Same Spam, New tricks.

dtmcl

dtmcl

Well-known member
We have been hit with all the usual types of spam since our forum opened. Fake Sig Spam, Mass link spam, PM spam etc; But it seems these spammers have learned a new trick.

Over the last few days I have noticed a handful of odd looking posts that have invisible images in them that display as broken images for a few seconds then go under the radar, I clicked the edit button to see what was wrong with the image and to clean it up and guess what I found in there:

7nAWP.png


There is obviously something odd happening here, The image link you see redirects through a PHP script then displays a transparent image to avoid detection.

They are posted by the usual culprits with wacky usernames and posts with broken English.

This is either a new way to get spam backlinks or something malicious, Has anybody seen this before? If so a little insight to what they are up to would be great :)
 
I just took a look at my cookies and found 3 from that website:

63338550.1754899242.1326247861.1326247861.1326247861.1
63338550.1.10.1326247861
63338550.1326247861.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

I'm not sure what they mean though..
 
ShadyX said:
I just took a look at my cookies and found 3 from that website:

63338550.1754899242.1326247861.1326247861.1326247861.1
63338550.1.10.1326247861
63338550.1326247861.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

I'm not sure what they mean though..
Click to expand...
It might mean someone is trying to snag some affiliate sales from the site without the owner catching on.
http://en.wikipedia.org/wiki/Cookie_stuffing
It happen to me a few years ago.
Does a .php file usually interact with the img tag?
 
mrGTB said:
This was why I liked to add a CSS Border around IMG BBCode images before getting posted by people auto, you'll always see that border added, even if they play crafty using a 1px transparent image (the 2px border would still give it away).
Click to expand...
Excellent idea !
 
This is why I really love http://xenforo.com/community/resources/splendidpoint-com-antispam-prevent-links-and-emails.106/ which just stops all this. I jack it up to a decent number... screw new members wanting to post links. Spammers don't even bother, they just go hit the next site. They can't post anywhere with that mod. I also remove the URL field from profiles... another deterrent.

I only have around 30 new registrations daily... very rarely do we get spam with Jaxel Utiles mod, the above linked mod and auto remove zero poster accounts mod. Barely see spammers nowadays.

None of my staff have ever come across this one though... just ran a DB search to check myself... nothing in post content.

Interesting how tricky they're getting.
 
I've had quite a few of these recently. The duplicate account mod flags them for me, and my members are excellent spam spotters (which helps) - but is there any way to limit the IMG BBcode so it only works on image file extensions?

Cheers,
Shaun :D
 
Clickfinity said:
I've had quite a few of these recently. The duplicate account mod flags them for me, and my members are excellent spam spotters (which helps) - but is there any way to limit the IMG BBcode so it only works on image file extensions?

Cheers,
Shaun :D
Click to expand...
That wouldn't necessarily be enough. A clever server admin can simply set up .png/.jpg/.gif extensions to go through PHP, or redirect via .htaccess to the PHP file to do the heavy lifting.

I wonder how feasible it would be to have a server perform an HTTP peek at any image being posted, and block the post if it is a redirect or 1x1 transparent gif.
 
Anthony Parsons said:
This is why I really love http://xenforo.com/community/resources/splendidpoint-com-antispam-prevent-links-and-emails.106/ which just stops all this. I jack it up to a decent number... screw new members wanting to post links. Spammers don't even bother, they just go hit the next site. They can't post anywhere with that mod. I also remove the URL field from profiles... another deterrent.

I only have around 30 new registrations daily... very rarely do we get spam with Jaxel Utiles mod, the above linked mod and auto remove zero poster accounts mod. Barely see spammers nowadays.

None of my staff have ever come across this one though... just ran a DB search to check myself... nothing in post content.

Interesting how tricky they're getting.
Click to expand...

Will this prevent the ability to post image links from external sites. In other words, does this block the 1x1 image spammers?
 
ShadyX said:
We have been hit with all the usual types of spam since our forum opened. Fake Sig Spam, Mass link spam, PM spam etc; But it seems these spammers have learned a new trick.

Over the last few days I have noticed a handful of odd looking posts that have invisible images in them that display as broken images for a few seconds then go under the radar, I clicked the edit button to see what was wrong with the image and to clean it up and guess what I found in there:

7nAWP.png


There is obviously something odd happening here, The image link you see redirects through a PHP script then displays a transparent image to avoid detection.

They are posted by the usual culprits with wacky usernames and posts with broken English.

This is either a new way to get spam backlinks or something malicious, Has anybody seen this before? If so a little insight to what they are up to would be great :)
Click to expand...

Not good when people resort to doing that on your forum, not good at all. Hard to see what you can do about it also bar blocking IMG tags from being used completely, I know a few vBulletin forums in the past disabled the use of IMG because of that nasty little spamming trick hard to spot. Have you got any plans to try and stop it?
 

Similar threads

zackw
  • Question Question
XF 2.2 Can you mark pending new users as spam?
Replies
5
Views
1K
Suzanne O
Suzanne O
cbpayne
  • Question Question
XF 2.0 How are they creating these spam links on my forum?
Replies
2
Views
605
Jeremy P
Jeremy P
T
Fixed stop forum spam email hashing doesn't seem to work
Replies
6
Views
1K
XF Bug Bot
XF Bug Bot
R
  • Question Question
XF 2.2 Moderate new users
Replies
3
Views
307
Robert9
R
R
Registering twice ...
Replies
12
Views
840
Mr Lucky
Mr Lucky
Top Bottom