LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > LinuxQuestions.org > LQ Suggestions & Feedback
User Name
Password
LQ Suggestions & Feedback Do you have a suggestion for this site or an idea that will make the site better? This forum is for you.
PLEASE READ THIS FORUM - Information and status updates will also be posted here.

Notices

Reply
 
Search this Thread
Old 09-08-2011, 04:30 AM   #1
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,294

Rep: Reputation: Disabled

That's not good... the site is vulnerable to spammers. Is the registration process too easy to automate?
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 09-08-2011, 05:07 AM   #2
nigelc
Member
 
Registered: Oct 2004
Location: Sydney, Australia
Distribution: Mageia 4
Posts: 304
Blog Entries: 4

Rep: Reputation: 52
Spam

I have just noticed there is a whole load of spam coming in. Is it all from the same place?

Nigel
 
Old 09-08-2011, 05:07 AM   #3
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
yup.
 
Old 09-08-2011, 06:31 AM   #4
Nylex
LQ Addict
 
Registered: Jul 2003
Location: London, UK
Distribution: Slackware
Posts: 7,464

Rep: Reputation: Disabled
This is insane! I've never seen such a large amount of spam in one day in all my time on LQ :/.
 
Old 09-08-2011, 07:04 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,451
Blog Entries: 54

Rep: Reputation: 2894Reputation: 2894Reputation: 2894Reputation: 2894Reputation: 2894Reputation: 2894Reputation: 2894Reputation: 2894Reputation: 2894Reputation: 2894Reputation: 2894
The're all in 163DATA.COM.CN and CNDATA.COM, basically 222.186.24.0/24, 60.169.73.0/24, 117.41.185.0/24 and 122.226.223.0/24 and all account names are easily recognizable as they all have a seemingly-R/L-like {firstname}{surname} handle.
 
Old 09-08-2011, 07:13 AM   #6
MrCode
Member
 
Registered: Aug 2009
Location: Oregon, USA
Distribution: Arch
Posts: 864
Blog Entries: 31

Rep: Reputation: 148Reputation: 148
I was actually thinking of starting a thread on this in LQ S&F, as I had noticed a bunch of profiles "crawling" LQ /General which all had zero posts and the same birth date (Nov 30). I decided against it because I figured that maybe my sample size wasn't big enough and it could have just been a coincidence. :-\
 
Old 09-08-2011, 07:21 AM   #7
cascade9
Senior Member
 
Registered: Mar 2011
Location: Brisneyland
Distribution: Debian, aptosid
Posts: 3,718

Rep: Reputation: 904Reputation: 904Reputation: 904Reputation: 904Reputation: 904Reputation: 904Reputation: 904Reputation: 904
So much spam that we've probably spammed the mods with spam roports. Sorry mods/amins.

BTW, why is it I never seen 'egg sausage and bacon' spam, its always damned handbags/shoes/clothing?
 
Old 09-08-2011, 07:21 AM   #8
SigTerm
Member
 
Registered: Dec 2009
Distribution: Slackware 12.2
Posts: 379

Rep: Reputation: 233Reputation: 233Reputation: 233
Quote:
Originally Posted by Nylex View Post
This is insane! I've never seen such a large amount of spam in one day in all my time on LQ :/.
"This too shall pass".
 
Old 09-08-2011, 09:23 AM   #9
TheIndependentAquarius
Senior Member
 
Registered: Dec 2008
Posts: 4,622
Blog Entries: 29

Rep: Reputation: 896Reputation: 896Reputation: 896Reputation: 896Reputation: 896Reputation: 896Reputation: 896
The surprising part for me was, that this
spammer didn't include any "hyperlinks"!
He expected us to STFW or he was dumb?
 
Old 09-08-2011, 09:29 AM   #10
the trooper
Senior Member
 
Registered: Jun 2006
Location: England
Distribution: Debian Testing/Unstable Amd64
Posts: 1,476

Rep: Reputation: Disabled
Apologies to the mods from me also.I have reported a number of 'spam-like' posts myself before discovering this thread.
 
Old 09-08-2011, 10:31 AM   #11
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,451
Blog Entries: 54

Rep: Reputation: 2894Reputation: 2894Reputation: 2894Reputation: 2894Reputation: 2894Reputation: 2894Reputation: 2894Reputation: 2894Reputation: 2894Reputation: 2894Reputation: 2894
...at least Jeremy's on the case now. Should see some progress RSN.
 
Old 09-08-2011, 10:37 AM   #12
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,417

Rep: Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628
Quote:
Originally Posted by Alien Bob View Post
That's not good... the site is vulnerable to spammers. Is the registration process too easy to automate?
We have quite a few ant-spam measures in place and effectively block thousands of spam messages a day. This recent attack has been cleaned up and is something completely new from what I can tell. We're looking into how to prevent it moving forward now.

--jeremy
 
Old 09-08-2011, 10:55 AM   #13
dugan
Senior Member
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 4,764

Rep: Reputation: 1466Reputation: 1466Reputation: 1466Reputation: 1466Reputation: 1466Reputation: 1466Reputation: 1466Reputation: 1466Reputation: 1466Reputation: 1466
Quote:
Originally Posted by unSpawn View Post
The're all in 163DATA.COM.CN and CNDATA.COM, basically 222.186.24.0/24, 60.169.73.0/24, 117.41.185.0/24 and 122.226.223.0/24 and all account names are easily recognizable as they all have a seemingly-R/L-like {firstname}{surname} handle.
Really? The spammer (and I'm sure it's one person) didn't bother to have each bot register from a different proxy? I'm shocked.

Also, since most of the spam posts had the same post bodies, programming the forum software to reject those specific strings would have worked temporarily.

Last edited by dugan; 09-08-2011 at 10:59 AM.
 
Old 09-08-2011, 11:16 AM   #14
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,417

Rep: Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628
Just a quick note that we've cleaned things up. This was a new type of attack that our current spam filters (which catch an absolutely huge amount of spam) missed. I'd like to thank the mod team for their diligence and the members for their patience during this attack. Moving forward I think we have this one sorted out, but if you notice anything else odd, please let me know. Also, I do have one request. While we *really* appreciate the reported posts, if members could refrain from actually posting in the threads themselves (be it about the spam or responding to the spammer), we'd really appreciate it. While we have automated ways to remove the posts from the spammers, there's no way for us to automatically remove posts from legitimate members about the spam. Thanks again.

--jeremy
 
Old 09-08-2011, 11:20 AM   #15
Nylex
LQ Addict
 
Registered: Jul 2003
Location: London, UK
Distribution: Slackware
Posts: 7,464

Rep: Reputation: Disabled
Glad that it's sorted out now. One question: is it better to just report a single post from a spammer, rather than every one? I started doing the former when I realised there was a large scale attack, so as not to fill up people's inboxes.
 
  


Reply

Tags
spam


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix spam. someone is using my server to send spam and it's not open relay bob808 Linux - Server 6 03-23-2010 09:44 AM
spam filter that puts spam into spam folder? paul_mat Linux - Software 3 03-31-2009 04:18 AM
Spam Server Tips - Block Spam With Iptables tbeehler Linux - Software 2 08-24-2007 10:54 AM
Postfix, dovecot, spamassassin SPAM to a spam folder breitscott Linux - Server 30 02-17-2007 02:47 PM
procmail and spam -- do not send out of office auto replay to spam draix Linux - Software 0 12-30-2004 08:35 AM


All times are GMT -5. The time now is 11:45 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration