Similarities |
|
|
Saturday, August 09 2008 @ 14:45 CEST Contributed by: Dirk |
|
|
Okay, so I can be slow sometimes but I've only noticed today that the spam that I've been getting since last December and the spam trying to infect a visitor's PC with trojans has quite a few similarities. First of all, the form and the destination: Most of that spam comes in as a submission for this site's Links section. It's using "Good site", "Thank you", "Great work", and similar phrases as the title for the link target and then crams the link description full with more links. Okay, so the spambot in question has no idea that Links submissions are working differently from, say, comments here. Other similarities: The spambot always uses "uk" in the HTTP Accept-Language header. Since this is a language header, the "uk" is for the Ukraine, not for the United Kingdom. Which may give us an indication for the source of at least the spambot (not necessarily the spam itself). The other constant is the User-Agent header: It's always |
|
|
Filed under: Bots 1 comments (Post a comment) |
|
Silence, at last |
|
|
Monday, August 04 2008 @ 20:35 CEST Contributed by: Dirk |
|
|
No, I don't mean the silence on this blog - that's just because I'm busy and the spammers are mostly boring ("Viagra"? Trackback spam? You've got to be kidding ...) One spammer, however, who has been hammering this site continuously for the last 8 months has finally fallen silent. Over the last two weeks, I've noticed that his spam attempts only came from a handful of IP addresses. And so I decided to try and shut them down. A big thanks goes to Rob at Blue Connex / BlueSquare Data who has been very helpful here. And then the spammer's last IP address, belonging to giga-hosting.biz, has fallen silent more than 24 hours ago (I didn't get a response from them, though). read more |
|
|
Filed under: Comment Spam 2 comments (Post a comment) |
|
Barack Obama hosting trojans? |
|
|
Saturday, May 17 2008 @ 09:20 CEST Contributed by: Dirk |
|
|
I guess with the right sort of motivation (and a political agenda), you could make a much more interesting headline out of this URL: http://my.barackobama.com/page/community/blog/kiddieporn Yes, that's the official homepage of the presidential candidate for the US democrats, Barack Obama. No, it's not what it says. It's a page that displays what looks like an embedded video and asks you to "Click here to see movie". When you do that, you are redirected to another site that tells you that you need to download a codec to see the video. Of course, that "codec" is a trojan that infects your (Windows) PC. So don't do that ... read more |
|
|
Filed under: Persons 5 comments (Post a comment) |
|
Welcome, .asia |
|
|
Tuesday, May 13 2008 @ 09:20 CEST Contributed by: Dirk |
|
|
It's a bit sad that the first of the new .asia top-level domains that I came across "in the wild" turned up in a spam post today: v3x.asia. And ringtone spam at that, how lame ... |
|
|
Filed under: Comment Spam 1 comments (Post a comment) |
|
Update your WordPress sites! |
|
|
Wednesday, April 30 2008 @ 21:50 CEST Contributed by: Dirk |
|
|
So, every day I see at least one of these spam posts. They all follow the same scheme and they all use hacked WordPress sites of completely unsuspecting people or organisations. And they all redirect to these fake "search engine" sites that so often show up here ... So, if you are running a site on WordPress or know someone who does, please keep it up to date and try to follow the numerous security issues that seem to crop up every other day (either affecting some add-on or WordPress itself). BlogSecurity is a good site to stay up to date. They provide security tips and also a WP Vulnerability Scanner to test your site with. Back to our spammer (and, presumably, WordPress hacker). He always puts a bunch of files into a directory on the hacked site and then links them, one keyword at a time. For example (full URL left out): read more |
|
|
Filed under: Comment Spam 0 comments (Post a comment) |
|