Scam Alert And Spam Alert
I have a couple of warnings for you, More Than Traffic and forum spamming.
First the Scam Alert
I have had a couple of subscribers ask my opinion of a service making it’s rounds on the internet. My first rule of thumb applies, if it sounds too good to be true, it probably is.
Before you send any money to More Than Traffic, please read the following forum post and be warned!
http://www.scam.com/showthread.php?t=11412&page=10&pp=40
And now the Spam Alert
New Spam Threat Hits 90,000 Sites – Is Yours Next?
Copyright 2006 Richard Adams
On Tuesday I received 423 emails from an unknown spammer
attacking my site.
On Wednesday I received 789 emails from the same spammer.
Action had to be taken.
The emails were copies of posts to my discussion forum – the typical spammers posts – keyword stuffing, numerous
hyperlinks to junk sites crammed with even more keywords.
It was clear I was being hit by one spammer, with an
automated script, for a number of telltale reasons:
1) Nobody could post 789 posts to a forum in 24 hours
manually
2) All posts were from random .co.za email addresses (South
African domains, but likely false)
3) All posts pointed to very similar spammy sites obviously
made with the same auto-generation software
4) Checking various domains promoted within these posts in
WHOIS showed they were all owned by a certain guy in Paris
I carefully combed my forum for these junk posts but
couldn’t see anything out of the ordinary. So I checked for
posts by .co.za email addresses, or French IPs but couldn’t
see a problem anywhere.
Where were they coming from, and where were the posts?
To help me in my quest I did a search on Google for the
text that began every email which read:
“The following was posted in the on
”
But couldn’t find any links that were any help.
So next I investigated the content of the emails for common
factors and found the following Javascript snippet began
every message body:
“var defDoor”... before launching into other Javascript
elements, followed by the keywords and links.
I wonder…
A quick search on Google and two factors astonished me…
1) Google showed up 92,600 pages with this code on, of
which every one I checked matched the exact spam posts I
was seeing in style and content. So we were dealing with a
professional of some magnitude.
2) They were all on forums, but not the one I used, but
WWWBoard as available from
http://www.scriptarchive.com/wwwboard.html
A quick search with my FTP software through the bowels of
my admittedly large site that has been online for 5 years
or so and has seen more reworkings than Pamela Anderson
showed I had got WWWBoard installed on my site but had
stopped using it years ago in place of my current forum
software.
I had completely forgotten about it, and there were the
hundreds of spam posts sitting there on my server!
Obviously I don’t use the script so instantly deleted it
and the spamming stopped dead overnight but if I’m one of
over 90,000 victims this guy has duped then a little advice
is necessary:
1) Appreciate that there are security flaws to WWWBoard and
you either need to watch your forum very carefully or
consider switching to another script.
2) Don’t leave old scripts sitting around on your server
waiting for spammers to abuse them. Use them, or delete
them.
3) Try to avoid using obvious folders for scripts. Whilst I
didn’t link to my old forum from anywhere on the site, it
was in an obvious folder so a spammer (or a script) could
easily have guessed it.
4) Realise that security threats are very real if you get
reasonable traffic and take steps in advance to minimize
the risk to your own site.
Richard Adams is the founder of
http://www.merchantaccountforum.com , one of the net’s most popular merchant account advice sites.
————————————————-
Happy and safe Marketing,
Lynn
First the Scam Alert
I have had a couple of subscribers ask my opinion of a service making it’s rounds on the internet. My first rule of thumb applies, if it sounds too good to be true, it probably is.
Before you send any money to More Than Traffic, please read the following forum post and be warned!
http://www.scam.com/showthread.php?t=11412&page=10&pp=40
And now the Spam Alert
New Spam Threat Hits 90,000 Sites – Is Yours Next?
Copyright 2006 Richard Adams
On Tuesday I received 423 emails from an unknown spammer
attacking my site.
On Wednesday I received 789 emails from the same spammer.
Action had to be taken.
The emails were copies of posts to my discussion forum – the typical spammers posts – keyword stuffing, numerous
hyperlinks to junk sites crammed with even more keywords.
It was clear I was being hit by one spammer, with an
automated script, for a number of telltale reasons:
1) Nobody could post 789 posts to a forum in 24 hours
manually
2) All posts were from random .co.za email addresses (South
African domains, but likely false)
3) All posts pointed to very similar spammy sites obviously
made with the same auto-generation software
4) Checking various domains promoted within these posts in
WHOIS showed they were all owned by a certain guy in Paris
I carefully combed my forum for these junk posts but
couldn’t see anything out of the ordinary. So I checked for
posts by .co.za email addresses, or French IPs but couldn’t
see a problem anywhere.
Where were they coming from, and where were the posts?
To help me in my quest I did a search on Google for the
text that began every email which read:
“The following was posted in the on
”
But couldn’t find any links that were any help.
So next I investigated the content of the emails for common
factors and found the following Javascript snippet began
every message body:
“var defDoor”... before launching into other Javascript
elements, followed by the keywords and links.
I wonder…
A quick search on Google and two factors astonished me…
1) Google showed up 92,600 pages with this code on, of
which every one I checked matched the exact spam posts I
was seeing in style and content. So we were dealing with a
professional of some magnitude.
2) They were all on forums, but not the one I used, but
WWWBoard as available from
http://www.scriptarchive.com/wwwboard.html
A quick search with my FTP software through the bowels of
my admittedly large site that has been online for 5 years
or so and has seen more reworkings than Pamela Anderson
showed I had got WWWBoard installed on my site but had
stopped using it years ago in place of my current forum
software.
I had completely forgotten about it, and there were the
hundreds of spam posts sitting there on my server!
Obviously I don’t use the script so instantly deleted it
and the spamming stopped dead overnight but if I’m one of
over 90,000 victims this guy has duped then a little advice
is necessary:
1) Appreciate that there are security flaws to WWWBoard and
you either need to watch your forum very carefully or
consider switching to another script.
2) Don’t leave old scripts sitting around on your server
waiting for spammers to abuse them. Use them, or delete
them.
3) Try to avoid using obvious folders for scripts. Whilst I
didn’t link to my old forum from anywhere on the site, it
was in an obvious folder so a spammer (or a script) could
easily have guessed it.
4) Realise that security threats are very real if you get
reasonable traffic and take steps in advance to minimize
the risk to your own site.
Richard Adams is the founder of
http://www.merchantaccountforum.com , one of the net’s most popular merchant account advice sites.
————————————————-
Happy and safe Marketing,
Lynn
posted by Truth Seeker at 1:22 PM
0 Comments:
Post a Comment
<< Home