Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 03:50 pm EDT

Geeklog Forums

"Geeklog Spam Project"


Status: offline

ajzz

Forum User
Regular Poster
Registered: 01/19/05
Posts: 113
Hello folks,

Here's a link in my referrers that I happened to click on randomly... just to find a database of about 2400 geeklog sites, over half of which had one login (IngaD84) and password published in clear text. The title of the page was suspicious: "Geeklog Spam Project".

I was able to delete the entry for my server from there by using the delete link... it looks like sites with captcha authentication (like mine) returned a 404 for that particular "project", with no associated login/password.

Although the project seems to be what it claims, it seems almost too open for a serious spam attempt or maybe we have a spam-kiddie at work.

Any thoughts? I have not whoissed the server yet, trust one of us will get down to that.

Ajay
 Quote

Anti-spammer

Anonymous
Everybody start deleting...

1... 2... 3... GO!
 Quote

Anti-spammer

Anonymous
Domain Name: DAN-ONLINE.BIZ
Domain ID: D9082984-BIZ
Sponsoring Registrar: DIRECT INFORMATION PVT LTD DBA PUBLICDOMAINREGISTRY.COM
Sponsoring Registrar IANA ID: 303
Domain Status: clientTransferProhibited
Registrant ID: DI_1334472
Registrant Name: Denis Popov
Registrant Organization: Denis Popov
Registrant Address1: Lenina str.
Registrant City: Moscow
Registrant Postal Code: 325455
Registrant Country: Russian Federation
Registrant Country Code: RU
Registrant Phone Number: +800.29102393
Registrant Email: Whois Privacy and Spam Prevention by DomainTools.com
Administrative Contact ID: DI_1334472
Administrative Contact Name: Denis Popov
Administrative Contact Organization: Denis Popov
Administrative Contact Address1: Lenina str.
Administrative Contact City: Moscow
Administrative Contact Postal Code: 325455
Administrative Contact Country: Russian Federation
Administrative Contact Country Code: RU
Administrative Contact Phone Number: +800.29102393
Administrative Contact Email: Whois Privacy and Spam Prevention by DomainTools.com
Billing Contact ID: DI_1334472
Billing Contact Name: Denis Popov
Billing Contact Organization: Denis Popov
Billing Contact Address1: Lenina str.
Billing Contact City: Moscow
Billing Contact Postal Code: 325455
Billing Contact Country: Russian Federation
Billing Contact Country Code: RU
Billing Contact Phone Number: +800.29102393
Billing Contact Email: Whois Privacy and Spam Prevention by DomainTools.com
Technical Contact ID: DI_1334472
Technical Contact Name: Denis Popov
Technical Contact Organization: Denis Popov
Technical Contact Address1: Lenina str.
Technical Contact City: Moscow
Technical Contact Postal Code: 325455
Technical Contact Country: Russian Federation
Technical Contact Country Code: RU
Technical Contact Phone Number: +800.29102393
Technical Contact Email:
 Quote

Anti-spammer

Anonymous
Woops! Sorry "Denis Popov", I accidentally wrote and ran a script which is deleting your database as we speak. Shocked

Hope you don't have a backup! Laughing
 Quote

Status: offline

ajzz

Forum User
Regular Poster
Registered: 01/19/05
Posts: 113
Looks like a robot at the other end. The list is back up to 80 or so as I type.

Edit: after some work with "the google", it seems someone else also reported this recently at geeklog http://lists.geeklog.net/pipermail/geeklog-spam/2006-November.txt
 Quote

Anti-spammer

Anonymous
Nah - my script was interrupted... Almost done...

Cool
 Quote

ironmax

Anonymous
Quote by Anti-spammer: Nah - my script was interrupted... Almost done...

Cool


Looks like you've killed the list...ohhh too bad. Probably wont take him long to change things around though. As of this posting, there is nothing on the list.

If you or anyone else wants to contribute to the antispam project by letting others know of spammers, or anything to do with spam in general, goto my site, login and start posting away.

Michael
 Quote

Anti-spammer

Anonymous
Quote by ironmax: Looks like you've killed the list...ohhh too bad. Probably wont take him long to change things around though.


You're probably right, but at least it felt good. Laughing

We've gotta take back the net from these scumbags! Evil or Very Mad
 Quote

Status: offline

ajzz

Forum User
Regular Poster
Registered: 01/19/05
Posts: 113
G%gle search for IngaD84 yields 240+ sites - each one running Geeklog with comment spam. Sample below from fallinggrace.com.

Now we have to find where the Lacys and Suzys of the world are hosted? Rolling Eyes Perhaps our server logs can tell?

Text Formatted Code


Title                 Date                           Author
good article    Wednesday, November 08 2006 @ 12:51 AM CST      IngaD84
good article    Tuesday, November 07 2006 @ 03:24 PM CST        IngaD84
good article    Friday, September 29 2006 @ 01:40 PM CDT        LacyD20
good article    Friday, September 29 2006 @ 11:55 AM CDT        LacyD20
good article    Thursday, September 28 2006 @ 07:30 PM CDT      LacyD20
good article    Thursday, September 28 2006 @ 07:03 PM CDT      LacyD20
good article    Thursday, September 28 2006 @ 06:04 PM CDT      LacyD20
good article    Sunday, September 24 2006 @ 01:42 PM CDT        LacyD20
good article    Saturday, September 23 2006 @ 03:20 PM CDT      LacyD20
good article    Monday, August 28 2006 @ 01:33 PM CDT   LacyD20
good article    Sunday, July 16 2006 @ 02:39 AM CDT     LacyD20
good article    Monday, July 03 2006 @ 04:24 PM CDT     Suzy_1981
good article    Monday, July 03 2006 @ 04:18 PM CDT     Suzy_1981
good article    Monday, July 03 2006 @ 04:10 PM CDT     Suzy_1981
good article    Friday, June 30 2006 @ 07:29 AM CDT     Suzy_1981
good article    Sunday, June 25 2006 @ 06:15 AM CDT     Suzy_1981
 
 Quote

ironmax

Anonymous
Quote by Anti-spammer:
Quote by ironmax: Looks like you've killed the list...ohhh too bad. Probably wont take him long to change things around though.


You're probably right, but at least it felt good. Laughing

We've gotta take back the net from these scumbags! Evil or Very Mad


Looks like ol Dan has made some changes and incorporated an authorization login on his site. So now only the spammer/hackers can login to post the open sites that are easily spammed. Hopefully these site that are compromised will get a clue what he's really doing and fix their scripts.


 Quote

All times are EDT. The time is now 03:50 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content