New Spam Threat Hits 90,000 Sites - Is Yours Next? Get the Trellian Seo Toolkit
Self SEO Store  
SEO forum
Website templates  
Flash templates  
Articles archive
Submit your article

Register
Login

Search
XML news feeds
Free RSS news reader
Contact
Advertising  

Best hosting reviews.
Free Internet & IT Magazines.


AddThis Feed Button

Buy website traffic

25 Investing PLR articles with Master Resell Rigths

This package includes 25 high quality budgeting & investing articles with Private Label rights and Master Resell Rights

Only $4.95


Alexa Rank Checker
Check Google Pagerank
Domain Typo Generator  
Google Pagerank Prediction
Google ban check  
Link Popularity Checker
Keyword Suggestion Tool
Keyword Misspelling  
Search engine ranking report
Number of pages indexed

Find IP address of a website
Find host by IP
HTTP Headers Check
International WHOIS
IP to country
Ping test
Server Status Check
What is my IP ?
Your browser details  

HTML Optimizer
HTML Source Viewer
Link Extractor
Search engine spider simulator
Meta tags Generator
Meta tags Extractor
Website speed test

Coming soon ...

Get your text ad here and attract the attention of our higly targeted audience of web professionals!

Your text ad here ?
Only $10 per month

Affiliate Marketing
Anti Spam
Blogging
Copywriting
Domain Names
Ebay Tips and Tricks
E-Books
E Commerce
Email Marketing
Google Adsense
Hardware
Internet
Internet Connections
Internet Marketing
Internet Security
Link Popularity
Newsletters
Online Promotion
Personal Tech
Podcasting
Pay Per Click
RSS
Search Engine Optimization
Search Engines
Software
Streaming Media
Traffic Building and Analysis
VoIP
Web Hosting
Web Design
Web Development
Webmaster Tips

New Spam Threat Hits 90,000 Sites - Is Yours Next?

Posted by Richard Adams on: 2006-04-28 16:50:33
Self SEO > Anti Spam Articles


On Tuesday I received 423 emails from an unknown spammer attacking my site.


On Wednesday I received 789 emails from the same spammer.

Action had to be taken.

The emails were copies of posts to my discussion forum - the typical spammers posts - keyword stuffing, numerous hyperlinks to junk sites crammed with even more keywords.

It was clear I was being hit by one spammer, with an automated script, for a number of telltale reasons:

1) Nobody could post 789 posts to a forum in 24 hours manually

2) All posts were from random .co.za email addresses (South African domains, but likely false)

3) All posts pointed to very similar spammy sites obviously made with the same auto-generation software

4) Checking various domains promoted within these posts in WHOIS showed they were all owned by a certain guy in Paris

I carefully combed my forum for these junk posts but couldn't see anything out of the ordinary. So I checked for posts by .co.za email addresses, or French IPs but couldn't see a problem anywhere.

Where were they coming from, and where were the posts?

To help me in my quest I did a search on Google for the text that began every email which read:

"The following was posted in the on

But couldn't find any links that were any help.

So next I investigated the content of the emails for common factors and found the following Javascript snippet began every message body:

"var defDoor"... before launching into other Javascript elements, followed by the keywords and links.

I wonder...

A quick search on Google and two factors astonished me...

1) Google showed up 92,600 pages with this code on, of which every one I checked matched the exact spam posts I was seeing in style and content. So we were dealing with a professional of some magnitude.

2) They were all on forums, but not the one I used, but WWWBoard as available from http://www.scriptarchive.com/wwwboard.html

A quick search with my FTP software through the bowels of my admittedly large site that has been online for 5 years or so and has seen more reworkings than Pamela Anderson showed I *had* got WWWBoard installed on my site but had stopped using it years ago in place of my current forum software.

I had completely forgotten about it, and there were the hundreds of spam posts sitting there on my server!

Obviously I don't use the script so instantly deleted it and the spamming stopped dead overnight but if I'm one of over 90,000 victims this guy has duped then a little advice is necessary:

1) Appreciate that there are security flaws to WWWBoard and you either need to watch your forum very carefully or consider switching to another script.

2) Don't leave old scripts sitting around on your server waiting for spammers to abuse them. Use them, or delete them.

3) Try to avoid using obvious folders for scripts. Whilst I didn't link to my old forum from anywhere on the site, it was in an obvious folder so a spammer (or a script) could easily have guessed it.

4) Realise that security threats are very real if you get reasonable traffic and take steps *in advance* to minimize the risk to your own site.

Copyright 2006 Richard Adams

=======================================================
Richard Adams is the founder of http://www.merchantaccountforum.com , one of the net's most popular merchant account advice sites.
=======================================================





Print this article    Tell a friend


Post New Comment

This site does not allow anonymous comments. Registered members can login to participate. Registration is free and takes only a few seconds


Powered by Esselbach Storyteller CMS System Version 1.7-Free