[Dshield] Under attack by bloggers

warwick ackfin warwick7th at gmail.com
Tue Jan 31 12:42:14 GMT 2006

I'm sure you could forward the traffic to an abuse page or something
at Google or Blogspot but I'm not sure there's anything they could do
to stop it short of killing the offending blogs.  Even then the
badguys just stand them back up under a different name.  The source IP
addresses used to spam your phpbb site and my blog are usually forged
so it's all but impossible to track down the actual humans or 0wn3d
machines responsible.

I'm a big fan of Google's search engine(who isn't) but their behavior
as a corporation is really beginning to bug me. This is just another
example.  Perhaps the inmates are now running the asylum...

On 1/31/06, Malcolm Warden <malcolm.warden at virgin.net> wrote:
> I installed some new code to my phpbb last night to catch any attempt to create a new user
> account by a spambot (which, if successful, would then post links back to increase its
> master's site rating with Google etc).
> I was very suprised to catch the first one within seconds!
> The site has been live for years without any spam registrations and I believe that up to now
> the robots have failed visual confirmation and just been dropped silently to the floor.
> The concern is that robots are getting smarter so I needed a second line of defence.
> I am now seeing these things at all too frequent intervals - mostly pointed back to
> blogspot.com. The pages that they link to are meaningless semi-English probably created
> by a robot but with links on to the usual suspects - poker, loans and sex sites.
> Here are a couple of examples:
> http://enprofessionalpokerchips.blogspot.com/
> http://thatcasinoontariowindsor.blogspot.com/
> http://anringtonesprint.blogspot.com/
> It seems odd to me that blogger.com is now owned by Google but clearly being abused on a
> grand scale to distort Google and other searches.
> http://www.blogger.com/about
> I could have some fun with this - a small change in the php to censor any link to blogspot
> that gets through the defences and redirect it to.... The Vatican...   or ...  an abuse page at
> Google or ...
> Anyone have any ideas about the best way to pass this on to blogger.com or Google
> themselves? I could easily automate the whole thing to forward the links by e-mail.
> Any other suggestions on what else to do?
> Malcom Warden
> -- Malcolm Warden
> [P] 01608 685592
> [F] 01608 685595
> [M] 07905 185406
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

Warwick AckFin

Don't tread on me

More information about the list mailing list