Damn poker bastard. OK, here is what im finding out. I have my image comment button (not the gallery comment button) and comments left by others invisible by using:
The bastard can still leave comments, but they wont show up on your page. Also, I have my email notifactions turned off in the meantime. Turning off your gallery comments from within the customize gallery options or enabling comment approval is kinda useless.
enabling comment approval wont prevent you from getting them, but it will prevent them from showing up in your galleries..
Damn poker bastard. OK, here is what im finding out. I have my image comment button (not the gallery comment button) and comments left by others invisible by using:
The bastard can still leave comments, but they wont show up on your page. Also, I have my email notifactions turned off in the meantime. Turning off your gallery comments from within the customize gallery options or enabling comment approval is kinda useless.
Seems to have worked in my case..... 'it' moved to another gallery, and then another.. and now it seems to have stopped. I got some 12 in total, so I am not complaining for myself.... but companies like these should be attacked, either by law or by white hackers
Seems to have worked in my case..... 'it' moved to another gallery, and then another.. and now it seems to have stopped. I got some 12 in total, so I am not complaining for myself.... but companies like these should be attacked, either by law or by white hackers
Heavy! I'm still in the 300-400 range and I personally killed around 150 by hand. ( :gun2 comment-spamer)
I'm a bit more chilled as the queue at the mail notification server finally seems to be empty for me.
So you were able to trace them back? If so, I would like to know how you did it!
Thanks,
Sebastian
It is a redirect scheme, bounced arouns a couple times. These guys are just the first stop.
DO NOT FOLLOW THIS WITHOUT ANTI SPYWARE/ADDWARE SOFTWARE WORKING AND COOKIES BLOCKED!!!!!! THEY WILL TRY TO GET INTO YOUR SYSTEM!!!!!!!
kiszka-blada.com
then off to
proredirect.com
who then goes to
oversee.net
edit: If they are not doing it, they own some domains in use, and or have some connection.
This kind of 'marketing' goes in the same range as the Osama's of this world...... just terrorizing innocent people for the heck of it. Nobody in his right mind is ever going to use one of these casino links they put in our comments.... so it is a total futile and criminal action.
It is a redirect scheme, bounced arouns a couple times. These guys are just the first stop.
Ah, okay...so you simply followed the link. I thought that you perhaps had some tracking code on your page that captured the bot while it was doing it's dirty business.
It is a redirect scheme, bounced arouns a couple times. These guys are just the first stop.
DO NOT FOLLOW THIS WITHOUT ANTI SPYWARE/ADDWARE SOFTWARE WORKING AND COOKIES BLOCKED!!!!!! THEY WILL TRY TO GET INTO YOUR SYSTEM!!!!!!!
kiszka-blada.com
then off to
proredirect.com
who then goes to
oversee.net
It is a windows 2000 box, it has been hitting my page for a duration of 0 sec, and it has plenty of open ports that a normal workstation would not be listening too.
It is a windows 2000 box, it has been hitting my page for a duration of 0 sec, and it has plenty of open ports that a normal workstation would not be listening too.
it's not actually hitting your page now which is why adding a site level password doesnt do anything..
however...this information would've had to be mined previously unless the bot is just doing an incremental hit & miss...
How many browsers would hit my main page for 0 sec every little while? Yes, that one is just guessing off the time duration, which is why it is not a ourright target........yet, pending more info.
well, not hit from that IP the last couple times I got new commants, maybe that was a scanning run of some kind or it could be unrelated, but most people don't listen to ports 21 (ftp), 135 (epmap), 389 (ldap), 1002, and 1720 on a browser station.
It is a windows 2000 box, it has been hitting my page for a duration of 0 sec, and it has plenty of open ports that a normal workstation would not be listening too.
James.
Hey, hey easy! That's me!! I clicked on your link to see if you've got site pw turned on too!
EDIT: Statcounter lists 0sec when someone comes to your main page and doesn't click on any other page by just closing the browser.
Hey, hey easy! That's me!! I clicked on your link to see if you've got site pw turned on too!
If that is you, why is your system listening to those ports? ftp? ldap? epmap? 1002? 1720?
James.
Did you go to my site more than once? To the root only? that is what drew my attention, more then once, right before I got another spam round. Are you running anti spyware? or are you just really using your system
ldap 389 can be from netmeeting, which has a known hole, I bet that is someone's system that has been hijacked.
James.
That's my server and windows update hasn't been working for me anymore for quite some time (just hangs while searching for updates)...looks like I gotta install some patches manually.
I'm sure it hasn't been hijacked though.
This kind of 'marketing' goes in the same range as the Osama's of this world...... just terrorizing innocent people for the heck of it. Nobody in his right mind is ever going to use one of these casino links they put in our comments.... so it is a total futile and criminal action.
That's my server and windows update hasn't been working for me anymore for quite some time (just hangs while searching for updates)...looks like I gotta install some patches manually.
I'm sure it hasn't been hijacked though.
Sebastian
yeah then you better do some updates, that is why you research before you attack back, too easy to get the wrong one. If I were you I wouldn't browse from a server. Kinda odd that it only showed you hitting my root page and nothing else.
If that is you, why is your system listening to those ports? ftp? ldap? epmap? 1002? 1720?
James.
Did you go to my site more than once? To the root only? that is what drew my attention, more then once, right before I got another spam round. Are you running anti spyware? or are you just really using your system
Those spamers don't show on Statcounter. I've already checked that with my account. Just before the attack I had one visitor (look on the first page), but it's not very likely that it's the one spaming around - or you would have had that hit too.
I can't recall if I hit your site more than once today, but I have visited it before and may still have the cookie.
Why the many ports you ask? Because it's my server to which I can connect to when I'm not at home. Has the usual stuff, teamspeak server, ftp etc. But it for sure doesn't spam around.
enabling comment approval wont prevent you from getting them, but it will prevent them from showing up in your galleries..
update: 1017 comments and still rising!
If you enable comment approval, wont you be bombarded with approval emails?? If you turn off email notifications in you account settings, will you still get comment approval emails??
BTW, I have only been hit 13 times so far. Is it because I already had my single photo comment link blocked using that code? He seems to only comment on single images & not galleries, in my case. And only hits the very first photo in my galleries, so thats why I only have 13 spams, me thinks.
Stopping them temporarily
I turned off allowing comments for all 500+ of my galleries after I got about 140 comments. That worked. I turned one gallery back on for comments and it started again.
arthill.smugmug.com
In theory, there is no difference between theory and practice. In practice, however, there is.
In order to understand recursion, you first have to understand recursion.
Art Hill
Those spamers don't show on Statcounter. I've already checked that with my account. Just before the attack I had one visitor (look on the first page), but it's not very likely that it's the one spaming around - or you would have had that hit too.
I can't recall if I hit your site more than once today, but I have visited it before and may still have the cookie.
Why the many ports you ask? Because it's my server to which I can connect to when I'm not at home. Has the usual stuff, teamspeak server, ftp etc. But it for sure doesn't spam around.
Sebastian
You might want to take another look at security, it looked pretty open to attack.
Comments
enabling comment approval wont prevent you from getting them, but it will prevent them from showing up in your galleries..
update: 1017 comments and still rising!
Seems to have worked in my case..... 'it' moved to another gallery, and then another.. and now it seems to have stopped. I got some 12 in total, so I am not complaining for myself.... but companies like these should be attacked, either by law or by white hackers
Founder
Silver Cloud Publishing
fssupport.smugmug.com
working on the latter
James.
http://www.jamesjweg.com
vigilante justice!
it's what the internets was meant for.
I have called and awakened the West Coast. Please standby while we work on this and we'll provide as much info as we can, when we get it.
Thank you for your patience and understanding while we sort this out.
Portfolio • Workshops • Facebook • Twitter
Thanks,
Sebastian
SmugMug Support Hero
http://oversee.net/
James.
edit: If they are not doing it, they own some domains in use, and or have some connection.
http://www.jamesjweg.com
I'm a bit more chilled as the queue at the mail notification server finally seems to be empty for me.
Sebastian
SmugMug Support Hero
It is a redirect scheme, bounced arouns a couple times. These guys are just the first stop.
DO NOT FOLLOW THIS WITHOUT ANTI SPYWARE/ADDWARE SOFTWARE WORKING AND COOKIES BLOCKED!!!!!! THEY WILL TRY TO GET INTO YOUR SYSTEM!!!!!!!
kiszka-blada.com
then off to
proredirect.com
who then goes to
oversee.net
James.
http://www.jamesjweg.com
This kind of 'marketing' goes in the same range as the Osama's of this world...... just terrorizing innocent people for the heck of it. Nobody in his right mind is ever going to use one of these casino links they put in our comments.... so it is a total futile and criminal action.
Founder
Silver Cloud Publishing
fssupport.smugmug.com
Thanks for the info though. Keep us posted.
Sebastian
SmugMug Support Hero
the domain is registered at nameking.com
Abuse Desk Email Address: abuse@nameking.com
he'll probably just pop up somewhere else, but we can make it inconvenient for a little while.
Sachsen, Leipzig, Germany
p54B9A603.dip0.t-ipconnect.de (84.185.166.3)
It is a windows 2000 box, it has been hitting my page for a duration of 0 sec, and it has plenty of open ports that a normal workstation would not be listening too.
James.
http://www.jamesjweg.com
i doubt that you would see anything in your logs.
more than likely its hitting www.smugmug.com/hack/RPC/gallery.mg and just passing in the image id
it's not actually hitting your page now which is why adding a site level password doesnt do anything..
however...this information would've had to be mined previously unless the bot is just doing an incremental hit & miss...
How many browsers would hit my main page for 0 sec every little while? Yes, that one is just guessing off the time duration, which is why it is not a ourright target........yet, pending more info.
James.
http://www.jamesjweg.com
James.
http://www.jamesjweg.com
looks like the deck is stacked against me.
James.
http://www.jamesjweg.com
Hey, hey easy! That's me!! I clicked on your link to see if you've got site pw turned on too!
EDIT: Statcounter lists 0sec when someone comes to your main page and doesn't click on any other page by just closing the browser.
SmugMug Support Hero
James.
Did you go to my site more than once? To the root only? that is what drew my attention, more then once, right before I got another spam round. Are you running anti spyware? or are you just really using your system
http://www.jamesjweg.com
I'm sure it hasn't been hijacked though.
Sebastian
SmugMug Support Hero
Francois I love your new tagline:
Portfolio • Workshops • Facebook • Twitter
yeah then you better do some updates, that is why you research before you attack back, too easy to get the wrong one. If I were you I wouldn't browse from a server. Kinda odd that it only showed you hitting my root page and nothing else.
James.
http://www.jamesjweg.com
More from Onethumb I'm sure.
Portfolio • Workshops • Facebook • Twitter
I can't recall if I hit your site more than once today, but I have visited it before and may still have the cookie.
Why the many ports you ask? Because it's my server to which I can connect to when I'm not at home. Has the usual stuff, teamspeak server, ftp etc. But it for sure doesn't spam around.
Sebastian
SmugMug Support Hero
BTW, I have only been hit 13 times so far. Is it because I already had my single photo comment link blocked using that code? He seems to only comment on single images & not galleries, in my case. And only hits the very first photo in my galleries, so thats why I only have 13 spams, me thinks.
BTW, pay backs a mutha!! Lets get these creeps!!!
sorry.
Yup, nicly done, and fairly fast. That kinda of attack is just a fact of life these days.
James.
http://www.jamesjweg.com
I turned off allowing comments for all 500+ of my galleries after I got about 140 comments. That worked. I turned one gallery back on for comments and it started again.
arthill.smugmug.com
In order to understand recursion, you first have to understand recursion.
Art Hill
You might want to take another look at security, it looked pretty open to attack.
James.
http://www.jamesjweg.com