- This topic is empty.
-
Posts
-
That is interesting, kwblue. If this is the case, why then, does each of his effected pages (see above) have “poker*” or “casino*” nomenclature suffixes ?? Do these blogger systems allow you to specify web page names for your blog post ??? Wouldn’t these blogger systems just come up with some randomized internal file name ?
This points back to PROFESSOR’S assertion that Morahin is using a CMS system to spam the Net. I have contacted PLONE.ORG, by the way, and reported this stuff. Unfortunately, I cannot find an Email address or tele # for them, so I was forced to “join” and subsequently fill out a “problem ticket”. I have done this twice, and suggest all to do the same. Unfortunately, this gives the appearance of use of more than one blogger system, as kwblue alludes to.
I think the fact that Morohin is coming up with these specific “poker*” and “casino*” suffixes in filenames, is assisting him with his high ranking, by the way.
I was told by my CPays Affiliate Manager via Email, that as of last week all of Morahin’s affiliate accounts have been cancelled (I guess those using the “aimer” affiliate tag). Not sure if I believe this or not, but at minimum, it is at least admission on the part of CPays, that they were paying this bastard.
I no longer promote CPays, by the way……….
Redundant post – DELETED
Hey Dhayman,
As far as I can understand, they were using a javascript exploit in the CMS which gives them the ‘page’ they wanted. A lot of CMS’ use .htaccess re-write rules as well, which will re-write the URL to something more SEO friendly. By doing this, the spammer would only have to title the page (typically done when creating the page – asks for title, description, content).
As far as the rest, I only know because several of my sites are being hit with comment spam (NON-Blog sites) which are self-created php scripts and form-based.
They find the inputboxes and then spam them hoping for content. For comments, they actually tested out the comment manually and when they saw it worked – they put it into their automatic adder. This adder also queries the site for additional places to spam and spams them as well.
dhayman wrote:I was told by my CPays Affiliate Manager via Email, that as of last week all of Morahin’s affiliate accounts have been cancelledGood, that’s very good!
Thanks for that clarification, kwblue. Hmmmm…..what this means then is we’re asking for:
1) These CMS systems to be able to plug the holes on these re-write
accesses, which are system request changes, and probably not likely
to happen any time soon;2) Have these CMS system be more discriminating on what they allow in –
perhaps at minimum, require a special code to be entered, before a post
can be made. At least, this might prohibit automated systems from
spamming. Again, not likely to happen;3) Have the Search Engines revise their inclusion policies on blogger pages
and such. Again, this is not a short-term plan, but a much larger issue
in general. Blogger spam has become a big issue for Google et al, and
I’m sure this is on their radar screen.Otherwise, this *hit is gonna continue flourishing, and probably get worse over time.
Of course there is option # 4:
4) Contribute to the CAP Spammer Strong Arm Fund, and send the most
qualified hitman over to Moscow to ferret out Morahin and his cronies.Seriously, anything else here ????
Recognition of spam problem and more stringent security measures being put into place. This is one of Morahin’s spam originating sites:
I’m going through each of these spam domains, and as Professor previously stated, most of them are run by PLONE.ORG. They are aware of spam snd security breaches in their S/W, and I’ve raised several “tickets” to alert them further.
In going to each of these PLONE-run sites, there is no ability to create a new login and sign in, hence the PLONE administrator must assign you a login/password. This leads me to believe that Morahin and company are either “buying” there way into these systems, OR they are soliciting help from within the system, and getting existing members to contribute to the spamming. With a login, automation can certainly be achieved, but without one, you can’t post into these systems.
What sucks is that when I go to the effected PLONE domains, there are no links or contact #’s to alert the Administrators of these systems.
What we can hope for is that PLONE rolls out new S/W (and mandates this upgrade), that may tighten up the ship a bit.
It’s an exploit, not help from plone.org or the sites.
This exploit allows them to run Javascript. When they do that, they create what they want. This is my small level of understanding.
I really don’t believe they are in kahootz with all these Plone sites. If they were, then why not Mambo, Joomla, Xoops, phpNuke, etc…. ?
kwblue,
I wasn’t insuating that there was any cooperation with these site. What I was insinuating is that they have login/passwords that enable them to use this systems…..this could be from cohorts (e.g., kids that go to those schools) on the inside. I certainly don’t think that it has anything deliberate to do with PLONE.ORG or the various site administrators.
dhayman wrote:kwblue,I wasn’t insuating that there was any cooperation with these site. What I was insinuating is that they have login/passwords that enable them to use this systems…..this could be from cohorts (e.g., kids that go to those schools) on the inside. I certainly don’t think that it has anything deliberate to do with PLONE.ORG or the various site administrators.
Could be. I’m sure Plone.org can clear it up for us. I really feel that it is an exploit, though. Seems more logical to me that they have found a way to get a page on an older site through this manner.
Just corresponded with someone at:
All of Morohin’s spam has been deleted. They have removed their “Anonymous” login policy………that answers my question above !
Let’s keep this train moving !
Ok, this post is now deleted as far as that goes.
Ok, more stuff deleted.
Please delete and disregard the above posts. Not what I wanted to say! private info.
