Tags related to tag spam
Tuesday, January 31. 2006
I fucking HATE trackback spam. Spammers are doing to trackbacks what they did to Usenet and are doing to email: making a perfectly good service absolutely unusable because, in a nutshell, they fucking suck.
Well that is what it is supposed to do.
These assholes screwed up. They assumed that the server is running PHP (it's not).
Boy, wouldn't it suck if someone put up some arguments to wget and cURL to fill up their referer logging mechanism full of junk?
Man. That would SUCK.
I hope no-one does that.
wget --post-data="ref=http://StopSpammingBlogs.com/TrackBackSpamSux" \ --referer=http://stop.spamming.blogs.org/StopTrackBackSpammingBlogs \ --spider http://www.best-pokerrooms.com/ curl --form ref=http://StopSpammingBlogs.com/TrackBackSpamSux" \ --referer http://stop.spamming.blogs.org/StopTrackBackSpammingBlogs \ --request POST http://www.best-pokerrooms.com/ >/dev/null
Randomize the urls to be, well, whatever you like really. Just keep the www.best-pokerrooms.com url the same.
Update: Metacharacters are your friend... Certainly don't do this... lots.
Update 2: User agent selection is also good. No-one should ever do this, because it would be oh-so-terrible if it was harder for trackback spammers to scrub their referer logs.
Update 3: Now I am the dumbass, it appears that --spider in wget only performs a HEAD request, not a POST. So I fixed the wget command.
wget --post-data="ref=http://`pwgen 50 1`.com" \ --referer=http://`pwgen 50 1`.com \ --user-agent=`pwgen 50 1` \ --output-document=/dev/null http://www.best-pokerrooms.com/ curl --form ref=http://`pwgen 50 1`.com \ --referer http://`pwgen 50 1`.com \ --user-agent `pwgen 50 1` --request POST http://www.best-pokerrooms.com/ >/dev/null
Wednesday, September 14. 2005
I'm getting trackback spammed up the wazoo. I've turned on moderation. SO FUCK YOU.
Thursday, May 19. 2005
If you were to go to any subdomain from pain-bdsm-torture.com, you'll get a "500 Internal Server Error" page. Or what appears to be one.
In fact, these fucknozzles are trying use me in a The Google 302 exploit. See, while visiting that page it says its sending a HTTP 500 error, it is instead sending a 302, which is part of this exploit. I am kinda hazy on the details of how it works, but essentially they are trying to thieve pagerank.
- write out the 500 Internal Server Error Page instead of the real one that search engines will crawl
var SE_query = "female+nazi+torture";
var SE_referer = "referrer url, i.e. the entry with the trackback";
I've gone for strictly moderated comments and trackbacks now, no way are they going to use my site to fuck with shit.
Friday, May 13. 2005
I'd really rather write part III of my series on DIY Electrical Play. But I got another piece of trackback spam (see my original entry here). So here is more information about these fucknozzles.
This time the trackback was apparently from areaofmusic.net. Which is a redirect to allhqmusic.com. Still no search results for 'jonnay', so this is definitely not legit. Again, here is the address in my apache log:
188.8.131.52 - - [13/May/2005:10:44:48 -0600] "POST /comment.php?type=trackback&entry_id=435 HTTP/1.0" 200 87 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" "-"
And of course, the whois entries point straight back to Azazar and Partners. Here is the whois fragment of areaofmusic.net:
Administrative Contact: OsOO Extratuz Azazar Kikabitze (email@example.com) ul. Lenina d. 21 kv. 5 Bishkek Chuyskaya Oblast,720000 KG Tel. +996.912112233
as the spamhuntress mentions, the first IP address is apparently located in Malaysia. The second one is Brazil. My money is that the IP's are either anonymous proxies, or zombies.
the hqhost connection is there again. Again, it might just be a case of just being the hosting providers. So the question is, is it an innocent business? Or are they giving aid and comfort to the enemy?
I thought I'd give you (friends, family, fellow geeks) the real story, human to human, on why you should (or shouldn't) use the new Yahoo! Music Engine.Except, that it reads like marketing fluff. It is by all means possible that he is just excited about a new product launch. And he does have quite the reputation, in fact, he can't stop talking about it...
FWIW, my name is Ian Rogers. I used to work with Beastie Boys, for their record label Grand Royal, at Nullsoft (where Justin and Tom made Winamp, SHOUTcast, and Gnutella), and most recently had a very small company called Mediacode with my main man Rob Lord (who started IUMA and brought Nullsoft up with Justin).We sold Mediacode to Yahoo! in Dec 2003 and Y! has had us in a cave ever since building the Yahoo! Music Engine and some other stuff we can't tell you about yet.Right okay okay okay. You're beating me over the head with your Old School Hip Street Credibility. The rest of it is basically market-droid-speak.
But down to the reason you're reading this. I'm asking you to ditch Windows Media Player (aka WiMP, sorry John, Mark), Winamp (pour out a little liquor), iTunes (sorry Chris and Steve G), MusicMatch (apologies to my new brothers and sisters), Rhapsody (you were my first for-pay love, ya tramp), and Napster (THROW ANOTHER STACK OF BENJAMINS ON THE FIRE!), and use Yahoo! Music Engine instead. (If you're using Foobar2000, keep on, brother man, I ain't going to war with y'all purists.)
This blog entry seems to be nothing but advertising. Maybe there is nothing wrong with that, but it does leave a bad taste in my mouth. It's like hearing about people who are paid to loudly discuss a product or people paid to pump up a product in chat rooms and web forums.
Maybe I'll sort out my thoughts about this later. But for now.. Ugh. Time for the mouthwash.
Thursday, May 12. 2005
More trackback spam is coming my way. Thanks to the good folks at mp3se. They seem to be somewhat related to hqhost.net, which The Spam Huntress has had some dealings with. I am not quick to blame hqhost.net, they might just be a semi shady company providing anonymous proxies to spammers and not the actual spammers.
Doing a quick search on mp3se, it seems like they don't actually link to any of my music, so why would they trackback an entry, except for 'Search Engine Optimization'? Stupid fucks.
Here is the whois record for mp3se.com:
Domain Name: MP3SE.COM Registrant: Azazar & Partners Mikhail V Yevchenko (firstname.lastname@example.org) PO Box 2723 Chelyabinsk ,454014 RU Tel. +7.9222316240 Creation Date: 12-Dec-2004 Expiration Date: 12-Dec-2005 Domain servers in listed order: 41730.mercury.orderbox-dns.com 41730.venus.orderbox-dns.com 41730.earth.orderbox-dns.com 41730.mars.orderbox-dns.com Administrative Contact: Azazar & Partners Mikhail V Yevchenko (email@example.com) PO Box 2723 Chelyabinsk ,454014 RU Tel. +7.9222316240 Technical Contact: Azazar & Partners Mikhail V Yevchenko (firstname.lastname@example.org) PO Box 2723 Chelyabinsk ,454014 RU Tel. +7.9222316240 Billing Contact: Azazar & Partners Mikhail V Yevchenko (email@example.com) PO Box 2723 Chelyabinsk ,454014 RU Tel. +7.9222316240
Googling Azazar & Partners, and Mikhail V Yevchenko comes up with almost nothing in the way of results. I've added 'mp3se.com' to the global referrer blacklist. Usually I just let the spam-catch plugin deal with trackback spam, because the other trackback spammers always try and trackback older entries. So when I see them come in I can blissfully let them linger in 'un-moderated' land. These guys trackback fresh entries, which are automagickally approved. I might have to change that. For now the referrer blocking works fine.
Here is their signature on my apache log in case that helps out any other sleuths:
184.108.40.206 - - [12/May/2005:12:18:01 -0600] "POST /comment.php?type=trackback&entry_id=435 HTTP/1.1" 200 99 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" "-"
Thursday, April 28. 2005