Author Topic: Amazing Conversation on your site (Read 16092 times)

PolZegerully · « **on:** December 16, 2006, 07:56 PM »

Hello all!
This is my first time on this site.
I would like to tell what I really like the topic this.
I've been reading it for a while, and I have learned so much here.
So, I decided to try my luck asking a few questions...
How can you IM, PM or whatever you call it to certain members? .
I'd like to ask more questions about this project.
By the way, nice domain name www.donationcoder.com.

mouser · « **Reply #1 on:** December 16, 2006, 08:05 PM »

In every post anyone makes there are some icons under their name. The one that looks like a "speech balloon" lets you send them a personal message through the forum.

Screenshot - 12_16_2006 , 8_05_07 PM.png

Screenshot - 12_16_2006 , 8_05_07 PM.png

mouser · « **Reply #2 on:** December 16, 2006, 10:30 PM »

Several people have emailed me warning me that PolZegerully has been registering and posting this same message at every forum on the web. Guess it's just spam.. Regardless, perhaps others wanted to know how to send a personal message.

And now we wait for the mystery of PolZegerully to be revealed!! Please let us know when he hatches his plot to take over the internets!

Redhat · « **Reply #3 on:** December 17, 2006, 01:41 AM »

Several people have emailed me warning me that PolZegerully has been registering and posting this same message at every forum on the web. Guess it's just spam.. Regardless, perhaps others wanted to know how to send a personal message.

And now we wait for the mystery of PolZegerully to be revealed!! Please let us know when he hatches his plot to take over the internets!
-mouser (December 16, 2006, 10:30 PM)

I was suspicious but couldn't see the spam or scam

app103 · « **Reply #4 on:** December 17, 2006, 02:15 AM »

Try this google search:

http://www.google.co...n&q=PolZegerully

Notice in the first 100 results that all of the forum signups were within the last 3 days. Also notice that there was only 1 post made, and it is almost identical to the one here.

I saw the same message from the same username on another forum yesterday and only thought it was odd when I saw it here today.

Redhat · « **Reply #5 on:** December 17, 2006, 02:26 AM »

Try this google search:

http://www.google.co...n&q=PolZegerully

Notice in the first 100 results that all of the forum signups were within the last 3 days. Also notice that there was only 1 post made, and it is almost identical to the one here.

I saw the same message from the same username on another forum yesterday and only thought it was odd when I saw it here today.
-app103 (December 17, 2006, 02:15 AM)

Maybe it's somehow something for a google-bomb?

app103 · « **Reply #6 on:** December 17, 2006, 02:47 AM »

More likely something related to bombing forum PM systems with messages to forum members...advertising some sort of pay-per-post program.

This is my guess.

We'll have to wait & see.

RedSlug · « **Reply #7 on:** December 19, 2006, 01:34 AM »

At the moment it does not seem like spam, so the admin typically wont delete the user account.

I would think that in the next few weeks they will casually change their profile or signature to include a link to the website they are promoting.

mouser · « **Reply #8 on:** December 19, 2006, 01:38 AM »

it's like an exciting mystery isn't it.. can't wait to see how it ends!!

mouser · « **Reply #9 on:** December 19, 2006, 01:39 AM »

ps i think this is a big clue:

By the way, nice domain name www.donationcoder.com.

surely there is a reason for mentioning the domain name explicitly
i'm guessing its some kind of seo (search engine optimization) trick, to get their domain name mentioned near the host site's domain name.

OR

it may simply be some text to make each different post on each different forum slightly different.

Darwin · « **Reply #10 on:** December 27, 2006, 02:16 PM »

I took it as an effort to make the postings appear "genuine" - as if the poster had sat down and written to each forum individually, with thought and care. Looks kind of like mailmerge-y type software was used. Given that all of the poster's posts in other forums are absolutely identical I think I'm right! One additional question, though, is why make it a hyerlink?

mouser · « **Reply #11 on:** December 27, 2006, 02:20 PM »

the forum software automatically makes it a hyperlink, so they didnt do that.

Darwin · « **Reply #12 on:** December 27, 2006, 02:31 PM »

Ah... I had a (half-baked) notion that some sort of bot software might be being used to scan the internet for hits on the hyperlink... Like I said, half-baked. In googling the id, I noted that there are at least two websites associated with it. One has something to do with mortgages, but takes you to a free French webhost with a bunch of advertising links, and the other is no longer valid but the title suggested that it had something to do with being paid to post messages in forums (hence my half-formed idea about bot software, or something of that ilk).

ravenlaughs · « **Reply #13 on:** March 11, 2007, 08:39 PM »

Interesting...It almost seems as if there are certain designated pioneers making innocuous posts that appear real, usually a question. I've seen a couple of spam runs from the beginning. Thank goodness SMF has made it possible to keep the worst sh1th34ds out. Forum spammers love their own stink.

nite_monkey · « **Reply #14 on:** March 11, 2007, 10:02 PM »

wow, I haven't seen a user do that before, googling his user name you find a bunch of forums that he has posted the same thing on, I haven't looked at all of them, just the first 4, and they said the same thing. I hate those kind of people.

iphigenie · « **Reply #15 on:** March 12, 2007, 04:24 AM »

maybe it was just a test run for an automated forum posting script

2stepsback · « **Reply #16 on:** March 12, 2007, 04:27 AM »

Hi all,

googling his user name
-nite_monkey (March 11, 2007, 10:02 PM)

Are you all sure that clicking on google search results cannot take you to spam sites?

Phishing is all about getting you to visit a site in one window when the other window has some financial transaction going on. This looks like it.

The word donation probably made the bot come here as the spammer might have filled up a list of words to check for and then sign up and make this post.

AFAIK, If your Google safe-search is OFF, it's possible that you get rogue sites.
And in this window, you have a *donation*coder site open.
Possible phishing.

Don't google for the username. Enough people have googled, luckily without trouble.
Instead this thread has enough information for the curious.
There should be some simple way of reporting this (and such) to places that list spam bots.

HTH
-2stepsback

iphigenie · « **Reply #17 on:** March 12, 2007, 04:34 AM »

I am confused. What exactly could running a search in google on one tab do if i have the donationcoder forum in another?

steal my session and therefore maybe my username access?

app103 · « **Reply #18 on:** March 12, 2007, 05:16 AM »

Hi all,
googling his user name
-nite_monkey (March 11, 2007, 10:02 PM)

Are you all sure that clicking on google search results cannot take you to spam sites?

Phishing is all about getting you to visit a site in one window when the other window has some financial transaction going on. This looks like it.

The word donation probably made the bot come here as the spammer might have filled up a list of words to check for and then sign up and make this post.

AFAIK, If your Google safe-search is OFF, it's possible that you get rogue sites.
And in this window, you have a *donation*coder site open.
Possible phishing.

Don't google for the username. Enough people have googled, luckily without trouble.
Instead this thread has enough information for the curious.
There should be some simple way of reporting this (and such) to places that list spam bots.

HTH
-2stepsback
-2stepsback (March 12, 2007, 04:27 AM)

I seriously doubt the forums he is posting on are spam sites. The only thing you find when you do a google search for his username is every forum on the web, including this one.

I do know what his game is though. Some of his posts have changed. The bot posts the first message, like it did here on our forum...then goes back later and edits that post to add the viagra spam content like it has done here:

http://forum.vertex4...viewtopic.php?p=1632 (this is a game developer's site)

and here:

http://www.bollywood...howthread.php?t=6059 (this is in a religion section on a movie related site)

Just be on the watch for the edited post because it won't count as a new post and show up in the unread posts list, therefore slipping past moderators for awhile without being noticed. (the 2nd link I gave didn't notice the change of content in the post)

Google safe-search is only related to adult content. With it turned on, you are less likely to get adult related sites in your results. It has nothing to do with any real safety. It's supposed to keep your searching 'family safe' and/or 'work safe' ...not 'security safe'.

I don't think the word 'donation' brought the bot here...more likely it was the word 'forum'.

2stepsback · « **Reply #19 on:** March 12, 2007, 05:39 AM »

Hi,
firstly, a correction: I meant XSS / Cross Site Scripting although Phishing does come into play.

I seriously doubt the forums he is posting on are spam sites. The only thing you find when you do a google search for his username is every forum on the web, including this one.
I do know what his game is though. Some of his posts have changed. The bot posts the first message, like it did here on our forum...then goes back later and edits that post to add the viagra spam content like it has done here:

http://forum.vertex4...viewtopic.php?p=1632 (this is a game developer's site)
and here:
http://www.bollywood...howthread.php?t=6059 (this is in a religion section on a movie related site)

Ok, so basically its the regular medical drugs spam thing.

The wikipedia pages for XSS and phishing are a relevant must-read.

Google safe-search is only related to adult content. With it turned on, you are less likely to get adult related sites in your results. It has nothing to do with any real safety. It's supposed to keep your searching 'family safe' and/or 'work safe' ...not 'security safe'.

Ok.

Which just raises a side-issue - AFAIK, browsers have anti-phishing alerts built-in or as extensions. Do you think it a good idea if search engines were to put a small icon beside the URL/title in the results page? A red icon would mean suspicious.
Ask.com, Google, Yahoo Search don't have this thing yet, although it would be pretty simple for them to add that info and pretty useful as well.

Opinions / ideas / criticisms welcome.

Finally, what is annoying me is this: The bot/spammer has succeeded in getting so many of us to look for his identity by googling and clicking. So he actually is not doing any script injection or redirection. He's doing mind injection, if you can call it that. He's playing on your curiosity and it's roughly working.

Can you foresee any exploits?

-2stepsback