[ic] forum poisoning ?
Mike Heins
mike at perusion.com
Wed May 4 17:48:43 EDT 2005
Quoting Niels Svennekj?r (linux at post10.tele.dk):
> Hi
>
> In some of my shops, someone have started to post all strange of
> references to other url's.
>
> Common for all the forum postings are that
> - they are related to the product
> - the postings are comming from a few seperate IP's
> - the IP's seems to be hacked windows computers.
> - the url they are pointing to seems not to exist (remote host says
> somthing about "account are closed due to abuse")
> - they go directly to the forum/reply.html link
>
> Have other of you seen this ?
> What was your countermeassures ?
I see lots of this "guestbook and forum spam", mostly from rogue hosting
providers like theplanet.com. I have firewalled theplanet from most of
the servers I control.
Another thing I do on many catalogs is have a script in Autoload which
checks the user's IP address against cbl.abuseat.org or sbl-xbl.spamhaus.org
(I posted it here once). That is useful for commerce sites, because many
fraudulent orders come from open proxies.
--
Mike Heins
Perusion -- Expert Interchange Consulting http://www.perusion.com/
phone +1.765.647.1295 tollfree 800-949-1889 <mike at perusion.com>
Being against torture ought to be sort of a bipartisan thing.
-- Karl Lehenbauer
More information about the interchange-users
mailing list