Welcome Guest.   Make a donation to an author on the site October 23, 2014, 12:58:45 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Free DonationCoder.com Member Kit: Submit Request.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: Amazing Conversation on your site  (Read 7689 times)
PolZegerully
Guest


Email
« on: December 16, 2006, 07:56:04 PM »

Hello all!
This is my first time on this site.
I would like to tell what I really like the topic this.
I've been reading it for a while, and I have learned so much here.
So, I decided to try my luck asking a few questions...
How can you IM, PM or whatever you call it to certain members? .
I'd like to ask  more questions about this project.
By the way, nice domain name www.donationcoder.com.
Logged
mouser
First Author
Administrator
*****
Posts: 33,578



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: December 16, 2006, 08:05:42 PM »

In every post anyone makes there are some icons under their name.  The one that looks like a "speech balloon" lets you send them a personal message through the forum.

Logged
mouser
First Author
Administrator
*****
Posts: 33,578



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: December 16, 2006, 10:30:13 PM »

Several people have emailed me warning me that PolZegerully has been registering and posting this same message at every forum on the web.  Guess it's just spam.. Regardless, perhaps others wanted to know how to send a personal message.

And now we wait for the mystery of PolZegerully to be revealed!! Please let us know when he hatches his plot to take over the internets!
Logged
Redhat
Charter Member
***
Posts: 249


View Profile WWW Give some DonationCredits to this forum member
« Reply #3 on: December 17, 2006, 01:41:55 AM »

Several people have emailed me warning me that PolZegerully has been registering and posting this same message at every forum on the web.  Guess it's just spam.. Regardless, perhaps others wanted to know how to send a personal message.

And now we wait for the mystery of PolZegerully to be revealed!! Please let us know when he hatches his plot to take over the internets!

I was suspicious but couldn't see the spam or scam  Wink
Logged
app103
That scary taskbar girl
Global Moderator
*****
Posts: 5,270



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #4 on: December 17, 2006, 02:15:22 AM »

Try this google search:

http://www.google.com/sea...?hl=en&q=PolZegerully

Notice in the first 100 results that all of the forum signups were within the last 3 days. Also notice that there was only 1 post made, and it is almost identical to the one here.

I saw the same message from the same username on another forum yesterday and only thought it was odd when I saw it here today.
Logged

Redhat
Charter Member
***
Posts: 249


View Profile WWW Give some DonationCredits to this forum member
« Reply #5 on: December 17, 2006, 02:26:49 AM »

Try this google search:

http://www.google.com/sea...?hl=en&q=PolZegerully

Notice in the first 100 results that all of the forum signups were within the last 3 days. Also notice that there was only 1 post made, and it is almost identical to the one here.

I saw the same message from the same username on another forum yesterday and only thought it was odd when I saw it here today.

Maybe it's somehow something for a google-bomb?
Logged
app103
That scary taskbar girl
Global Moderator
*****
Posts: 5,270



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: December 17, 2006, 02:47:01 AM »

More likely something related to bombing forum PM systems with messages to forum members...advertising some sort of pay-per-post program.

This is my guess.

We'll have to wait & see.
Logged

RedSlug
Participant
*
Posts: 1

View Profile Give some DonationCredits to this forum member
« Reply #7 on: December 19, 2006, 01:34:30 AM »

At the moment it does not seem like spam, so the admin typically wont delete the user account.

I would think that in the next few weeks they will casually change their profile or signature to include a link to the website they are promoting.
Logged
mouser
First Author
Administrator
*****
Posts: 33,578



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #8 on: December 19, 2006, 01:38:22 AM »

it's like an exciting mystery isn't it.. can't wait to see how it ends!!  tellme
Logged
mouser
First Author
Administrator
*****
Posts: 33,578



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #9 on: December 19, 2006, 01:39:48 AM »

ps i think this is a big clue:
Quote
By the way, nice domain name www.donationcoder.com.

surely there is a reason for mentioning the domain name explicitly
i'm guessing its some kind of seo (search engine optimization) trick, to get their domain name mentioned near the host site's domain name.

OR

it may simply be some text to make each different post on each different forum slightly different.
« Last Edit: December 19, 2006, 01:54:06 AM by mouser » Logged
Darwin
Charter Member
***
Posts: 6,979



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #10 on: December 27, 2006, 02:16:48 PM »

I took it as an effort to make the postings appear "genuine" - as if the poster had sat down and written to each forum individually, with thought and care. Looks kind of like mailmerge-y type software was used. Given that all of the poster's posts in other forums are absolutely identical I think I'm right! One additional question, though, is why make it a hyerlink?
« Last Edit: December 27, 2006, 02:25:48 PM by Darwin » Logged

"Some people have a way with words, other people,... oh... have not way" - Steve Martin
mouser
First Author
Administrator
*****
Posts: 33,578



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #11 on: December 27, 2006, 02:20:51 PM »

the forum software automatically makes it a hyperlink, so they didnt do that.
Logged
Darwin
Charter Member
***
Posts: 6,979



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #12 on: December 27, 2006, 02:31:45 PM »

Ah... I had a (half-baked) notion that some sort of bot software might be being used to scan the internet for hits on the hyperlink... Like I said, half-baked. In googling the id, I noted that there are at least two websites associated with it. One has something to do with mortgages, but takes you to a free French webhost with a bunch of advertising links, and the other is no longer valid but the title suggested that it had something to do with being paid to post messages in forums (hence my half-formed idea about bot software, or something of that ilk).
Logged

"Some people have a way with words, other people,... oh... have not way" - Steve Martin
ravenlaughs
Supporting Member
**
Posts: 16

View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #13 on: March 11, 2007, 08:39:49 PM »

Interesting...It almost seems as if there are certain designated pioneers making innocuous posts that appear real, usually a question. I've seen a couple of spam runs from the beginning. Thank goodness SMF has made it possible to keep the worst sh1th34ds out. Forum spammers love their own stink.
Logged

Happiness is a warm reboot
nite_monkey
Member
**
Posts: 692


see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #14 on: March 11, 2007, 10:02:57 PM »

wow, I haven't seen a user do that before, googling his user name you find a bunch of forums that he has posted the same thing on, I haven't looked at all of them, just the first 4, and they said the same thing. I hate those kind of people.
Logged

[Insert really cool signature here]
iphigenie
Supporting Member
**
Posts: 1,166


curiosity FTW!

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #15 on: March 12, 2007, 04:24:29 AM »

maybe it was just a test run for an automated forum posting script
Logged
2stepsback
Supporting Member
**
Posts: 110

View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #16 on: March 12, 2007, 04:27:37 AM »

Hi all,
googling his user name

Are you all sure that clicking on google search results cannot take you to spam sites?

Phishing is all about getting you to visit a site in one window when the other window has some financial transaction going on. This looks like it.

The word donation probably made the bot come here as the spammer might have filled up a list of words to check for and then sign up and make this post.

AFAIK, If your Google safe-search is OFF, it's possible that you get rogue sites.
And in this window, you have a *donation*coder site open.
Possible phishing.

Don't google for the username. Enough people have googled, luckily without trouble.
Instead this thread has enough information for the curious.
There should be some simple way of reporting this (and such) to places that list spam bots.

HTH
-2stepsback
Logged

An apple a day keeps the doctor away. A good deed a day keeps the Devil away.
See http://www.codinghorror.c...blog/archives/000735.html
------------
W3Schools - A collection of free HTML, CSS, JavaScript, DHTML, XML, XHTML, WAP, ASP, SQL tutorials with lots of working examples and source code.
iphigenie
Supporting Member
**
Posts: 1,166


curiosity FTW!

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #17 on: March 12, 2007, 04:34:46 AM »

I am confused. What exactly could running a search in google on one tab do if i have the donationcoder forum in another?

steal my session and therefore maybe my username access?
Logged
app103
That scary taskbar girl
Global Moderator
*****
Posts: 5,270



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #18 on: March 12, 2007, 05:16:07 AM »

Hi all,
googling his user name

Are you all sure that clicking on google search results cannot take you to spam sites?

Phishing is all about getting you to visit a site in one window when the other window has some financial transaction going on. This looks like it.

The word donation probably made the bot come here as the spammer might have filled up a list of words to check for and then sign up and make this post.

AFAIK, If your Google safe-search is OFF, it's possible that you get rogue sites.
And in this window, you have a *donation*coder site open.
Possible phishing.

Don't google for the username. Enough people have googled, luckily without trouble.
Instead this thread has enough information for the curious.
There should be some simple way of reporting this (and such) to places that list spam bots.

HTH
-2stepsback

I seriously doubt the forums he is posting on are spam sites. The only thing you find when you do a google search for his username is every forum on the web, including this one.

I do know what his game is though. Some of his posts have changed. The bot posts the first message, like it did here on our forum...then goes back later and edits that post to add the viagra spam content like it has done here:  

http://forum.vertex4.com/viewtopic.php?p=1632 (this is a game developer's site)

and here:

http://www.bollywoodheave...ums/showthread.php?t=6059  (this is in a religion section on a movie related site)

Just be on the watch for the edited post because it won't count as a new post and show up in the unread posts list, therefore slipping past moderators for awhile without being noticed. (the 2nd link I gave didn't notice the change of content in the post)

Google safe-search is only related to adult content. With it turned on, you are less likely to get adult related sites in your results. It has nothing to do with any real safety. It's supposed to keep your searching 'family safe' and/or 'work safe' ...not 'security safe'.

I don't think the word 'donation' brought the bot here...more likely it was the word 'forum'.
Logged

2stepsback
Supporting Member
**
Posts: 110

View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #19 on: March 12, 2007, 05:39:07 AM »

Hi,
firstly, a correction: I meant XSS / Cross Site Scripting although Phishing does come into play.

Quote
I seriously doubt the forums he is posting on are spam sites. The only thing you find when you do a google search for his username is every forum on the web, including this one.
I do know what his game is though. Some of his posts have changed. The bot posts the first message, like it did here on our forum...then goes back later and edits that post to add the viagra spam content like it has done here:  

http://forum.vertex4.com/viewtopic.php?p=1632 (this is a game developer's site)
and here:
http://www.bollywoodheave...ums/showthread.php?t=6059  (this is in a religion section on a movie related site)
Ok, so basically its the regular medical drugs spam thing.

The wikipedia pages for XSS and phishing are a relevant must-read.

Quote
Google safe-search is only related to adult content. With it turned on, you are less likely to get adult related sites in your results. It has nothing to do with any real safety. It's supposed to keep your searching 'family safe' and/or 'work safe' ...not 'security safe'.
Ok.

Which just raises a side-issue - AFAIK, browsers have anti-phishing alerts built-in or as extensions. Do you think it a good idea if search engines were to put a small icon beside the URL/title in the results page? A red icon would mean suspicious.
Ask.com, Google, Yahoo Search don't have this thing yet, although it would be pretty simple for them to add that info and pretty useful as well.

Opinions / ideas / criticisms welcome.

Finally, what is annoying me is this: The bot/spammer has succeeded in getting so many of us to look for his identity by googling and clicking. So he actually is not doing any script injection or redirection. He's doing mind injection, if you can call it that. He's playing on your curiosity and it's roughly working.

Can you foresee any exploits?

-2stepsback
Logged

An apple a day keeps the doctor away. A good deed a day keeps the Devil away.
See http://www.codinghorror.c...blog/archives/000735.html
------------
W3Schools - A collection of free HTML, CSS, JavaScript, DHTML, XML, XHTML, WAP, ASP, SQL tutorials with lots of working examples and source code.
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.054s | Server load: 0.1 ]