Posted on: 11/12/06 10:45pm
By: ajzz
Hello folks,
Here's a link in my referrers that I happened to click on randomly... just to find a database of about 2400 geeklog sites, over half of which had one login (IngaD84) and password published in clear text. The title of the page was suspicious: "
Geeklog Spam Project[*1] ".
I was able to delete the entry for my server from there by using the delete link... it looks like sites with captcha authentication (like mine) returned a 404 for that particular "project", with no associated login/password.
Although the project seems to be what it claims, it seems almost too open for a serious spam attempt or maybe we have a spam-kiddie at work.
Any thoughts? I have not whoissed the server yet, trust one of us will get down to that.
Ajay
"Geeklog Spam Project"
Posted on: 11/12/06 11:24pm
By: Anonymous (Anti-spammer)
Everybody start deleting...
1... 2... 3... GO!
"Geeklog Spam Project"
Posted on: 11/12/06 11:46pm
By: Anonymous (Anti-spammer)
Domain Name: DAN-ONLINE.BIZ
Domain ID: D9082984-BIZ
Sponsoring Registrar: DIRECT INFORMATION PVT LTD DBA PUBLICDOMAINREGISTRY.COM
Sponsoring Registrar IANA ID: 303
Domain Status: clientTransferProhibited
Registrant ID: DI_1334472
Registrant Name: Denis Popov
Registrant Organization: Denis Popov
Registrant Address1: Lenina str.
Registrant City: Moscow
Registrant Postal Code: 325455
Registrant Country: Russian Federation
Registrant Country Code: RU
Registrant Phone Number: +800.29102393
Registrant Email: Whois Privacy and Spam Prevention by DomainTools.com
Administrative Contact ID: DI_1334472
Administrative Contact Name: Denis Popov
Administrative Contact Organization: Denis Popov
Administrative Contact Address1: Lenina str.
Administrative Contact City: Moscow
Administrative Contact Postal Code: 325455
Administrative Contact Country: Russian Federation
Administrative Contact Country Code: RU
Administrative Contact Phone Number: +800.29102393
Administrative Contact Email: Whois Privacy and Spam Prevention by DomainTools.com
Billing Contact ID: DI_1334472
Billing Contact Name: Denis Popov
Billing Contact Organization: Denis Popov
Billing Contact Address1: Lenina str.
Billing Contact City: Moscow
Billing Contact Postal Code: 325455
Billing Contact Country: Russian Federation
Billing Contact Country Code: RU
Billing Contact Phone Number: +800.29102393
Billing Contact Email: Whois Privacy and Spam Prevention by DomainTools.com
Technical Contact ID: DI_1334472
Technical Contact Name: Denis Popov
Technical Contact Organization: Denis Popov
Technical Contact Address1: Lenina str.
Technical Contact City: Moscow
Technical Contact Postal Code: 325455
Technical Contact Country: Russian Federation
Technical Contact Country Code: RU
Technical Contact Phone Number: +800.29102393
Technical Contact Email:
"Geeklog Spam Project"
Posted on: 11/12/06 11:54pm
By: Anonymous (Anti-spammer)
Woops! Sorry "Denis Popov", I accidentally wrote and ran a script which is deleting your database as we speak.
Hope you don't have a backup!
"Geeklog Spam Project"
Posted on: 11/13/06 12:32am
By: ajzz
"Geeklog Spam Project"
Posted on: 11/13/06 01:02am
By: Anonymous (Anti-spammer)
Nah - my script was interrupted... Almost done...
"Geeklog Spam Project"
Posted on: 11/13/06 02:49am
By: Anonymous (ironmax)
[QUOTE BY= Anti-spammer] Nah - my script was interrupted... Almost done...
[/QUOTE]
Looks like you've killed the list...ohhh too bad. Probably wont take him long to change things around though. As of this posting, there is nothing on the list.
If you or anyone else wants to contribute to the antispam project by letting others know of spammers, or anything to do with spam in general, goto
my site[*3] , login and start posting away.
Michael
"Geeklog Spam Project"
Posted on: 11/13/06 11:36am
By: Anonymous (Anti-spammer)
[QUOTE BY= ironmax] Looks like you've killed the list...ohhh too bad. Probably wont take him long to change things around though.[/QUOTE]
You're probably right, but at least it felt good.
We've gotta take back the net from these scumbags!
"Geeklog Spam Project"
Posted on: 11/13/06 02:19pm
By: ajzz
G%gle search for IngaD84 yields 240+ sites - each one running Geeklog with comment spam. Sample below from fallinggrace.com.
Now we have to find where the Lacys and Suzys of the world are hosted? Perhaps our server logs can tell?
Title Date Author
good article Wednesday, November 08 2006 @ 12:51 AM CST IngaD84
good article Tuesday, November 07 2006 @ 03:24 PM CST IngaD84
good article Friday, September 29 2006 @ 01:40 PM CDT LacyD20
good article Friday, September 29 2006 @ 11:55 AM CDT LacyD20
good article Thursday, September 28 2006 @ 07:30 PM CDT LacyD20
good article Thursday, September 28 2006 @ 07:03 PM CDT LacyD20
good article Thursday, September 28 2006 @ 06:04 PM CDT LacyD20
good article Sunday, September 24 2006 @ 01:42 PM CDT LacyD20
good article Saturday, September 23 2006 @ 03:20 PM CDT LacyD20
good article Monday, August 28 2006 @ 01:33 PM CDT LacyD20
good article Sunday, July 16 2006 @ 02:39 AM CDT LacyD20
good article Monday, July 03 2006 @ 04:24 PM CDT Suzy_1981
good article Monday, July 03 2006 @ 04:18 PM CDT Suzy_1981
good article Monday, July 03 2006 @ 04:10 PM CDT Suzy_1981
good article Friday, June 30 2006 @ 07:29 AM CDT Suzy_1981
good article Sunday, June 25 2006 @ 06:15 AM CDT Suzy_1981
"Geeklog Spam Project"
Posted on: 11/19/06 02:25am
By: Anonymous (ironmax)
[QUOTE BY= Anti-spammer] [QUOTE BY= ironmax] Looks like you've killed the list...ohhh too bad. Probably wont take him long to change things around though.[/QUOTE]
You're probably right, but at least it felt good.
We've gotta take back the net from these scumbags! [/QUOTE]
Looks like ol Dan has made some changes and incorporated an authorization login on his site. So now only the spammer/hackers can login to post the open sites that are easily spammed. Hopefully these site that are compromised will get a clue what he's really doing and fix their scripts.