Perhaps everyone should start calling alestra.net.mx. and yelling, “stop it!”
But block your number first if you do because, otherwise, I get the impression that your number just might not be regarded with much respect if it’s captured.
responsible: Inet Administrator
address: Ave. Munich 175, Col. Cuauhtemoc, 175,
address: 66450 – San Nicolas de los Garzas – NL
phone: +52 81 87486201 
Added suggestions/more information:
126.96.36.199 (open proxy)
188.8.131.52 (also open proxy)
148.144.15.X and 207.248.240.X
BAN MEXICO PROXY FIREWALLS:
184.108.40.206 – 220.127.116.11
And then consider calling your local police and writing to your Senators for purposes of complaining about a threat to national security from ongoing abuses using the internet — by trackback, referral and comment spammers, a lot of which is being pushed along by alestra.net.mx.
One anti-spam blogger (“Spam Huntress“) asserts that this (particularly aggressive trackback/commentor/referrer spamming) is the result of the actions by one “spam ring run out of Bulgaria” (and also offers other useful ideas). But that site also suggests banning alestra.net.mx due to the huge amount of junk alestra.net.mx is spewing (do a google search of their domain name and then just look at all the spewing from their servers — and that open proxy particularly — all over the internet). Obviously, alestra.net.mx and the Bulgarians have a relationship. A very, very offensive relationship.
Moreover, I’ve looked over so many other site stats published on the internet, easily locatable by searches for any one or a few of the ongoing spammer attempts to this blog (and so many others, from what I read), and I find that the same group of numbers (however extensive) is identified to most of us with blogs. And then block the most often repeating offending I.P.A.s from your server’s (or servers’) .hta access, preventing them from accessing your domain.
Also, as most of us conclude, yes, there’s a zombie-network of infected computers being used to send out the spam (another area for improvement and that is to get people to maintain better housekeeping and security habits on the computers they use, and networks who need to improve their security habits).
But, even blocking the offending I.P.A.s from a server’s .hta access does not, unfortunately, prevent the offenders from ongoing hits to a site address and your server from having to respond to those hits…if ever I’ve experienced online terrorism, this is it. And, even though the Movable Type Blacklist plugin does not prevent the offenders from attempting access to my/any site, such that the problem remains that servers are easily overwhelmed by these creeps, and if not overwhelmed, at least easily and very often preoccupied by them. The bandwidth is paid for by us end-use customers, as is our connectivity itself, to further the insult: it is unwelcome, ongoing and aggressive use of end-user resources without invitation or permission and, worse, relentless without regard for end-user responses.
Our legislators need to do something to effectively bring about an end to this sort of attack on internet resources. Since many proxy addresses are (also) blocked by me from visiting this domain/blog site on that domain — as with huge ranges of I.P.A.s from countries most irresponsible about their networks (those in China, Bulgaria, Africa, Mexico, Guatemala, Columbia, Brazil, some in Pakistan and many in Iran, worse) — and what you end up with is many random individuals blocked from reading sites in other parts of the world and all because irresponsible spammers chug out crud 24/7 and mostly aimed at a lot of sites in the United States (and elsewhere, but since I’m a citizen of and reside in the U.S., that’s my focus as to this issue and discussion about it). Which equals to my view a targeting effort to close down internet communications.
From the last three days, I have over one hundred comment/trackback spammer attempts from 18.104.22.168 and 22.214.171.124 (alestra.net.mex) and that’s just those two offenders — from many other repeat offending I.P.A.s, there are many more hundreds of failed trackback and commment spam attempts. It’s their very insistence on interacting with my server that bothers me at this point.
As to referral spam, that appears (so far, based upon my site stats) to mostly originate from the same I.P.A.s located in China, since the many ongoing permutations of bogus site URLs are identifiable as being from the same few I.P.s, as follows:
I.P.A. –> 126.96.36.199
I.P.A. –> 188.8.131.52
= CHINANET and CHINATELECOM
184.108.40.206 – 220.127.116.11
Trackback/Referral/Comment Spammer Servers:
= > 18.104.22.168 – 22.214.171.124
Naperville, ILL (backbone…)
126.96.36.199 (Deprecated; all domains moved from the host)
When I have more available time later this week, I’ll post the long list I have collected of the ongoing offending I.P.A.s who have contacted this site. As I wrote earlier, and as most users are aware (a rhetorical point, again, here), although most if not all of these spammer offenses are (now) blocked by MovableType’s Blacklist and a few other program tweaks, my server still has to bear the brunt of the inquiries from the spammers and from what I can easily read in logs and site stats, there is a great abuse of computing resources being caused by these irresponsible spammer hacks.
And hacks they are. Security measures, realistically, that I can think of that might be at least effective measures to bring about remedies to this problem are…all that comes to mind is a visit to servers responsible by a few big guys wielding sledge hammers and a few more with backhoes outside, destroying hard wiring.
I’m sure someone else with greater skill can think of more effective and simpler helps from a point of technology, but the fact that some in our world can so abuse the computing resources of others and remain unpunished, much less remain fixed in their deeds, is very offensive to my view. Much less expensive in time and energy involved in even discussing, much less remedying, end-user harms caused by this huge volume of harrassing and offensive, unwelcome contact.
Obviously, those responsible for the unwelcome internet contact are not going to stop what they’re doing, so it’s up to some of the rest of us to bring about an end to what they’re doing. Otherwise, we’re part of the problem.
Public Proxy Servers can be found here — many of them are used to harass the rest of the world by those who harass the rest of the world via the internet and many of the server I.P.s are easily recognizable to those who read their site logs, as to ongoing spam attempted there.
Oppleman offers a great site for reference purposes.