Recent Topics

Weird new trackback exploit?

Started by on Apr 08, 2006 – Contents updated: Apr 08, 2006

Apr 08, 2006 23:20    

In the space of a few hours, I just got notified of trackbacks for Yahoo, Google, and MSN (about ten in all) all to random posts including some that are weeks old, all with different.crazy IP adresses, all using the same blurb:

<strong>this is very good</strong><br />

now, I know three search engines aren't going to suddenly jump at my blog and start posting identical trackback comments. I smell a "phish" of some sort. But when I clicked the link, I actually got a Google page *with* my login name and everything on it.

Time to ask (since I implemented a captcha system and haven't seen a speck of commant spam since) what, exactly, *is* a trackback? What's the difference if I turn them off? They just seem like one more security vulnerability to me.

Anybody else getting this?

Apr 09, 2006 01:25

A trackback is kinda like an automatic blog-to-blog comment. Like for example I read something on your blog and want to blog about the same thing and want to throw a bit of my post into your comment list. I grab your trackback URL for the motivating post, type up my thing, then paste your trackback URL into the little box in my back office for trackback URLs. You get a snippet of my post as a comment and I get, well, I don't know what I get.

Turning off trackbacks on all your blogs probably won't stop any real people from either being motivated by your post to write something of their own or commenting that you are an inspiration to them. It will make them have to actually type a comment, and it will also be a 100% effective ban on trackback spam.

I say turn it off, but that's just cuz I think everyone should configure their blog the way I do mine :roll:

Apr 09, 2006 08:06

yep,
some trackback spammer forgot to setup his bot to link to his site and is now instead spamming in favor of google.com, yahoo.com, and msn.com.

I copied all the IP Addresses and banned those IPs via .htaccess for now.

Just need to know now if the IP Addresses are actually being used by the top 3 search engines, coz currently, there's no way to search all posts with an IP Address as a search string. :(

Here are all the IP Addresses:


Auth. IP  
12.15.33.2 
125.181.115.137 
125.182.180.183 
125.183.27.93 
125.240.113.194 
193.140.140.70 
193.188.77.2 
193.194.69.66 
193.194.84.198 
193.219.242.141 
194.160.169.126 
196.40.43.218 
196.40.43.78 
196.7.18.150 
200.222.115.235 
200.71.56.109 
201.209.238.209 
202.131.108.28 
202.86.196.9 
203.95.105.2 
205.213.111.55 
210.122.56.1 
210.217.138.5 
211.152.35.23 
211.193.69.77 
211.225.152.16 
211.35.79.167 
211.45.98.114 
211.5.198.19 
211.55.107.61 
212.35.114.108 
218.119.72.73 
218.124.140.80 
218.208.12.68 
218.209.36.143 
218.40.220.42 
219.1.126.105 
219.121.119.20 
219.168.92.102 
219.177.196.1 
219.187.208.159 
219.210.96.213 
219.24.76.43 
219.249.114.105 
219.34.121.3 
219.5.60.73 
219.55.248.166 
219.93.174.106 
220.124.184.138 
220.125.98.119 
220.194.3.165 
220.37.160.176 
220.60.184.172 
220.70.239.180 
220.87.109.84 
220.87.83.41 
220.89.229.189 
221.115.28.20 
221.142.245.144 
221.156.74.30 
221.17.184.174 
221.28.107.15 
221.76.213.27 
221.77.188.9 
222.101.251.75 
222.112.118.85 
222.113.136.223 
24.83.195.65 
58.12.172.221 
58.145.118.237 
58.51.89.8 
59.4.48.73 
61.40.189.200 
61.73.225.19 
62.252.64.31 
67.132.32.132 
68.116.144.141 
68.87.64.100 
68.87.64.101 
68.87.64.104 
68.87.66.150 
68.87.66.153 
68.87.71.181 
68.87.71.182 
68.87.72.166 
68.87.72.168 
68.87.76.152 
68.87.76.153 
68.87.77.180 
68.87.77.183 
68.87.77.184 
70.235.97.66 
72.244.143.24 
80.237.140.233 
80.33.109.11 
80.95.106.173 
82.236.188.44 
85.185.48.197 

I like to ban these IP Addresses by range, scary part is, might accidentally ban a country and/or region and/or an ISP coz of it.

:/

I hope a release be made specifically to combat these spams for the current b2evolution users, as it appears, we don't have time to wait for the new version just so to get ourselves more protected ;)

Apr 09, 2006 10:03

"I actually got a Google page *with* my login name and everything on it. "

You got sent to Google? You prolly saw your name because you have a google account of some kind, adsense, gmail, analytics .. EVERY time I go anywhere on google, I see my name :) Its the joy of cookies.

The trackbacks your seeing sound like what I used to see a year ago.. theyre recognizable by the <strong></strong> tags around them. I went so far, for a while, as to shitcan any comments or trackbacks that were completely encased like that.

Apr 10, 2006 05:30

You prolly saw your name because you have a google account of some kind"...

Yes, that is so. I was mentioning it because if it were a phishing scam I would have gotten a page *asking* for my data.

some trackback spammer forgot to setup his bot to link to his site and is now instead spamming in favor of google.com, yahoo.com, and msn.com.

Ah. Another spammer demonstrates their genius.

I like to ban these IP Addresses by range,

So, anyway, I keep the "blacklist" feature turned on and update it regularly, have my captcha thingie on the comment box, turn off trackbacks... I should be good, now, until the Wile E. Coyote's out there learn another trick. (I wait patiently for that to happen.)

Apr 11, 2006 16:02

I figured this one out. If the spammer upsets enough blog owners, they will hit the ban button. If you think about this, it will ban the keyword and the url. The url is for msn, google, yahoo and others. This will eliminate google from being able to search all of your sites. There is a huge threat here and most of the owners do not even know what is happening. Be very careful with your blogs and what you ban. I would suggest that you use an IP deny for the addresses.

Snap


Form is loading...

CMS + forums – This forum is powered by b2evolution CMS, a complete engine for your website.