Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
User Journal

Journal MysteriousPreacher's Journal: Spammers and guestbooks 18

Journal by MysteriousPreacher

Since posting a guest-book on my site, it's been hammered by spammers. Here's my guest-book if you're interested in seeing what's happening.

Spammed Guest-book

I've modified my script now so that they can't spam me anymore. I left the examples there because I'm in the process of complaining to their hosting company to hopefully get this spamming stopped.

If you've had guest-book or forum spamming like this, I would strongly urge you to mail the hosting company. Generally, for the Baikal and Umax stuff, it seems to be Everyone's Internet. I'm not saying here that the owner of these sites is spamming but it seems odd that the spam is being referred by the owners sites and is advertising his sites.

At this point, it's hard to say whether the hosting company will help. I've emailed them and had some replies but nothing concrete yet.

I've tried to contact the various sites via the Contact links they have but they are all broken. The web sites being linked are generally very low-quality. Most of the links are dead. Here's an example Baikal Guide. Don't worry, this doesn't have porn or anything on it, just a lot of very bad html.

So far in 3 days, I've had around 100 spam attempts on my guest-book, all thwarted by the protection I put in place. It's crude but at least it stops the Umax adverts.

This discussion has been archived. No new comments can be posted.

Spammers and guestbooks More

Spammers and guestbooks

Comments Filter:
  • Its a sad state of afairs , these spammers have no morals.
    It has come to pass that the only way we can avoid these freaks is constant vigilance and registration coupled with banning hosts and threats of violence(my personal faviourit j/k).
    an old site i used to help admin had a ban list that was absoloutly massive , we ended up having to convert it to C to speed it up(joke).They just keep hamering away even though you make it perfectly clear they are not welcome
    Good luck with getting them in crap from the ho
    • Oh i signed it hee ,
    • hey, thanks for the post on my guestbook. Nice to have a real post for a change ;-)

      Excuse the state of the guestbook. It's hidden from my normal site users, it's just there as a honeypot really. I'm hoping that if I drown the hosting company in evidence, they'll listen.

      Yeah, the banlist approach is a pain. So far, I get away with just having to check for the word 'Umax' since that's the place the spammers keep advertising. It doesn't really affect performance yet.

      I really hope the host do something. I h
    • Oh yeah, there was something I meant to ask you. According to your profile you're a bit of a web designy type. I was wondering, would you have any idea what this page is doing?

      http://dimattic.com/auto.pl [dimattic.com]

      It looks like a script to auto-populate guestbooks to me but I'm not to hot with this kind of thing.

      I think .pl is the extension used for perl files.
      • hehe i shall have a look , although i am a systems admin really i have done some web dev work to pay the bills(php mainly , my perl is sysadmin stuff so this should be fun).
        Hm having a look at it , it apears that this is after server parsing(its converted to html and javascript so this is the end result) so im unable to tell how it does what it does really , my javascript is not great(read :i had that basdarding scripting language)
        It apears to be some sort of random populater ,so i would agree with you the
        • Thanks for your advice there. This link is the referrer that's sending the bulk of the spammers to my guestbook.

          I'm not sure how the system works but the spammers seem to change their IPs and email addresses each time - I think both are being spoofed or they are coming from zombies. The only constant would be the site they are linking to and the referrer.

          Mind you, the comments, as you probably noticed, tend to be very similar. Things like

          "You good site, much good, mail me"

          One good things that comes out
          • haha true , i would just block the domain name and see if that helps
            Perhaps dissalow Http , www , .com . net . org .etc in the name or post , im sure there are plenty of open source scripts for that if your unable to code it.
            Basicaly block any open spam urls , as it does not really matter if it goes to the website bit .
            Sad but true , i do belive they probably are zombie nets .

            Well help you glad i could , Hm training yours ready is not young jedi
        • Hi guys,

          As you suspected, the link is an autopopulator...

          It appears to contain a database of known, easy-to-populate guestbooks/bulletinboards (I saw some phpbb references in some of the scripts)...

          Then it generates two submission forms, and two 1 pixel by 1 pixel iframes, and creates a couple of guestbook entries in the submission forms...

          The javascript submits the forms, and the results are displayed in those tiny iframes...

          My guess from the name of the iframes ("_msn_bot") and the way the thing is s
          • Thanks, you are an absolute star. Thanks, I really appreciate this.

            Just to confirm something though. So, would this script be triggered by people visiting it with particular browsers?

            Normally I use Firefox and just see the code. I just visited it with IE (on Mac OS X), and it actually loaded some kind of form with some auto-submission thing going on.

            Would the idea behind this to be trick people in to visiting the page and so spamming guestbooks and forums?

            With the info you've given me, I feel a lot more
            • So, would this script be triggered by people visiting it with particular browsers?

              Normally I use Firefox and just see the code. I just visited it with IE (on Mac OS X), and it actually loaded some kind of form with some auto-submission thing going on.

              Yes... the script makes no effort to determine the browser, or anything else as far as I can tell... However, users of IE will get the page rendered because IE ignores the servers instruction to treat the page as text/plain, and instead renders it as text/
              • Excellent, this would explain why the spam postings are coming from an incredibly diverse range if IPs.

                Thanks again, this really clears things up for me.

                BTW. Not sure when or why I marked you as a friend. To be honest, I was about to mark you as a friend when you posted the first reply here but noticed I had already marked you.

                I normally mark people as a friend if I had a good discussion with them or if I see some good posts. You must have posted something I liked a while back. For the life of me though
              • I just had a look through some of your old posts. I think this one was probably the decider.

                Woz, Others Ask Apple To Go Easy On Tiger Leak [slashdot.org]

                Unless you count getting GPL'd software via BitTorrent as "download[ing] something of questionable legal status", I'm sure that there are at least a few of us around who have not used P2P in such a manner...

                Some of us do believe in respecting copyright/trademark/patent "property" rights while they exist... even while arguing against them.

                I strongly believe this as

              • I agree totaly after sitting and reviewing it for a while(i had to run off to poland earlyer) i think your totaly right(Ah journals , little fear of being moderated redundant for being nice)(must admit im rather behind on spam tricks these days, has insipired me to get my knowlidge up to date)
              • ;) i just added you for that . Always good to add people who can inspire me to move off my behind and get something done

Slashdot Top Deals

Today is a good day for information-gathering. Read someone else's mail file.

Close