. Unfortunately, the SPAMMER does not see that page since he is not on the website add page. If he was, then the system would have the CAPTCHA and the successful link confirmation page information appear within the logs.
The only common thing in all the websites he submits, is the email addresses, which appear as SomeRandomName@i.ua
As of this morning, three more websites have been added with the following Referrer Hosts:
Here's the latest entry in the website logs, this one includes the CAPTCHA information:
www.ourdomain.com milenko.idegp.com - - [14/May/2009:09:23:15 -0500] "GET /cgi-bin/links/add.cgi HTTP/1.1" 200 11952 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
www.ourdomain.com milenko.idegp.com - - [14/May/2009:09:23:16 -0500] "GET /human/c8d6a040f9496df3775299fff3fdd7cb.png HTTP/1.1" 200 4166 "http://www.ourdomain.com/cgi-bin/links/add.cgi" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
www.ourdomain.com milenko.idegp.com - - [14/May/2009:09:24:42 -0500] "POST /cgi-bin/links/add.cgi HTTP/1.1" 200 9986 "http://www.ourdomain.com/cgi-bin/links/add.cgi" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
I have put the entire range of idegp.com IP addresses on the host.deny file. Still, he manages to bypass with a single line of information appearing in the server logs. Thus, what appears as idegp.com in the Referrer Host settings may not actually be that domain.