Geeklog Forums

Hello folks,

Here's a link in my referrers that I happened to click on randomly... just to find a database of about 2400 geeklog sites, over half of which had one login (IngaD84) and password published in clear text. The title of the page was suspicious: "Geeklog Spam Project".

I was able to delete the entry for my server from there by using the delete link... it looks like sites with captcha authentication (like mine) returned a 404 for that particular "project", with no associated login/password.

Although the project seems to be what it claims, it seems almost too open for a serious spam attempt or maybe we have a spam-kiddie at work.

Any thoughts? I have not whoissed the server yet, trust one of us will get down to that.

Ajay

Everybody start deleting...

1... 2... 3... GO!

Domain Name: DAN-ONLINE.BIZ
Domain ID: D9082984-BIZ
Sponsoring Registrar: DIRECT INFORMATION PVT LTD DBA PUBLICDOMAINREGISTRY.COM
Sponsoring Registrar IANA ID: 303
Domain Status: clientTransferProhibited
Registrant ID: DI_1334472
Registrant Name: Denis Popov
Registrant Organization: Denis Popov
Registrant Address1: Lenina str.
Registrant City: Moscow
Registrant Postal Code: 325455
Registrant Country: Russian Federation
Registrant Country Code: RU
Registrant Phone Number: +800.29102393
Registrant Email: Whois Privacy and Spam Prevention by DomainTools.com
Administrative Contact ID: DI_1334472
Administrative Contact Name: Denis Popov
Administrative Contact Organization: Denis Popov
Administrative Contact Address1: Lenina str.
Administrative Contact City: Moscow
Administrative Contact Postal Code: 325455
Administrative Contact Country: Russian Federation
Administrative Contact Country Code: RU
Administrative Contact Phone Number: +800.29102393
Administrative Contact Email: Whois Privacy and Spam Prevention by DomainTools.com
Billing Contact ID: DI_1334472
Billing Contact Name: Denis Popov
Billing Contact Organization: Denis Popov
Billing Contact Address1: Lenina str.
Billing Contact City: Moscow
Billing Contact Postal Code: 325455
Billing Contact Country: Russian Federation
Billing Contact Country Code: RU
Billing Contact Phone Number: +800.29102393
Billing Contact Email: Whois Privacy and Spam Prevention by DomainTools.com
Technical Contact ID: DI_1334472
Technical Contact Name: Denis Popov
Technical Contact Organization: Denis Popov
Technical Contact Address1: Lenina str.
Technical Contact City: Moscow
Technical Contact Postal Code: 325455
Technical Contact Country: Russian Federation
Technical Contact Country Code: RU
Technical Contact Phone Number: +800.29102393
Technical Contact Email:

Woops! Sorry "Denis Popov", I accidentally wrote and ran a script which is deleting your database as we speak.

Hope you don't have a backup!

Looks like a robot at the other end. The list is back up to 80 or so as I type.

Edit: after some work with "the google", it seems someone else also reported this recently at geeklog http://lists.geeklog.net/pipermail/geeklog-spam/2006-November.txt

Nah - my script was interrupted... Almost done...

Looks like you've killed the list...ohhh too bad. Probably wont take him long to change things around though. As of this posting, there is nothing on the list.

If you or anyone else wants to contribute to the antispam project by letting others know of spammers, or anything to do with spam in general, goto my site, login and start posting away.

Michael

You're probably right, but at least it felt good.

We've gotta take back the net from these scumbags!

G%gle search for IngaD84 yields 240+ sites - each one running Geeklog with comment spam. Sample below from fallinggrace.com.

Now we have to find where the Lacys and Suzys of the world are hosted? Perhaps our server logs can tell?

Looks like ol Dan has made some changes and incorporated an authorization login on his site. So now only the spammer/hackers can login to post the open sites that are easily spammed. Hopefully these site that are compromised will get a clue what he's really doing and fix their scripts.