Posted on: 08/22/06 09:41am
By: aleemkhan
A new spammer seems to be on the loose from the domain mistacronks.com
It seems that there is a robot creating new users.
I just wanted the community to be on guard.
New Spammer on the Noose
Posted on: 08/28/06 09:23pm
By: Anonymous (TechnoHippie)
I've just spent the last week circumventing all the comment spam generated from the bot that tunneled into mistacronks(dot)com and can safely say I've gotten the upper hand ... finally.
Everyone: check your server for c99.php (shell script) and its 2 accessory files (bind and dll). Then check your database for extemporaneous tables and/or entries. Also, ban header requests containing VIA: PROXYWTC.
It's been kinda fun, actually. I haven't had a good challenge like this for a couple of years.
--
Technohippie
New Spammer on the Loose
Posted on: 08/29/06 12:47am
By: Anonymous (Jon)
Can't find c99.php, so I took a different approach:
http://www.geeklog.net/forum/viewtopic.php?showtopic=69489
I'm not a PHP expert, but it's been 100% effective so far.
Jon