[Dshield] Under attack by bloggers

Chris Wright dshield at yaps4u.net
Tue Jan 31 13:28:26 GMT 2006

I had to post this

Having just had my invitation to mix06 (www.mix06.com) which is Microsofts
vision of Web 2.0 with various keynote speaches for Gates and Co, I though
I'd have a quick look at the web site which has only been up for days if not

They done the site by way of a blog format, using a bloggin app:

Look at this page about the on stage meeting between Gates and Tim O'Reilly.


Notice the page format/layout is all cocked up? Why? Because it's been
Spammed to death already.
Look down the page and you'll see they've found it already.

Comment Spam, Trackback Spam and phpBB spam are my main biggest pet hates at
the moment and I feel like I am at war with them. (So far I am winning, on
the 100+ sites I look after, but it was taking a lot of time a few months

(They should have named their comment submission page to
windowsis100percentsafe.aspx and no one would have found it ;)  



> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Malcolm Warden
> Sent: 31 January 2006 11:03
> To: list at lists.dshield.org
> Subject: [Dshield] Under attack by bloggers
> I installed some new code to my phpbb last night to catch any 
> attempt to create a new user account by a spambot (which, if 
> successful, would then post links back to increase its 
> master's site rating with Google etc).
> I was very suprised to catch the first one within seconds!
> The site has been live for years without any spam 
> registrations and I believe that up to now the robots have 
> failed visual confirmation and just been dropped silently to 
> the floor.
> The concern is that robots are getting smarter so I needed a 
> second line of defence.
> I am now seeing these things at all too frequent intervals - 
> mostly pointed back to blogspot.com. The pages that they link 
> to are meaningless semi-English probably created by a robot 
> but with links on to the usual suspects - poker, loans and sex sites.
> Here are a couple of examples:
> http://enprofessionalpokerchips.blogspot.com/
> http://thatcasinoontariowindsor.blogspot.com/
> http://anringtonesprint.blogspot.com/
> It seems odd to me that blogger.com is now owned by Google 
> but clearly being abused on a grand scale to distort Google 
> and other searches.
> http://www.blogger.com/about
> I could have some fun with this - a small change in the php 
> to censor any link to blogspot 
> that gets through the defences and redirect it to.... The 
> Vatican...   or ...  an abuse page at 
> Google or ...
> Anyone have any ideas about the best way to pass this on to 
> blogger.com or Google themselves? I could easily automate the 
> whole thing to forward the links by e-mail.
> Any other suggestions on what else to do?
> Malcom Warden
> -- Malcolm Warden
> [P] 01608 685592
> [F] 01608 685595
> [M] 07905 185406
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of 
> your own couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> _______________________________________________
> send all posts to list at lists.dshield.org To change your 
> subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list