Jump to content

Understanding Blog Spam


coderoyal

Recommended Posts

Hi everyone,

I'm getting very frustrated with all the spam I'm recieving on my website at brittany-snow.com. Specifically, spam being posted on the comment system.

You can see some of the spam at: http://www.brittany-snow.com/home.php?suba...&ucat=&

I need some help understanding something about this new type of spam. I have located via IP a couple of spammers in the local area and I'd like to litigate the latter (Under a Tresspass to Chattel, Breach of Contract claim) for posting spam on my website.

My terms of service states (which everyone agrees to before spamming) that users aren't permitted to post spam "for commercial purposes or contain advertising or are intended to solicit a person to buy or sell services or to make donations."

But the latest spam I'm getting, I can't exactly understand how it's for commercial purposes. The posts are wierd, and link to other blog sites which contain strange text (looking like stories, but unreadable) and provides more links to yet other sites that are the same.

To form a pleading I need to show that the spam is for commercial use, and I'm sure those posts have a commercial motive, but I don't understand how they can profit from that type of spam.

Can anyone help me to understand exactly why they post these type of spam and how it benefits them?

I read an article stating that it's to trick search engines by rating commercial sites up on their search rating, but if you look at their sites, I don't see any links to businesses.

Here are a few of the posted links from spammers:

plastic-hamster-cage.dofyli.org/

tennis.duxyliwo.info/

Any help would be appreciated!!

Alan

[Moderator edit - links pulled. Whatever their "game" we're not playing. Farelf]

Link to comment
Share on other sites

... I'm getting very frustrated with all the spam I'm recieving on my website at brittany-snow.com. Specifically, spam being posted on the comment system. ... But the latest spam I'm getting, I can't exactly understand how it's for commercial purposes. The posts are wierd, and link to other blog sites which contain strange text (looking like stories, but unreadable) and provides more links to yet other sites that are the same. ...]
Hi Alan - I sympathize (seeing a little of what our Admin went through to make it manageable "here"). Most give up on trying to understand spammers. Commerce drives most things but then some spammers just like to grafiti web space. If you want to prosecute, good luck, maybe someone else can assist in finding a commercial link in some of your stuff. But the other way (not mutually exclusive) is to better secure your site against automated and casual violators. Not my field but I'm sure Google would find a million or more pages with advice on issues and implementation.
Link to comment
Share on other sites

A bit confused actually .... not using a web-browser to look at your site, just scanning some of the source code ...

Not familiar at all with cutenews.php, but ... looking at hte 'current' news, I only see posts from yourself and Cindy. Could make the assumption that you've deleted the spam posts, but .. the question would still be .. why is anyone else allowed to post into that tool at all? (again, based on what I saw)

On the other hand, I note that you are running a (current, I hope) 2.1.7 version of an IPB Forum. In that case, I'd invite you to tke a look at Security Reports > Help! I've been hacked! .. specifically the huge (not recommending half the "suggestions" in there) Topic/Discussion at The Ever Growing spam List... .. perhaps some of this can be applied to the cutenews tool ????

One can't waste the time trying to figure what drives most of these idiots, but ... unfortunately, there are so many of them, other idiots are making/selling tools to make it even easier for them to make the rounds and make these types of posts .... You seem to be focused on only aspect/goal for these posts, but .. there are so many others ....

Search engine rankings

smear campaigns

virus/trojan pay-loads

proof-of-concept that some of these automatic posting tools actually work

scoring points for most blogs/forums/etc. "hit"

You say you "located" some of these folks "by IP" .... I'll assume you mean IP Address, but .. what research have you done on the IP address involved? Are the computers nvolved part of someone else's zombie network? Are they running any kind of (open) proxies? Litigation in general (based on seeing some of the results of previous actions like the RIAA going after grandma) boils down to you somehow proving that a certain person was actually sitting at the keyboard connected to that sending computer and intentionally made that post. Rather hard to do, actually ..or perhaps better to state that the defense has a very easy opportunity to brng up that 'doubt' factor .... Along that line, have you contacted the ISP involved to see if they have, maintain, keep records that cover the timeframe?

An example of "one link leads to another link that leads ot another link" with the goal of infecting someone else's system is basically referenced in an article I posted to the SpamCop FAQ here way back when (finding it the day after I'd blown a whole day (remotely) eradicating the same infection from someone else's computer .... Follow the Money; or, why does my computer keep getting infested with spyware? ... wow, that was a couple of years ago ... and things haven't changed all that much, dang it ....

Link to comment
Share on other sites

A bit confused actually .... not using a web-browser to look at your site, just scanning some of the source code ...

Not familiar at all with cutenews.php, but ... looking at hte 'current' news, I only see posts from yourself and Cindy. Could make the assumption that you've deleted the spam posts, but .. the question would still be .. why is anyone else allowed to post into that tool at all? (again, based on what I saw)

Hi Wazoo! You would be looking at the main news, not the posted comments under the news. :lol: Also, yes I've cleaned some of the spam out on the latest news articles. You can if you look at earlier news posts, see comments for them filled with spam.

On the other hand, I note that you are running a (current, I hope) 2.1.7 version of an IPB Forum. In that case, I'd invite you to tke a look at Security Reports > Help! I've been hacked! .. specifically the huge (not recommending half the "suggestions" in there) Topic/Discussion at The Ever Growing spam List... .. perhaps some of this can be applied to the cutenews tool ????

I am running the latest version of IPP. I'll definately take a look at the link above you suggested.

One can't waste the time trying to figure what drives most of these idiots, but ... unfortunately, there are so many of them, other idiots are making/selling tools to make it even easier for them to make the rounds and make these types of posts .... You seem to be focused on only aspect/goal for these posts, but .. there are so many others ....

Search engine rankings

smear campaigns

virus/trojan pay-loads

proof-of-concept that some of these automatic posting tools actually work

scoring points for most blogs/forums/etc. "hit"

I should revise my definition of "spam" on the Terms of Use on the website. I always think spam as bulk commercial advertising, because usually it is, but like you pointed out, it can be for other purposes as well.

You say you "located" some of these folks "by IP" .... I'll assume you mean IP Address, but .. what research have you done on the IP address involved? Are the computers nvolved part of someone else's zombie network? Are they running any kind of (open) proxies? Litigation in general (based on seeing some of the results of previous actions like the RIAA going after grandma) boils down to you somehow proving that a certain person was actually sitting at the keyboard connected to that sending computer and intentionally made that post. Rather hard to do, actually ..or perhaps better to state that the defense has a very easy opportunity to brng up that 'doubt' factor .... Along that line, have you contacted the ISP involved to see if they have, maintain, keep records that cover the timeframe?

Yes, by IP address. Most of them involve colocation servers located at businesses such as Rackspace.com and Layered Technologies. Others include cable subscribers.

To be honest, I have contacted ISP's in the past, and in my experience, they don't like to respond, and if it comes to anything related to legal matters, they want their attorneys to answer instead.

Moderator Edit to fix quoting (removed last dangling /quote)

Link to comment
Share on other sites

Hi Wazoo! You would be looking at the main news, not the posted comments under the news. :lol: Also, yes I've cleaned some of the spam out on the latest news articles. You can if you look at earlier news posts, see comments for them filled with spam.

As stated, I didn't use a web browser to look at your site. Used a tool that displayed 'all' the page code. Ran into an issue that there was no line-wrapping going on, so then had to copy off a section and throw that into a Notepad instance to actually read most of what I'd clipped ... so yes, I'll admit to not digging to deeply ... those days of me blindly jumping into an unknown web-site have long gone, and most 'invitations' these days do reference the "I've been hacked" scenarios, so this is my standard paranoid mode <g>

I am running the latest version of IPP. I'll definately take a look at the link above you suggested.

As suggested, some of the 'helpful' data posted there should be taken 'tongue-in-cheek' at best .. I have no idea where some of these folks get their ideas .... but the situation has definitely been beat upon from many different directions <g> The upcoming 2.2.x version allegedly does a lot more, but in all honesty, I can't see using most of those configuration settings when trying to still allow access to all those that want/need it ... for example, the 'improved' CAPTCHA thing is great for lots of folks, yet .... I know tht there are a couple of blind/visually handicapped users here, and the use of CAPTCHA is a definite problem for those folks. For your board, it might be simply fantastic. But, this has nothing to do with cutenews.php ...

I should revise my definition of "spam" on the Terms of Use on the website. I always think spam as bulk commercial advertising, because usually it is, but like you pointed out, it can be for other purposes as well.

Defining spam .... so many exist, so many still don't cover it all, so much fodder for the lawyers ... yet, the crap is still so easy to 'recognize' ... dang ...

Yes, by IP address. Most of them involve colocation servers located at businesses such as Rackspace.com and Layered Technologies. Others include cable subscribers.

To be honest, I have contacted ISP's in the past, and in my experience, they don't like to respond, and if it comes to anything related to legal matters, they want their attorneys to answer instead.

Yes, lawyer crap again ... the only thing I can say .. when I do up a report/complaint, I include the server access logs to make it clear that the only thing these folks did was 'find the forum' .. register an account .. post their garbage .. leave .... it's still up to that abuse desk to actually do something about it, either dealing with that user (account) directly, or in most cases, somehow effecting a change to the associated computer to remove the unauthorized access used by the actual spammer. However, as you note, feedback and actual results are not something in the 'keeps me happy' range ....

Link to comment
Share on other sites

As stated, I didn't use a web browser to look at your site. Used a tool that displayed 'all' the page code.

A bit OT here, but I'd be curious what tool you use for this Wazoo. I've had need of this particular feature recently, and haven't been able to find a decent tool for doing it.

Link to comment
Share on other sites

A bit OT here, but I'd be curious what tool you use for this Wazoo. I've had need of this particular feature recently, and haven't been able to find a decent tool for doing it.

Well the simplest is telnet... :P

telnet www.google.com 80
Trying 216.239.59.103...
Connected to www.google.com.
Escape character is '^]'.
GET / HTTP/1.1

HTTP/1.1 302 Found
Location: [url="http://www.google.co.uk/"]http://www.google.co.uk/[/url]
Cache-Control: private
Set-Cookie: PREF=ID=9c414947c4e7381d:TM=1164982629:LM=1164982629:S=aeBKZCgp-XgCBoSp; expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/; domain=.google.com
Content-Type: text/html
Server: GWS/2.1
Content-Length: 221
Date: Fri, 01 Dec 2006 14:17:09 GMT

&lt;HTML&gt;&lt;HEAD&gt;&lt;meta http-equiv="content-type" content="text/html;charset=utf-8"&gt;
&lt;TITLE&gt;302 Moved&lt;/TITLE&gt;&lt;/HEAD&gt;&lt;BODY&gt;
&lt;H1&gt;302 Moved&lt;/H1&gt;
The document has moved
&lt;A HREF="http://www.google.co.uk/"&gt;here&lt;/A&gt;.
&lt;/BODY&gt;&lt;/HTML&gt;
^]
telnet&gt; quit
Connection closed.

Telnet to the machine on port 80, type "GET / HTTP/1.1" and hit return twice. Replace the / with the path if it's not the root document that you're after. If you have access yo a *nix system, you can use wget or httpget. If you have perl installed, it's easy to knock up a scri_pt to do the same sort of thing. the advantage of rolling your own scri_pt is that you can forge referrers and user agents (you can do it in telnet too, but it means a lot of repetitive typing in your requests) if the other side is being extra sneaky.

Link to comment
Share on other sites

A bit OT here, but I'd be curious what tool you use for this Wazoo. I've had need of this particular feature recently, and haven't been able to find a decent tool for doing it.

Sam Spade for Windows, based on your use of Exchange servers ....

However, Steve has really done some bad stuff for some reason .. note says he's hosting his own site now and apparently figured out just how expensive bandwidth can be .... I can't explain why most of the sites pulled up for a download (that didn't link back to Steve's now defunct pages) also didn't actually provide anything beyond a 404 for a download. samspade114.exe is the file you'd be looking for .... but those search results left me quaking in my boots for the most part. Wierd ... especially remembering back to those days when Steve was going to write the application that would show Julian how dumb he was .....

Link to comment
Share on other sites

<snip>

I need some help understanding something about this new type of spam. I have located via IP a couple of spammers in the local area and I'd like to litigate the latter (Under a Tresspass to Chattel, Breach of Contract claim) for posting spam on my website.

<snip>

Have you come across Ms. Nordbø's oeuvre below? If not, you might pick up some pointers, and some background on the phenomenon, e.g. the activity of some 'ubergoofs' who do this for no reason other than they are bored at their 'goofergarten' and whose social skills quotient gives a whole new dimension for the use of "Floating Decimals".

http://spamhuntress.com/wiki/Main_Page

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...