Welcome to Geeklog, Anonymous Tuesday, December 10 2024 @ 01:13 am EST
Geeklog Forums
"Geeklog Spam Project"
Status: offline
ajzz
Forum User
Regular Poster
Registered: 01/19/05
Posts: 113
Hello folks,
Here's a link in my referrers that I happened to click on randomly... just to find a database of about 2400 geeklog sites, over half of which had one login (IngaD84) and password published in clear text. The title of the page was suspicious: "Geeklog Spam Project".
I was able to delete the entry for my server from there by using the delete link... it looks like sites with captcha authentication (like mine) returned a 404 for that particular "project", with no associated login/password.
Although the project seems to be what it claims, it seems almost too open for a serious spam attempt or maybe we have a spam-kiddie at work.
Any thoughts? I have not whoissed the server yet, trust one of us will get down to that.
Ajay
Here's a link in my referrers that I happened to click on randomly... just to find a database of about 2400 geeklog sites, over half of which had one login (IngaD84) and password published in clear text. The title of the page was suspicious: "Geeklog Spam Project".
I was able to delete the entry for my server from there by using the delete link... it looks like sites with captcha authentication (like mine) returned a 404 for that particular "project", with no associated login/password.
Although the project seems to be what it claims, it seems almost too open for a serious spam attempt or maybe we have a spam-kiddie at work.
Any thoughts? I have not whoissed the server yet, trust one of us will get down to that.
Ajay
20
18
Quote
Anti-spammer
Anonymous
Everybody start deleting...
1... 2... 3... GO!
1... 2... 3... GO!
16
18
Quote
Anti-spammer
Anonymous
Domain Name: DAN-ONLINE.BIZ
Domain ID: D9082984-BIZ
Sponsoring Registrar: DIRECT INFORMATION PVT LTD DBA PUBLICDOMAINREGISTRY.COM
Sponsoring Registrar IANA ID: 303
Domain Status: clientTransferProhibited
Registrant ID: DI_1334472
Registrant Name: Denis Popov
Registrant Organization: Denis Popov
Registrant Address1: Lenina str.
Registrant City: Moscow
Registrant Postal Code: 325455
Registrant Country: Russian Federation
Registrant Country Code: RU
Registrant Phone Number: +800.29102393
Registrant Email: Whois Privacy and Spam Prevention by DomainTools.com
Administrative Contact ID: DI_1334472
Administrative Contact Name: Denis Popov
Administrative Contact Organization: Denis Popov
Administrative Contact Address1: Lenina str.
Administrative Contact City: Moscow
Administrative Contact Postal Code: 325455
Administrative Contact Country: Russian Federation
Administrative Contact Country Code: RU
Administrative Contact Phone Number: +800.29102393
Administrative Contact Email: Whois Privacy and Spam Prevention by DomainTools.com
Billing Contact ID: DI_1334472
Billing Contact Name: Denis Popov
Billing Contact Organization: Denis Popov
Billing Contact Address1: Lenina str.
Billing Contact City: Moscow
Billing Contact Postal Code: 325455
Billing Contact Country: Russian Federation
Billing Contact Country Code: RU
Billing Contact Phone Number: +800.29102393
Billing Contact Email: Whois Privacy and Spam Prevention by DomainTools.com
Technical Contact ID: DI_1334472
Technical Contact Name: Denis Popov
Technical Contact Organization: Denis Popov
Technical Contact Address1: Lenina str.
Technical Contact City: Moscow
Technical Contact Postal Code: 325455
Technical Contact Country: Russian Federation
Technical Contact Country Code: RU
Technical Contact Phone Number: +800.29102393
Technical Contact Email:
Domain ID: D9082984-BIZ
Sponsoring Registrar: DIRECT INFORMATION PVT LTD DBA PUBLICDOMAINREGISTRY.COM
Sponsoring Registrar IANA ID: 303
Domain Status: clientTransferProhibited
Registrant ID: DI_1334472
Registrant Name: Denis Popov
Registrant Organization: Denis Popov
Registrant Address1: Lenina str.
Registrant City: Moscow
Registrant Postal Code: 325455
Registrant Country: Russian Federation
Registrant Country Code: RU
Registrant Phone Number: +800.29102393
Registrant Email: Whois Privacy and Spam Prevention by DomainTools.com
Administrative Contact ID: DI_1334472
Administrative Contact Name: Denis Popov
Administrative Contact Organization: Denis Popov
Administrative Contact Address1: Lenina str.
Administrative Contact City: Moscow
Administrative Contact Postal Code: 325455
Administrative Contact Country: Russian Federation
Administrative Contact Country Code: RU
Administrative Contact Phone Number: +800.29102393
Administrative Contact Email: Whois Privacy and Spam Prevention by DomainTools.com
Billing Contact ID: DI_1334472
Billing Contact Name: Denis Popov
Billing Contact Organization: Denis Popov
Billing Contact Address1: Lenina str.
Billing Contact City: Moscow
Billing Contact Postal Code: 325455
Billing Contact Country: Russian Federation
Billing Contact Country Code: RU
Billing Contact Phone Number: +800.29102393
Billing Contact Email: Whois Privacy and Spam Prevention by DomainTools.com
Technical Contact ID: DI_1334472
Technical Contact Name: Denis Popov
Technical Contact Organization: Denis Popov
Technical Contact Address1: Lenina str.
Technical Contact City: Moscow
Technical Contact Postal Code: 325455
Technical Contact Country: Russian Federation
Technical Contact Country Code: RU
Technical Contact Phone Number: +800.29102393
Technical Contact Email:
21
16
Quote
Anti-spammer
Anonymous
Woops! Sorry "Denis Popov", I accidentally wrote and ran a script which is deleting your database as we speak.
Hope you don't have a backup!
Hope you don't have a backup!
21
18
Quote
Status: offline
ajzz
Forum User
Regular Poster
Registered: 01/19/05
Posts: 113
Looks like a robot at the other end. The list is back up to 80 or so as I type.
Edit: after some work with "the google", it seems someone else also reported this recently at geeklog http://lists.geeklog.net/pipermail/geeklog-spam/2006-November.txt
Edit: after some work with "the google", it seems someone else also reported this recently at geeklog http://lists.geeklog.net/pipermail/geeklog-spam/2006-November.txt
18
17
Quote
Anti-spammer
Anonymous
Nah - my script was interrupted... Almost done...
19
20
Quote
ironmax
Anonymous
Quote by Anti-spammer: Nah - my script was interrupted... Almost done...
Looks like you've killed the list...ohhh too bad. Probably wont take him long to change things around though. As of this posting, there is nothing on the list.
If you or anyone else wants to contribute to the antispam project by letting others know of spammers, or anything to do with spam in general, goto my site, login and start posting away.
Michael
18
16
Quote
Anti-spammer
Anonymous
Quote by ironmax: Looks like you've killed the list...ohhh too bad. Probably wont take him long to change things around though.
You're probably right, but at least it felt good.
We've gotta take back the net from these scumbags!
17
13
Quote
Status: offline
ajzz
Forum User
Regular Poster
Registered: 01/19/05
Posts: 113
G%gle search for IngaD84 yields 240+ sites - each one running Geeklog with comment spam. Sample below from fallinggrace.com.
Now we have to find where the Lacys and Suzys of the world are hosted? Perhaps our server logs can tell?
Title Date Author
good article Wednesday, November 08 2006 @ 12:51 AM CST IngaD84
good article Tuesday, November 07 2006 @ 03:24 PM CST IngaD84
good article Friday, September 29 2006 @ 01:40 PM CDT LacyD20
good article Friday, September 29 2006 @ 11:55 AM CDT LacyD20
good article Thursday, September 28 2006 @ 07:30 PM CDT LacyD20
good article Thursday, September 28 2006 @ 07:03 PM CDT LacyD20
good article Thursday, September 28 2006 @ 06:04 PM CDT LacyD20
good article Sunday, September 24 2006 @ 01:42 PM CDT LacyD20
good article Saturday, September 23 2006 @ 03:20 PM CDT LacyD20
good article Monday, August 28 2006 @ 01:33 PM CDT LacyD20
good article Sunday, July 16 2006 @ 02:39 AM CDT LacyD20
good article Monday, July 03 2006 @ 04:24 PM CDT Suzy_1981
good article Monday, July 03 2006 @ 04:18 PM CDT Suzy_1981
good article Monday, July 03 2006 @ 04:10 PM CDT Suzy_1981
good article Friday, June 30 2006 @ 07:29 AM CDT Suzy_1981
good article Sunday, June 25 2006 @ 06:15 AM CDT Suzy_1981
Now we have to find where the Lacys and Suzys of the world are hosted? Perhaps our server logs can tell?
Text Formatted Code
Title Date Author
good article Wednesday, November 08 2006 @ 12:51 AM CST IngaD84
good article Tuesday, November 07 2006 @ 03:24 PM CST IngaD84
good article Friday, September 29 2006 @ 01:40 PM CDT LacyD20
good article Friday, September 29 2006 @ 11:55 AM CDT LacyD20
good article Thursday, September 28 2006 @ 07:30 PM CDT LacyD20
good article Thursday, September 28 2006 @ 07:03 PM CDT LacyD20
good article Thursday, September 28 2006 @ 06:04 PM CDT LacyD20
good article Sunday, September 24 2006 @ 01:42 PM CDT LacyD20
good article Saturday, September 23 2006 @ 03:20 PM CDT LacyD20
good article Monday, August 28 2006 @ 01:33 PM CDT LacyD20
good article Sunday, July 16 2006 @ 02:39 AM CDT LacyD20
good article Monday, July 03 2006 @ 04:24 PM CDT Suzy_1981
good article Monday, July 03 2006 @ 04:18 PM CDT Suzy_1981
good article Monday, July 03 2006 @ 04:10 PM CDT Suzy_1981
good article Friday, June 30 2006 @ 07:29 AM CDT Suzy_1981
good article Sunday, June 25 2006 @ 06:15 AM CDT Suzy_1981
10
15
Quote
ironmax
Anonymous
Quote by Anti-spammer:
You're probably right, but at least it felt good.
We've gotta take back the net from these scumbags!
Quote by ironmax: Looks like you've killed the list...ohhh too bad. Probably wont take him long to change things around though.
You're probably right, but at least it felt good.
We've gotta take back the net from these scumbags!
Looks like ol Dan has made some changes and incorporated an authorization login on his site. So now only the spammer/hackers can login to post the open sites that are easily spammed. Hopefully these site that are compromised will get a clue what he's really doing and fix their scripts.
16
13
Quote
All times are EST. The time is now 01:13 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content