Welcome to Geeklog Saturday, December 04 2021 @ 09:16 pm EST

Geeklog Forums

My first ever Geeklog e-mail spam

Page navigation


Status: offline

LWC

Forum User
Full Member
Registered: 19/02/04
Posts: 818
Got my first 2 spam e-mail messages in Geeklog (v1.4.0sr5-1). The subject was "hello" in both of them. I won't post what they wrote (just a fake human chitchat and then a bunch of links), but here is their info (a long time ago I had the sense to include the following headers in Geeklog's none admin messages):

Message #1:
PHP Formatted Code
X-OS: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
X-Originating-IP: 203-144-144-163.static.asianet.co.th
 [203.144.144.163]


A little more than an hour later, I got message #2:
PHP Formatted Code
X-OS: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
X-Originating-IP: browster.com
 [72.32.59.213]


Is it standard to get this via Geeklog because it never happened to me before? And does the new beta version deal with this further?
 Quote

ironmax

Anonymous
I wouldn't know how your getting them...I run spam-x and it doesn't allow this type of BS thru to the mail section, nor any other. Atleast thats how I have it setup. Without spam-x...yea...I would be getting all kinds of crap.

Michael
 Quote

Status: offline

LWC

Forum User
Full Member
Registered: 19/02/04
Posts: 818
First of all, why would I turn off Spam-X? Of course it's on (per default).

Secondly, how do you define "crap"? A fake human like chitchat? A bunch of links?
 Quote

ironmax

Anonymous
Well for one...I don't allow links in the mail function. Secondly, have a look at this link to confirm what your talking about...I pulled these messages out of my archived mail and posted them. They were sent from my site to my email address by spammer(s).

http://www.spacequad.com/forum/viewtopic.php?showtopic=49&lastpost=true#50

Michael
 Quote

Status: offline

LWC

Forum User
Full Member
Registered: 19/02/04
Posts: 818
It sounds to me you did some manual (and pretty crippling) hack to disable links sent in forms. If so, it's something personal you've done and has nothing to do with the official code of Geeklog and Spam-X, which I've asked about.

Unless you just meant you manually add bad links to Spam-X, which is a pretty Sisyphean task if you ask me.
 Quote

ironmax

Anonymous
Quote by: LWC

It sounds to me you did some manual (and pretty crippling) hack to disable links sent in forms. If so, it's something personal you've done and has nothing to do with the official code of Geeklog and Spam-X, which I've asked about.

Unless you just meant you manually add bad links to Spam-X, which is a pretty Sisyphean task if you ask me.



Ummm....actually...I have not touched the code. Maybe you should get a fresh copy of geeklog without all YOUR hacks into it and see if it works as intended. And NO, I did not manually put links into spam-x for filtering.

 Quote

Status: offline

LWC

Forum User
Full Member
Registered: 19/02/04
Posts: 818
You keep saying if only I didn't change stuff...but I didn't change anything in Spam-X. If you have the beta version and not what I stated above, that's a whole different story.
 Quote

Status: offline

oskay

Forum User
Newbie
Registered: 14/09/06
Posts: 13
I've been getting these as well.

So far as I can see, Spam-X does not block plain-text URLs written in an e-mail message. I tested this by sending myself e-mail through my user page that said "hello! http://www.evilmadscientist.com/" (my own URL!), and it got to me just fine.

So... I imagine that there's no good way to stop this type of e-mail, short of deleting all e-mail that contains a URL, which is not something that I want to do in general.
 Quote

ironmax

Anonymous
Quote by: LWC

You keep saying if only I didn't change stuff...but I didn't change anything in Spam-X. If you have the beta version and not what I stated above, that's a whole different story.



I am currently running the beta, however, nothing had changed from 1.4.0 versions in how it operates. Atleast nothing noticeable from my view point. Did you update your spam-x blacklist? How about perhaps giving bad behavior a run...see if that'll take care of your problem. I've seen alot of entries for the BB and alot of it was nonsense robot hits. Sure I had to play with the settings for a few users that were blocked, but they are coming thru just fine after the tweaks in BB on the whitelist for them. If a user is having issues, they let me know and I fix it for them.

 Quote

ironmax

Anonymous
Quote by: oskay

I've been getting these as well.

So far as I can see, Spam-X does not block plain-text URLs written in an e-mail message. I tested this by sending myself e-mail through my user page that said "hello! http://www.evilmadscientist.com/" (my own URL!), and it got to me just fine.

So... I imagine that there's no good way to stop this type of e-mail, short of deleting all e-mail that contains a URL, which is not something that I want to do in general.




Okay, after reading this. I decided to check my email server after a test to discover the email server was was tossing them in the bit can cuz it thinks its spam. I did not realize this cuz I was getting a error back from spam-x stating that it was spam. So I thought nothing further about it until a second report came up on this issue. So, what is the likelyhood of 2 or more of the same thing happening. I guess I have some more testing to do and figure this out.

 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Emails sent through the contact form are only run through Spam-X as of Geeklog 1.4.1b1.

bye, Dirk
 Quote

Status: offline

LWC

Forum User
Full Member
Registered: 19/02/04
Posts: 818
Thanks, Dirk! See, Ironmax? You could have saved a lot of writing...
 Quote

ironmax

Anonymous
Quote by: LWC

Thanks, Dirk! See, Ironmax? You could have saved a lot of writing...

You know....I didn't have that problem. So how was I to know that a change was made in 141b? So for wasting your time, I apologize, however, all you had to do was change your registration script around a bit and script kiddies would not been able to use it in their own scripts. I also block known IP blocks that cater to spammers, maybe that helps. Here's a link if you want to link to it or atleast put them in your own block list. List of ISPs that cater to Spammers
 Quote

Status: offline

LWC

Forum User
Full Member
Registered: 19/02/04
Posts: 818
Thanks for answering though, I meant wasting your own time, not mine. :wink:
What you said is exactly right - this question was meant for those who do know.
But here we go again - those spammers were not registered users so it has nothing to do with the registration script.
 Quote

Status: offline

LWC

Forum User
Full Member
Registered: 19/02/04
Posts: 818
Hey Dirk, I've upgraded to v1.4.1 and it makes no difference and Spam-X's log shows nothing.

Most subjects are no longer "hello" but "some sites" and contain what should be censored words in their URLs or the words they throw around besides the URLs.

Some recent spammers, well, spammer (same e-mail address in all of them):
PHP Formatted Code
X-OS: Opera/9.0 (Windows NT 5.1; U; en)
X-Originating-IP: 200-138-44-185.ctame705.dsl.brasiltelecom.net.br

X-OS: Opera/9.0 (Windows NT 5.1; U; en)
X-Originating-IP: 201-27-49-217.dsl.telesp.net.br
 [201.27.49.217]

X-OS: Opera/9.0 (Windows NT 5.1; U; en)
X-Originating-IP: c95119ac.virtua.com.br
 [201.81.25.172]
 Quote

Status: offline

LWC

Forum User
Full Member
Registered: 19/02/04
Posts: 818
I can't take it anymore! My forms are bombed with spam! Why does spam keep getting through the forms in v1.4.1?!

A screenshot of a typical spam that gets through Geeklog v1.4.1's forms.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
So, what sort of reply do you expect now?

Emails sent through the contact form are run through Spam-X in 1.4.1. If spam still gets through, then you'll have to adjust Spam-X, i.e. add keywords and URLs from that spam.

Exactly the same as with comment spam ...

bye, Dirk
 Quote

Status: offline

LWC

Forum User
Full Member
Registered: 19/02/04
Posts: 818
I've posted the screenshot in hope other people would be kind enough to try to write (at least part of) the text in their systems and see if it gets through - both in forms and in comments.

Also, what I wonder is how come the same spam doesn't reach my comments? It makes no sense. Why would the spammers choose just e-mail forms? How can they even tell the difference? So I was thinking maybe it's a specific bug in forms/Spam-X, which again leads me to the first request.

But in case there's no problem, I get so many of these things that I wonder how come the SLV database doesn't recognize these links as known spam.
 Quote

ironmax

Anonymous
Your link at the top of this page does not work...

 Quote

Status: offline

LWC

Forum User
Full Member
Registered: 19/02/04
Posts: 818
I gave up on SLV and started adding bad words to my personal list (I know from Spam-X's log that SLV does its job all the time but still I keep getting spam with links it doesn't detect).

So the spammers took another step. They've started writing their spam in the "from" header and profiles.php just uses Spam-X to scan the subject and body...

It doesn't even make sense. The message contains no links or bad words in the body and subject, just a "buy X" in the "from" header. Even if I wanted to buy X, how do I do it...?

Be it as it may, can please you add the "from" header to the scanning in the next version?
 Quote

Page navigation

All times are EST. The time is now 09:16 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content