News and Reviews > Official Announcements
Amazing Conversation on your site
iphigenie:
maybe it was just a test run for an automated forum posting script
2stepsback:
Hi all,
googling his user name -nite_monkey (March 11, 2007, 10:02 PM)
--- End quote ---
Are you all sure that clicking on google search results cannot take you to spam sites?
Phishing is all about getting you to visit a site in one window when the other window has some financial transaction going on. This looks like it.
The word donation probably made the bot come here as the spammer might have filled up a list of words to check for and then sign up and make this post.
AFAIK, If your Google safe-search is OFF, it's possible that you get rogue sites.
And in this window, you have a *donation*coder site open.
Possible phishing.
Don't google for the username. Enough people have googled, luckily without trouble.
Instead this thread has enough information for the curious.
There should be some simple way of reporting this (and such) to places that list spam bots.
HTH
-2stepsback
iphigenie:
I am confused. What exactly could running a search in google on one tab do if i have the donationcoder forum in another?
steal my session and therefore maybe my username access?
app103:
Hi all,
googling his user name -nite_monkey (March 11, 2007, 10:02 PM)
--- End quote ---
Are you all sure that clicking on google search results cannot take you to spam sites?
Phishing is all about getting you to visit a site in one window when the other window has some financial transaction going on. This looks like it.
The word donation probably made the bot come here as the spammer might have filled up a list of words to check for and then sign up and make this post.
AFAIK, If your Google safe-search is OFF, it's possible that you get rogue sites.
And in this window, you have a *donation*coder site open.
Possible phishing.
Don't google for the username. Enough people have googled, luckily without trouble.
Instead this thread has enough information for the curious.
There should be some simple way of reporting this (and such) to places that list spam bots.
HTH
-2stepsback
-2stepsback (March 12, 2007, 04:27 AM)
--- End quote ---
I seriously doubt the forums he is posting on are spam sites. The only thing you find when you do a google search for his username is every forum on the web, including this one.
I do know what his game is though. Some of his posts have changed. The bot posts the first message, like it did here on our forum...then goes back later and edits that post to add the viagra spam content like it has done here:
http://forum.vertex4.com/viewtopic.php?p=1632 (this is a game developer's site)
and here:
http://www.bollywoodheaven.com/forums/showthread.php?t=6059 (this is in a religion section on a movie related site)
Just be on the watch for the edited post because it won't count as a new post and show up in the unread posts list, therefore slipping past moderators for awhile without being noticed. (the 2nd link I gave didn't notice the change of content in the post)
Google safe-search is only related to adult content. With it turned on, you are less likely to get adult related sites in your results. It has nothing to do with any real safety. It's supposed to keep your searching 'family safe' and/or 'work safe' ...not 'security safe'.
I don't think the word 'donation' brought the bot here...more likely it was the word 'forum'.
2stepsback:
Hi,
firstly, a correction: I meant XSS / Cross Site Scripting although Phishing does come into play.
I seriously doubt the forums he is posting on are spam sites. The only thing you find when you do a google search for his username is every forum on the web, including this one.
I do know what his game is though. Some of his posts have changed. The bot posts the first message, like it did here on our forum...then goes back later and edits that post to add the viagra spam content like it has done here:
http://forum.vertex4.com/viewtopic.php?p=1632 (this is a game developer's site)
and here:
http://www.bollywoodheaven.com/forums/showthread.php?t=6059 (this is in a religion section on a movie related site)
--- End quote ---
Ok, so basically its the regular medical drugs spam thing.
The wikipedia pages for XSS and phishing are a relevant must-read.
Google safe-search is only related to adult content. With it turned on, you are less likely to get adult related sites in your results. It has nothing to do with any real safety. It's supposed to keep your searching 'family safe' and/or 'work safe' ...not 'security safe'.
--- End quote ---
Ok.
Which just raises a side-issue - AFAIK, browsers have anti-phishing alerts built-in or as extensions. Do you think it a good idea if search engines were to put a small icon beside the URL/title in the results page? A red icon would mean suspicious.
Ask.com, Google, Yahoo Search don't have this thing yet, although it would be pretty simple for them to add that info and pretty useful as well.
Opinions / ideas / criticisms welcome.
Finally, what is annoying me is this: The bot/spammer has succeeded in getting so many of us to look for his identity by googling and clicking. So he actually is not doing any script injection or redirection. He's doing mind injection, if you can call it that. He's playing on your curiosity and it's roughly working.
Can you foresee any exploits?
-2stepsback
Navigation
[0] Message Index
[*] Previous page
Go to full version