1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Same Spam, New tricks.

Discussion in 'Off Topic' started by ShadyX, Jan 12, 2012.

  1. ShadyX

    ShadyX Well-Known Member

    We have been hit with all the usual types of spam since our forum opened. Fake Sig Spam, Mass link spam, PM spam etc; But it seems these spammers have learned a new trick.

    Over the last few days I have noticed a handful of odd looking posts that have invisible images in them that display as broken images for a few seconds then go under the radar, I clicked the edit button to see what was wrong with the image and to clean it up and guess what I found in there:


    There is obviously something odd happening here, The image link you see redirects through a PHP script then displays a transparent image to avoid detection.

    They are posted by the usual culprits with wacky usernames and posts with broken English.

    This is either a new way to get spam backlinks or something malicious, Has anybody seen this before? If so a little insight to what they are up to would be great :)
  2. steel_curtain

    steel_curtain Well-Known Member

    I saw this used years ago to stuff affiliate cookies via htaccess redirects and things like that.
    M@rc likes this.
  3. ShadyX

    ShadyX Well-Known Member

    I just took a look at my cookies and found 3 from that website:


    I'm not sure what they mean though..
  4. Brandon Sheley

    Brandon Sheley Well-Known Member

    It might mean someone is trying to snag some affiliate sales from the site without the owner catching on.
    It happen to me a few years ago.
    Does a .php file usually interact with the img tag?
  5. Andy.N

    Andy.N Well-Known Member

    Hum, maybe we can run a sql query on the post table to search for these.
  6. Mr. Goodie2Shoes

    Mr. Goodie2Shoes Well-Known Member

    yes, if you use:
    header("Content-Type: image/png");
    readfile(the path to a transparent image);
  7. mrGTB

    mrGTB Well-Known Member

    This was why I liked to add a CSS Border around IMG BBCode images before getting posted by people auto, you'll always see that border added, even if they play crafty using a 1px transparent image (the 2px border would still give it away).
  8. Digital Doctor

    Digital Doctor Well-Known Member

    Excellent idea !
  9. Anthony Parsons

    Anthony Parsons Well-Known Member

    This is why I really love http://xenforo.com/community/resources/splendidpoint-com-antispam-prevent-links-and-emails.106/ which just stops all this. I jack it up to a decent number... screw new members wanting to post links. Spammers don't even bother, they just go hit the next site. They can't post anywhere with that mod. I also remove the URL field from profiles... another deterrent.

    I only have around 30 new registrations daily... very rarely do we get spam with Jaxel Utiles mod, the above linked mod and auto remove zero poster accounts mod. Barely see spammers nowadays.

    None of my staff have ever come across this one though... just ran a DB search to check myself... nothing in post content.

    Interesting how tricky they're getting.
  10. CyclingTribe

    CyclingTribe Well-Known Member

    I've had quite a few of these recently. The duplicate account mod flags them for me, and my members are excellent spam spotters (which helps) - but is there any way to limit the IMG BBcode so it only works on image file extensions?

    Shaun :D
  11. fury

    fury Member

    That wouldn't necessarily be enough. A clever server admin can simply set up .png/.jpg/.gif extensions to go through PHP, or redirect via .htaccess to the PHP file to do the heavy lifting.

    I wonder how feasible it would be to have a server perform an HTTP peek at any image being posted, and block the post if it is a redirect or 1x1 transparent gif.
  12. CyclingTribe

    CyclingTribe Well-Known Member

    Maybe an XF usergroup option for "Can link to images" that disables the icon in the editor and removes and IMG tag content on posting?
    Alien and akia like this.
  13. cmeinck

    cmeinck Well-Known Member

    Will this prevent the ability to post image links from external sites. In other words, does this block the 1x1 image spammers?
  14. mrGTB

    mrGTB Well-Known Member

    Not good when people resort to doing that on your forum, not good at all. Hard to see what you can do about it also bar blocking IMG tags from being used completely, I know a few vBulletin forums in the past disabled the use of IMG because of that nasty little spamming trick hard to spot. Have you got any plans to try and stop it?

Share This Page