[ic] forum poisoning ?

Mike Heins mike at perusion.com
Wed May 4 17:48:43 EDT 2005

Quoting Niels Svennekj?r (linux at post10.tele.dk):
> Hi
> In some of my shops, someone have started to post all strange of 
> references to other url's.
> Common for all the forum postings are that
> - they are related to the product
> - the postings are comming from a few seperate IP's
> - the IP's seems to be hacked windows computers.
> - the url they are pointing to seems not to exist (remote host says 
> somthing about "account are closed due to abuse")
> - they go directly to the forum/reply.html link
> Have other of you seen this ?
> What was your countermeassures ?

I see lots of this "guestbook and forum spam", mostly from rogue hosting
providers like theplanet.com. I have firewalled theplanet from most of
the servers I control.

Another thing I do on many catalogs is have a script in Autoload which
checks the user's IP address against cbl.abuseat.org or sbl-xbl.spamhaus.org
(I posted it here once). That is useful for commerce sites, because many
fraudulent orders come from open proxies.

Mike Heins
Perusion -- Expert Interchange Consulting    http://www.perusion.com/
phone +1.765.647.1295  tollfree 800-949-1889 <mike at perusion.com>

Being against torture ought to be sort of a bipartisan thing.
-- Karl Lehenbauer

More information about the interchange-users mailing list