Reporting spam

Website · Post by **DaddyHoggy** » Mon Feb 02, 2009 11:17 pm

Solas wrote:
I was using Google to search aegidian.org as results point to page,
and came accross a jsp that looked out of place, Google lists 240+
http//www.google.com/search?num=40&hl=en&q=js ... lr=lang_en

another thing ..
http//www.phpbb.com/index.php itself is down. ( vulnerability in an outdated PHPList )
http//community.mybboard.net/thread-44513.html advises on this.

hope this helps

Solas

JensAyton · Post by **JensAyton** » Tue Feb 03, 2009 4:15 pm

DaddyHoggy wrote:
Solas wrote:
I was using Google to search aegidian.org as results point to page,
and came accross a jsp that looked out of place, Google lists 240+
http//www.google.com/search?num=40&hl=en&q=js ... lr=lang_en

another thing ..
http//www.phpbb.com/index.php itself is down. ( vulnerability in an outdated PHPList )
http//community.mybboard.net/thread-44513.html advises on this.

hope this helps

Solas

Well, that was interesting.

It appears that part of a distributed warez network had been hidden in our images/avatars/ directory. Until I have a good explanation for how that happened, uploading of avatars is disabled again. As far as I’m aware we don’t use PHPList for anything Oolite-related, but Giles may have it installed for some other part of aegidian.org, possibly something that’s no longer used. I’ve e-mailed him about it.

Out of interest, the following out-of-place files were in images/avatars/ (modification dates in parens):

index.htm (modified from original blank page; 2005-10-05 00:00)
time.php (2005-10-05 00:00)
date.php (2005-10-05 00:00)
13923715934416f3d4e57ff.php (2005-10-05 00:00)
.htaccess (2005-10-05 00:00)
ferrometer91/ (2008-11-01 08:21)
ferrometer91/.htaccess (2008-11-01 08:21)
ferrometer91/guest.php (2008-12-16 12:14)
ferrometer91/messages.php (2008-12-16 12:13)

I’m assuming ferrometer91 and 13923715934416f3d4e57ff.php are random names; the latter looks like one of the random names of avatar images (for instance, 1584281108474245c375d5f.png). The .htaccess files set date.php and messages.php as the error pages for their respective directories, and these files created a virtual hierarchy of pages (the .jsp extension is a red herring). All the code was scrambled php and JavaScript; nothing complex, but I haven’t bothered decoding it.

I know a couple of our users manage phpBBs of their own; I suggest taking a look in your avatars directory. There should be no .htaccess file, no php files, no subdirectories other than gallery, and index.htm should be a blank page containing no JavaScript. (Note: these details may not be correct for phpBB 3.)

0235 · Post by **0235** » Fri Feb 13, 2009 1:41 pm

help.

this man attacked my computer

look what it did!

Commander McLane · Post by **Commander McLane** » Fri Feb 13, 2009 1:48 pm

Spam! Spam! Spam! Spam!

SPAM!

Captain Hesperus · Post by **Captain Hesperus** » Fri Feb 13, 2009 4:26 pm

https://bb.oolite.space/viewtopic.php?p=70187#70187

<ka-chik> BOOOOOOOOOOOOOOOOOOOOOOMMM!!!!

Captain Hesperus

Commander McLane · Post by **Commander McLane** » Sat Feb 14, 2009 12:49 pm

Captain Hesperus wrote:
https://bb.oolite.space/viewtopic.php?p=70187#70187

<ka-chik> BOOOOOOOOOOOOOOOOOOOOOOMMM!!!!

You wouldn't want to start another civil war inside the clock-tower now, would you?

Captain Hesperus · Post by **Captain Hesperus** » Sat Feb 14, 2009 3:07 pm

I'm a cat, thus easily bored....

Captain Hesperus

Post by **Disembodied** » Mon Mar 09, 2009 1:40 pm

*

This one looks dodgy to me ... website links to a "money-making robot".

Post by **Disembodied** » Wed Mar 18, 2009 1:56 pm

*

And another – website linking to online loans ...

Post by **another_commander** » Fri Apr 03, 2009 1:27 pm

*

This one is definitely spamming and has posted the same message all over the Internet. I just deleted it from Outworld, so would one of our esteemed Spam Assassins do the honors and terminate the bot?

Post by **Disembodied** » Sat Apr 04, 2009 9:59 am

*

And another one for the chop ...

Post by **Disembodied** » Tue Apr 07, 2009 8:40 am

*

And yet another ...

Post by **Disembodied** » Fri Apr 10, 2009 6:07 pm

*

Blechh ... and still another

Website · Post by **DaddyHoggy** » Fri Apr 10, 2009 6:39 pm

Is anybody actually killing these off? All the ones identified so far are still present and correct

[unpacks Silent Death and watches the door as new members shuffles in]

Post by **another_commander** » Fri Apr 10, 2009 9:18 pm

DaddyHoggy wrote:
Is anybody actually killing these off? All the ones identified so far are still present and correct

I was under the impression that members tagged as Spam Assassins had the power to do this. Unfortunately moderators cannot interfere with user status, otherwise these spam instances would have been already sanitized. If the SAs cannot do anything, then I guess it's up to one of the forum admins.