Comments on: FBI Spam http://www.timboucher.com/journal/2006/05/18/fbi-spam/ public domain playground. friendly entities welcome. Sun, 22 Nov 2009 19:51:24 +0000 http://wordpress.org/?v=2.7 hourly 1 By: The Evolution of Spam-Consciousness - Pop Occulture http://www.timboucher.com/journal/2006/05/18/fbi-spam/comment-page-1/#comment-16967 The Evolution of Spam-Consciousness - Pop Occulture Thu, 25 May 2006 18:05:04 +0000 http://www.timboucher.com/journal/2006/05/18/fbi-spam/#comment-16967 [...] While we’re on the subject, also check out the spammy blog posts that Garrett recently discovered. Are they written by a real person or a script which is able to simulate natural language? Then we have the enormous spam attacks several of us have been enduring via comments and trackbacks on our WordPress blogs. [...] [...] While we’re on the subject, also check out the spammy blog posts that Garrett recently discovered. Are they written by a real person or a script which is able to simulate natural language? Then we have the enormous spam attacks several of us have been enduring via comments and trackbacks on our WordPress blogs. [...]

]]> By: Tim Boucher http://www.timboucher.com/journal/2006/05/18/fbi-spam/comment-page-1/#comment-15304 Tim Boucher Sat, 20 May 2006 19:41:17 +0000 http://www.timboucher.com/journal/2006/05/18/fbi-spam/#comment-15304 Well, you know you can just turn off comments and trackbacks in WordPress, right? It's really no reason to leave WP. Anyway, with this blog, I'm also really not willing to turn them off because the whole point is the conversational element, really. But this Akismet plugin seems to be getting the job done just fine. Well, you know you can just turn off comments and trackbacks in WordPress, right? It’s really no reason to leave WP. Anyway, with this blog, I’m also really not willing to turn them off because the whole point is the conversational element, really. But this Akismet plugin seems to be getting the job done just fine.

]]> By: Dan http://www.timboucher.com/journal/2006/05/18/fbi-spam/comment-page-1/#comment-14534 Dan Fri, 19 May 2006 19:04:14 +0000 http://www.timboucher.com/journal/2006/05/18/fbi-spam/#comment-14534 I had exactly the same phenteremine attacks for ages. In the end, I found they were mostly coming from a particular subnet range, so I just just blocked that subnet (via .htaccess). I kept getting lots of spam after from other sites though, another reason why I packed in wordpress. That's why I'm now comment free and happy at the moment :) I had exactly the same phenteremine attacks for ages. In the end, I found they were mostly coming from a particular subnet range, so I just just blocked that subnet (via .htaccess). I kept getting lots of spam after from other sites though, another reason why I packed in wordpress. That’s why I’m now comment free and happy at the moment :)

]]> By: Tim Boucher http://www.timboucher.com/journal/2006/05/18/fbi-spam/comment-page-1/#comment-14524 Tim Boucher Fri, 19 May 2006 16:17:05 +0000 http://www.timboucher.com/journal/2006/05/18/fbi-spam/#comment-14524 Uh.... what? So what do I need to do? Uh…. what? So what do I need to do?

]]> By: Thomas Conlon http://www.timboucher.com/journal/2006/05/18/fbi-spam/comment-page-1/#comment-14104 Thomas Conlon Fri, 19 May 2006 08:20:44 +0000 http://www.timboucher.com/journal/2006/05/18/fbi-spam/#comment-14104 Seems like pingbacks are being used to probe your version of wp as there seems to be a recent bug, I would assume buffer overflow as the likely desired effect. xml-rpc call plus malicious code and incorrect user permissions (like if the pingback flooded your buffer and inserted an o/s command to set up a pptp tunnel and environment for a user who can log in remotely because his xml shit was run as administrator or the service account for apache. I would expect a phenteramine company using php probes to want to infiltrate in order to hijack your mail server and send spam. Apparently you can do: "0×0031 (49) Access denied " as a return code so there must be some type of filtering module The bad news is that XMLRPC is plain scary and you may be getting a little probe against your system with each pingback "The payload is in XML, a single structure. The must contain a sub-item, a string, containing the name of the method to be called. The string may only contain identifier characters, upper and lower-case A-Z, the numeric characters, 0-9, underscore, dot, colon and slash. It's entirely up to the server to decide how to interpret the characters in a methodName. " Like how bout i rip on mysql usernames not "mary's blog linked to joe's" or you gotta have perl installed with php right? Lots you can do to the os there, good luck. -tc Seems like pingbacks are being used to probe your version of wp as there seems to be a recent bug, I would assume buffer overflow as the likely desired effect.

xml-rpc call plus malicious code and incorrect user permissions (like if the pingback flooded your buffer and inserted an o/s command to set up a pptp tunnel and environment for a user who can log in remotely because his xml shit was run as administrator or the service account for apache.

I would expect a phenteramine company using php probes to want to infiltrate in order to hijack your mail server and send spam.

Apparently you can do:
“0×0031 (49)
Access denied ” as a return code so there must be some type of filtering module

The bad news is that XMLRPC is plain scary and you may be getting a little probe against your system with each pingback

“The payload is in XML, a single structure.

The must contain a sub-item, a string, containing the name of the method to be called. The string may only contain identifier characters, upper and lower-case A-Z, the numeric characters, 0-9, underscore, dot, colon and slash. It’s entirely up to the server to decide how to interpret the characters in a methodName. ”

Like how bout i rip on mysql usernames not “mary’s blog linked to joe’s”
or you gotta have perl installed with php right? Lots you can do to the os there, good luck.

-tc

]]> By: zacharius http://www.timboucher.com/journal/2006/05/18/fbi-spam/comment-page-1/#comment-14096 zacharius Thu, 18 May 2006 23:30:23 +0000 http://www.timboucher.com/journal/2006/05/18/fbi-spam/#comment-14096 yeah, i already had that. it puts them all into batch moderation. no sweat. hold on... there's a FBI assault team outside my door... FUCK!! yeah, i already had that. it puts them all into batch moderation. no sweat.

hold on…

there’s a FBI assault team outside my door…

FUCK!!

]]> By: Tim Boucher http://www.timboucher.com/journal/2006/05/18/fbi-spam/comment-page-1/#comment-14051 Tim Boucher Thu, 18 May 2006 22:18:23 +0000 http://www.timboucher.com/journal/2006/05/18/fbi-spam/#comment-14051 I've also just installed Akismet so hopefully a lot of these spam problems will be diminished even further: http://akismet.com/faq/ I’ve also just installed Akismet so hopefully a lot of these spam problems will be diminished even further:

http://akismet.com/faq/

]]>