The bad guys get more and more brazen.
Here’s a story about a break-in that culled data on customers who bought stuff on an AT&T website. The bad guys then used that info to collect more info.
Phishing expedition at heart of AT&T hacking
via securityteam
Vnunet thinks this is the wave of the future, when it comes to phishing.
I just got a comment spam from a spammer who uploaded a document to the Member section of a Plone installation.
The redirect didn’t work, but that particular installation had been spammed by several spammers, and I eventually found a redirect that did work.
I notified one of the main Plone developers. They told me they’d discovered the problem and fixed it several days ago. So those with a Plone installation can go get the fix. But I would still use robots.txt, just to avoid sloppy spammers…
What I would do if I had a Plone installation, I’d use robots.txt and make sure the member directories were off limits to search engines. Do that early enough, and the spammers will never bother you. Do it too late, and you still have to clean up every day until they move on. But at least the embarassing stuff the spammers uploaded will fall out of the search engines after a short while, eh?
I was referrer spammed by 71.111.51.172. That’s in Michigan, according to Geobytes.
The point is rather that the Adsense on his scraper sites has a “root site”, that has nothing on it:
tempsubdomain.blogspot.com
That should have kinda tripped an alert when he signed up for the Adsense, eh? Not that it necessarily was empty then, but the name of the blog, now that would have made me a bit wary, were I to OK that account.
And since there are lots of curious people here, I’ll include the spammed for sites:
squishygames.com
goobot.com
careward.com
bluepc.info
They’re on:
74.52.59.2
82.165.194.46
All the domains have whois privacy.
User agent is usually: Mozilla/2.0 (compatible; MSIE 3.01; Windows 98)
But the first access I have for that IP had this user agent: Googlebot/2.1 (+http://www.google.com/bot.html)
And the last access had a seriously mangled script that included HTML code in the get and referrer.
I didn’t get that many visits from the bot, but I found another page that had gotten more than it’s share. It recorded the top referrers and the number of referrers. I’ll redact the subdomains, and include the counts - from the Google cache on 15 Aug 2006 05:55:45 GMT:
(252)
(239)
(188)
(175)
(147)
(134)
(122)
(119)
(98)
(96)
And I found another domain spammed by the same guy: wikicore.com