- This topic is empty.
-
AuthorPosts
-
September 10, 2006 at 12:58 pm #705377
Anonymous
InactiveI was told by my CPays Affiliate Manager via Email, that as of last week all of Morahin’s affiliate accounts have been cancelled (I guess those using the “aimer” affiliate tag). Not sure if I believe this or not, but at minimum, it is at least admission on the part of CPays, that they were paying this bastard.
I no longer promote CPays, by the way……….
September 10, 2006 at 1:07 pm #705380Anonymous
InactiveRedundant post – DELETED
September 10, 2006 at 1:18 pm #705382Anonymous
InactiveHey Dhayman,
As far as I can understand, they were using a javascript exploit in the CMS which gives them the ‘page’ they wanted. A lot of CMS’ use .htaccess re-write rules as well, which will re-write the URL to something more SEO friendly. By doing this, the spammer would only have to title the page (typically done when creating the page – asks for title, description, content).
As far as the rest, I only know because several of my sites are being hit with comment spam (NON-Blog sites) which are self-created php scripts and form-based.
They find the inputboxes and then spam them hoping for content. For comments, they actually tested out the comment manually and when they saw it worked – they put it into their automatic adder. This adder also queries the site for additional places to spam and spams them as well.
September 10, 2006 at 1:29 pm #705385Anonymous
Inactivedhayman wrote:I was told by my CPays Affiliate Manager via Email, that as of last week all of Morahin’s affiliate accounts have been cancelledGood, that’s very good!
September 10, 2006 at 1:49 pm #705387Anonymous
InactiveThanks for that clarification, kwblue. Hmmmm…..what this means then is we’re asking for:
1) These CMS systems to be able to plug the holes on these re-write
accesses, which are system request changes, and probably not likely
to happen any time soon;2) Have these CMS system be more discriminating on what they allow in –
perhaps at minimum, require a special code to be entered, before a post
can be made. At least, this might prohibit automated systems from
spamming. Again, not likely to happen;3) Have the Search Engines revise their inclusion policies on blogger pages
and such. Again, this is not a short-term plan, but a much larger issue
in general. Blogger spam has become a big issue for Google et al, and
I’m sure this is on their radar screen.Otherwise, this *hit is gonna continue flourishing, and probably get worse over time.
Of course there is option # 4:
4) Contribute to the CAP Spammer Strong Arm Fund, and send the most
qualified hitman over to Moscow to ferret out Morahin and his cronies.Seriously, anything else here ????
September 10, 2006 at 1:54 pm #705389Anonymous
InactiveRecognition of spam problem and more stringent security measures being put into place. This is one of Morahin’s spam originating sites:
September 10, 2006 at 2:04 pm #705390Anonymous
InactiveI’m going through each of these spam domains, and as Professor previously stated, most of them are run by PLONE.ORG. They are aware of spam snd security breaches in their S/W, and I’ve raised several “tickets” to alert them further.
In going to each of these PLONE-run sites, there is no ability to create a new login and sign in, hence the PLONE administrator must assign you a login/password. This leads me to believe that Morahin and company are either “buying” there way into these systems, OR they are soliciting help from within the system, and getting existing members to contribute to the spamming. With a login, automation can certainly be achieved, but without one, you can’t post into these systems.
What sucks is that when I go to the effected PLONE domains, there are no links or contact #’s to alert the Administrators of these systems.
What we can hope for is that PLONE rolls out new S/W (and mandates this upgrade), that may tighten up the ship a bit.
September 10, 2006 at 2:08 pm #705391Anonymous
InactiveIt’s an exploit, not help from plone.org or the sites.
This exploit allows them to run Javascript. When they do that, they create what they want. This is my small level of understanding.
I really don’t believe they are in kahootz with all these Plone sites. If they were, then why not Mambo, Joomla, Xoops, phpNuke, etc…. ?
September 10, 2006 at 2:24 pm #705393Anonymous
Inactivekwblue,
I wasn’t insuating that there was any cooperation with these site. What I was insinuating is that they have login/passwords that enable them to use this systems…..this could be from cohorts (e.g., kids that go to those schools) on the inside. I certainly don’t think that it has anything deliberate to do with PLONE.ORG or the various site administrators.
September 10, 2006 at 2:30 pm #705394Anonymous
Inactivedhayman wrote:kwblue,I wasn’t insuating that there was any cooperation with these site. What I was insinuating is that they have login/passwords that enable them to use this systems…..this could be from cohorts (e.g., kids that go to those schools) on the inside. I certainly don’t think that it has anything deliberate to do with PLONE.ORG or the various site administrators.
Could be. I’m sure Plone.org can clear it up for us. I really feel that it is an exploit, though. Seems more logical to me that they have found a way to get a page on an older site through this manner.
September 10, 2006 at 5:32 pm #705411Anonymous
InactiveJust corresponded with someone at:
All of Morohin’s spam has been deleted. They have removed their “Anonymous” login policy………that answers my question above !
Let’s keep this train moving !
September 10, 2006 at 5:48 pm #705412Anonymous
InactiveOk, this post is now deleted as far as that goes.
September 10, 2006 at 5:52 pm #705413Anonymous
InactiveOk, more stuff deleted.
September 10, 2006 at 6:12 pm #705414Anonymous
InactivePlease delete and disregard the above posts. Not what I wanted to say! private info.
September 10, 2006 at 6:17 pm #705415Anonymous
InactiveThank you Dominique I apologize. I was formatting something and did not realize it was not complete. It won’t happen again, I promise. greek39
-
AuthorPosts