LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > LinuxQuestions.org > LQ Suggestions & Feedback
User Name
Password
LQ Suggestions & Feedback Do you have a suggestion for this site or an idea that will make the site better? This forum is for you.
PLEASE READ THIS FORUM - Information and status updates will also be posted here.

Notices



Reply
 
Search this Thread
Old 09-08-2011, 05:30 AM   #1
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,396

Rep: Reputation: Disabled

That's not good... the site is vulnerable to spammers. Is the registration process too easy to automate?
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 09-08-2011, 06:07 AM   #2
nigelc
Member
 
Registered: Oct 2004
Location: Sydney, Australia
Distribution: Mageia 4
Posts: 309
Blog Entries: 4

Rep: Reputation: 52
Spam

I have just noticed there is a whole load of spam coming in. Is it all from the same place?

Nigel
 
Old 09-08-2011, 06:07 AM   #3
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
yup.
 
Old 09-08-2011, 07:31 AM   #4
Nylex
LQ Addict
 
Registered: Jul 2003
Location: London, UK
Distribution: Slackware
Posts: 7,464

Rep: Reputation: Disabled
This is insane! I've never seen such a large amount of spam in one day in all my time on LQ :/.
 
Old 09-08-2011, 08:04 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,814
Blog Entries: 54

Rep: Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989
The're all in 163DATA.COM.CN and CNDATA.COM, basically 222.186.24.0/24, 60.169.73.0/24, 117.41.185.0/24 and 122.226.223.0/24 and all account names are easily recognizable as they all have a seemingly-R/L-like {firstname}{surname} handle.
 
Old 09-08-2011, 08:13 AM   #6
MrCode
Member
 
Registered: Aug 2009
Location: Oregon, USA
Distribution: Arch
Posts: 864
Blog Entries: 31

Rep: Reputation: 148Reputation: 148
I was actually thinking of starting a thread on this in LQ S&F, as I had noticed a bunch of profiles "crawling" LQ /General which all had zero posts and the same birth date (Nov 30). I decided against it because I figured that maybe my sample size wasn't big enough and it could have just been a coincidence. :-\
 
Old 09-08-2011, 08:21 AM   #7
cascade9
Senior Member
 
Registered: Mar 2011
Location: Brisneyland
Distribution: Debian, aptosid
Posts: 3,718

Rep: Reputation: 904Reputation: 904Reputation: 904Reputation: 904Reputation: 904Reputation: 904Reputation: 904Reputation: 904
So much spam that we've probably spammed the mods with spam roports. Sorry mods/amins.

BTW, why is it I never seen 'egg sausage and bacon' spam, its always damned handbags/shoes/clothing?
 
Old 09-08-2011, 08:21 AM   #8
SigTerm
Member
 
Registered: Dec 2009
Distribution: Slackware 12.2
Posts: 379

Rep: Reputation: 233Reputation: 233Reputation: 233
Quote:
Originally Posted by Nylex View Post
This is insane! I've never seen such a large amount of spam in one day in all my time on LQ :/.
"This too shall pass".
 
Old 09-08-2011, 10:23 AM   #9
TheIndependentAquarius
Senior Member
 
Registered: Dec 2008
Posts: 4,634
Blog Entries: 29

Rep: Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900Reputation: 900
The surprising part for me was, that this
spammer didn't include any "hyperlinks"!
He expected us to STFW or he was dumb?
 
Old 09-08-2011, 10:29 AM   #10
the trooper
Senior Member
 
Registered: Jun 2006
Location: England
Distribution: Debian Testing/Unstable Amd64
Posts: 1,476

Rep: Reputation: Disabled
Apologies to the mods from me also.I have reported a number of 'spam-like' posts myself before discovering this thread.
 
Old 09-08-2011, 11:31 AM   #11
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,814
Blog Entries: 54

Rep: Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989Reputation: 2989
...at least Jeremy's on the case now. Should see some progress RSN.
 
Old 09-08-2011, 11:37 AM   #12
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,628

Rep: Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658
Quote:
Originally Posted by Alien Bob View Post
That's not good... the site is vulnerable to spammers. Is the registration process too easy to automate?
We have quite a few ant-spam measures in place and effectively block thousands of spam messages a day. This recent attack has been cleaned up and is something completely new from what I can tell. We're looking into how to prevent it moving forward now.

--jeremy
 
Old 09-08-2011, 11:55 AM   #13
dugan
Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 5,006

Rep: Reputation: 1560Reputation: 1560Reputation: 1560Reputation: 1560Reputation: 1560Reputation: 1560Reputation: 1560Reputation: 1560Reputation: 1560Reputation: 1560Reputation: 1560
Quote:
Originally Posted by unSpawn View Post
The're all in 163DATA.COM.CN and CNDATA.COM, basically 222.186.24.0/24, 60.169.73.0/24, 117.41.185.0/24 and 122.226.223.0/24 and all account names are easily recognizable as they all have a seemingly-R/L-like {firstname}{surname} handle.
Really? The spammer (and I'm sure it's one person) didn't bother to have each bot register from a different proxy? I'm shocked.

Also, since most of the spam posts had the same post bodies, programming the forum software to reject those specific strings would have worked temporarily.

Last edited by dugan; 09-08-2011 at 11:59 AM.
 
Old 09-08-2011, 12:16 PM   #14
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,628

Rep: Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658Reputation: 2658
Just a quick note that we've cleaned things up. This was a new type of attack that our current spam filters (which catch an absolutely huge amount of spam) missed. I'd like to thank the mod team for their diligence and the members for their patience during this attack. Moving forward I think we have this one sorted out, but if you notice anything else odd, please let me know. Also, I do have one request. While we *really* appreciate the reported posts, if members could refrain from actually posting in the threads themselves (be it about the spam or responding to the spammer), we'd really appreciate it. While we have automated ways to remove the posts from the spammers, there's no way for us to automatically remove posts from legitimate members about the spam. Thanks again.

--jeremy
 
Old 09-08-2011, 12:20 PM   #15
Nylex
LQ Addict
 
Registered: Jul 2003
Location: London, UK
Distribution: Slackware
Posts: 7,464

Rep: Reputation: Disabled
Glad that it's sorted out now. One question: is it better to just report a single post from a spammer, rather than every one? I started doing the former when I realised there was a large scale attack, so as not to fill up people's inboxes.
 
  


Reply

Tags
spam


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix spam. someone is using my server to send spam and it's not open relay bob808 Linux - Server 6 03-23-2010 10:44 AM
spam filter that puts spam into spam folder? paul_mat Linux - Software 3 03-31-2009 05:18 AM
Spam Server Tips - Block Spam With Iptables tbeehler Linux - Software 2 08-24-2007 11:54 AM
Postfix, dovecot, spamassassin SPAM to a spam folder breitscott Linux - Server 30 02-17-2007 03:47 PM
procmail and spam -- do not send out of office auto replay to spam draix Linux - Software 0 12-30-2004 09:35 AM


All times are GMT -5. The time now is 09:03 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration