New Spam Threat Hits 90,000 Sites - Is Yours Next?
4993
Internet > Spam
Mar 1, 2007
Richard Adams
New Spam Threat Hits 90,000 Sites - Is Yours Next?
Copyright 2006 Richard Adams
On Tuesday I received 423 emails from an unknown spammer attacking my site.
On Wednesday I received 789 emails from the same spammer.
Action had to be taken.
The emails were copies of posts to my discussion forum - the typical spammers posts - keyword stuffing, numerous hyperlinks to junk sites crammed with even more keywords.
It was clear I was being hit by one spammer, with an automated script, for a number of telltale reasons:
1) Nobody could post 789 posts to a forum in 24 hours manually
2) All posts were from random .co.za email addresses (South African domains, but likely false)
3) All posts pointed to very similar spammy sites obviously made with the same auto-generation software
4) Checking various domains promoted within these posts in WHOIS showed they were all owned by a certain guy in Paris
I carefully combed my forum for these junk posts but couldn't see anything out of the ordinary. So I checked for posts by .co.za email addresses, or French IPs but couldn't see a problem anywhere.
Where were they coming from, and where were the posts?
To help me in my quest I did a search on Google for the text that began every email which read:
"The following was posted in the on "
But couldn't find any links that were any help.
So next I investigated the content of the emails for common factors and found the following Javascript snippet began every message body:
"var defDoor"... before launching into other Javascript elements, followed by the keywords and links.
I wonder...
A quick search on Google and two factors astonished me...
1) Google showed up 92,600 pages with this code on, of which every one I checked matched the exact spam posts I was seeing in style and content. So we were dealing with a professional of some magnitude.
2) They were all on forums, but not the one I used, but WWWBoard as available from http://www.scriptarchive.com/wwwboard.html
A quick search with my FTP software through the bowels of my admittedly large site that has been online for 5 years or so and has seen more reworkings than Pamela Anderson showed I *had* got WWWBoard installed on my site but had stopped using it years ago in place of my current forum software.
I had completely forgotten about it, and there were the hundreds of spam posts sitting there on my server!
Obviously I don't use the script so instantly deleted it and the spamming stopped dead overnight but if I'm one of over 90,000 victims this guy has duped then a little advice is necessary:
1) Appreciate that there are security flaws to WWWBoard and you either need to watch your forum very carefully or consider switching to another script.
2) Don't leave old scripts sitting around on your server waiting for spammers to abuse them. Use them, or delete them.
3) Try to avoid using obvious folders for scripts. Whilst I didn't link to my old forum from anywhere on the site, it was in an obvious folder so a spammer (or a script) could easily have guessed it.
4) Realise that security threats are very real if you get reasonable traffic and take steps *in advance* to minimize the risk to your own site.
On Tuesday I received 423 emails from an unknown spammer attacking my site.
On Wednesday I received 789 emails from the same spammer.
Action had to be taken.
The emails were copies of posts to my discussion forum - the typical spammers posts - keyword stuffing, numerous hyperlinks to junk sites crammed with even more keywords.
It was clear I was being hit by one spammer, with an automated script, for a number of telltale reasons:
1) Nobody could post 789 posts to a forum in 24 hours manually
2) All posts were from random .co.za email addresses (South African domains, but likely false)
3) All posts pointed to very similar spammy sites obviously made with the same auto-generation software
4) Checking various domains promoted within these posts in WHOIS showed they were all owned by a certain guy in Paris
I carefully combed my forum for these junk posts but couldn't see anything out of the ordinary. So I checked for posts by .co.za email addresses, or French IPs but couldn't see a problem anywhere.
Where were they coming from, and where were the posts?
To help me in my quest I did a search on Google for the text that began every email which read:
"The following was posted in the on "
But couldn't find any links that were any help.
So next I investigated the content of the emails for common factors and found the following Javascript snippet began every message body:
"var defDoor"... before launching into other Javascript elements, followed by the keywords and links.
I wonder...
A quick search on Google and two factors astonished me...
1) Google showed up 92,600 pages with this code on, of which every one I checked matched the exact spam posts I was seeing in style and content. So we were dealing with a professional of some magnitude.
2) They were all on forums, but not the one I used, but WWWBoard as available from http://www.scriptarchive.com/wwwboard.html
A quick search with my FTP software through the bowels of my admittedly large site that has been online for 5 years or so and has seen more reworkings than Pamela Anderson showed I *had* got WWWBoard installed on my site but had stopped using it years ago in place of my current forum software.
I had completely forgotten about it, and there were the hundreds of spam posts sitting there on my server!
Obviously I don't use the script so instantly deleted it and the spamming stopped dead overnight but if I'm one of over 90,000 victims this guy has duped then a little advice is necessary:
1) Appreciate that there are security flaws to WWWBoard and you either need to watch your forum very carefully or consider switching to another script.
2) Don't leave old scripts sitting around on your server waiting for spammers to abuse them. Use them, or delete them.
3) Try to avoid using obvious folders for scripts. Whilst I didn't link to my old forum from anywhere on the site, it was in an obvious folder so a spammer (or a script) could easily have guessed it.
4) Realise that security threats are very real if you get reasonable traffic and take steps *in advance* to minimize the risk to your own site.
Article Source: http://www.articlerich.com
Richard Adams is the founder of www.merchantaccountforum.com , one of the net's most popular merchant account advice sites.
Write a Review
Add to My Favorite
Refer it to Friend
Report Article
Other links owned by this user
Copyright 2006 Richard Adams Search engine optimization (SEO) is probably one of the most consuming, complicated areas of marketing your website, and also the one where the most inaccurate information exists. Often advice
Category:
Copyright 2006 Richard Adams I came across an interesting discussion on a marketing forum recently that I'd like to relay to you now. In it, Adsense marketers were discussing what percentage of their sites are te hat and
Category:
Copyright 2006 Richard Adams On Tuesday I received 423 emails from an unknown spammer attacking my site. On Wednesday I received 789 emails from the same spammer. Action had to be taken. The emails
Category:
Copyrght 2006 Rchard Adams It's a well-known fact that dstrbutng artcles through the varous artcle drectory stes can result n a consderable number of new vstors to your webste as other webmasters lap up your content and add
Category:
Copyright 2006 Richard Adams Every day I receive between 5 and 20 reciprocal link requests. Of those, maybe 2 a week actually t acted upon. And I'm not alone. Every day hundreds of link exchan emails fail to
Category:
Copyright 2006 Richard Adams How many elements are there to building a successful Internet business? - Search engine optimization - Pay per click advertising - Banner advertising - Affiliate marketing
Category:
Other links at Internet > Spam
Many people are focused on building value online by making sites that serve real purposes and help us make the most of our time and our lives, while some are trying to exploit surfers and mine away value away from those who work hard building it into ther
Category:
Seven tips for securing your organization?s network from spam and email uses Providing security against email related threats has become a burden for most IT professionals in 2006. According to a recent study by Postini, spam and email
Category:
Messages that are intended to scam their victims are sent out by the millions around the world. Their favorite targets are the kids or the user that cannot comprehend that what they are reading is a spoof. They either say you have won a million dollar lot
Category:
The most prolific and path breaking innovation of last century had been the developments in the communication field. It literally changed the business working, product marketing, support services and most importantly, the advertisement campaigns.
Category:
Site Sponsor
Directory Statistics
Articles: 68252
Categories: 501
Yahoo Entertainment
