Comments on: The upload spammer

by: Paul Strauss

Sun, 01 Oct 2006 21:02:07 +0000

Our company provides free website hosting using our own proprietary site design toos, and we recently added a file storage tool to the site. We wrote a pretty sophisticated anti-phishing application that prevents uploads of about 95% of phishing scam pages, but we’ve been running into a recent problem with these redirect/blogspam combos where the perpitrator uploads a deeply obfuscated javascript redirect to a spam site, then blogspams thousands of other peoples insecure blogs with links to our urls where their redirect pages are hosted.

Anyone out there have suggestions of ways we could prevent/detect such junk? Our Terms of Service explicitly prevent such sites (as well as spyware, malware, gambling, viruses, etc.) and we’re trying to do everything we can to keep our hosting environment clean and usable for legitimate sites.

by: Marcelino Martins

Tue, 22 Aug 2006 21:39:27 +0000

Dear huntress. Thank you for contacting me about the FreeASPUpload and thank you for a great article.

I followed your advice and added some text to my site to warn web masters about the pitfalls of adding upload scripts to their sites. Please find it under the “Considerations about deployment” here:
http://www.freeaspupload.net/freeaspupload/documentation.asp

Best of luck hunting spammers,
Marcelino Martins

by: Manni

Wed, 09 Aug 2006 16:26:37 +0000

I’ve been noticing increased amounts of spam for stuff like that in the recent weeks. SnipSnap seems to be popular. But the favorite crappy piece of software for your website seems to be “WebBBS”. This master piece seems to accept just any input and will happily give you js redirects.

Seems like two of the spamvertised sites I’ve seen today running WebBBS get some 100-200 posts per day, all of it spam, of course.

by: Joe

Mon, 07 Aug 2006 01:53:33 +0000

Not having the spam on your site show up in search engines certainly makes sense. I was just presuming that was a suggestion to prevent the spam. Even if he can’t search for upload scripts, just finding a site running software that might allow uploads would be enough to try it.

For now this guy may be trying to stay under the radar, but soon all spammers will be doing it and keeping an upload script on your site will just be asking for upload spam.

by: admin

Sun, 06 Aug 2006 21:29:09 +0000

To Joe:
Spammers generally find their targets through search engines. We know that for a fact. So they’ll find the upload scripts through search engines as well. The uploaded files are generally in another location than the upload script. It’s quite possible the spammer won’t check for robots.txt. But if the upload directory won’t ever be indexed, then his work will be nearly for nothing. The only thing he can hope for are people following his comment spams.

So far it looks like he’s limiting his uploads to one burst per site. Possibly one burst per month.

In other words, this isn’t like comment spamming, where the spam is coming every day. With upload spamming, his best bet is to stay under the annoyance level. If his spam isn’t detected, it gets to stay. So he’ll throttle it back in order to not be detected.

The robots.txt suggestion was for those who desperately want to keep their upload scripts, yet not embarass themselves in search engines…

Makes sense, right?

by: Joe

Sun, 06 Aug 2006 21:02:58 +0000

I don’t think a robots.txt ban on crawling upload directories will make any difference. Spammers don’t care to check robots.txt to see if the spam they leave will ever be indexed.