- This topic is empty.
-
AuthorPosts
-
September 10, 2006 at 12:48 pm #705376AnonymousInactive
That is interesting, kwblue. If this is the case, why then, does each of his effected pages (see above) have “poker*” or “casino*” nomenclature suffixes ?? Do these blogger systems allow you to specify web page names for your blog post ??? Wouldn’t these blogger systems just come up with some randomized internal file name ?
This points back to PROFESSOR’S assertion that Morahin is using a CMS system to spam the Net. I have contacted PLONE.ORG, by the way, and reported this stuff. Unfortunately, I cannot find an Email address or tele # for them, so I was forced to “join” and subsequently fill out a “problem ticket”. I have done this twice, and suggest all to do the same. Unfortunately, this gives the appearance of use of more than one blogger system, as kwblue alludes to.
I think the fact that Morohin is coming up with these specific “poker*” and “casino*” suffixes in filenames, is assisting him with his high ranking, by the way.
September 10, 2006 at 12:58 pm #705377AnonymousInactiveI was told by my CPays Affiliate Manager via Email, that as of last week all of Morahin’s affiliate accounts have been cancelled (I guess those using the “aimer” affiliate tag). Not sure if I believe this or not, but at minimum, it is at least admission on the part of CPays, that they were paying this bastard.
I no longer promote CPays, by the way……….
September 10, 2006 at 1:07 pm #705380AnonymousInactiveRedundant post – DELETED
September 10, 2006 at 1:18 pm #705382AnonymousInactiveHey Dhayman,
As far as I can understand, they were using a javascript exploit in the CMS which gives them the ‘page’ they wanted. A lot of CMS’ use .htaccess re-write rules as well, which will re-write the URL to something more SEO friendly. By doing this, the spammer would only have to title the page (typically done when creating the page – asks for title, description, content).
As far as the rest, I only know because several of my sites are being hit with comment spam (NON-Blog sites) which are self-created php scripts and form-based.
They find the inputboxes and then spam them hoping for content. For comments, they actually tested out the comment manually and when they saw it worked – they put it into their automatic adder. This adder also queries the site for additional places to spam and spams them as well.
September 10, 2006 at 1:29 pm #705385AnonymousInactivedhayman wrote:I was told by my CPays Affiliate Manager via Email, that as of last week all of Morahin’s affiliate accounts have been cancelledGood, that’s very good!
September 10, 2006 at 1:49 pm #705387AnonymousInactiveThanks for that clarification, kwblue. Hmmmm…..what this means then is we’re asking for:
1) These CMS systems to be able to plug the holes on these re-write
accesses, which are system request changes, and probably not likely
to happen any time soon;2) Have these CMS system be more discriminating on what they allow in –
perhaps at minimum, require a special code to be entered, before a post
can be made. At least, this might prohibit automated systems from
spamming. Again, not likely to happen;3) Have the Search Engines revise their inclusion policies on blogger pages
and such. Again, this is not a short-term plan, but a much larger issue
in general. Blogger spam has become a big issue for Google et al, and
I’m sure this is on their radar screen.Otherwise, this *hit is gonna continue flourishing, and probably get worse over time.
Of course there is option # 4:
4) Contribute to the CAP Spammer Strong Arm Fund, and send the most
qualified hitman over to Moscow to ferret out Morahin and his cronies.Seriously, anything else here ????
September 10, 2006 at 1:54 pm #705389AnonymousInactiveRecognition of spam problem and more stringent security measures being put into place. This is one of Morahin’s spam originating sites:
September 10, 2006 at 2:04 pm #705390AnonymousInactiveI’m going through each of these spam domains, and as Professor previously stated, most of them are run by PLONE.ORG. They are aware of spam snd security breaches in their S/W, and I’ve raised several “tickets” to alert them further.
In going to each of these PLONE-run sites, there is no ability to create a new login and sign in, hence the PLONE administrator must assign you a login/password. This leads me to believe that Morahin and company are either “buying” there way into these systems, OR they are soliciting help from within the system, and getting existing members to contribute to the spamming. With a login, automation can certainly be achieved, but without one, you can’t post into these systems.
What sucks is that when I go to the effected PLONE domains, there are no links or contact #’s to alert the Administrators of these systems.
What we can hope for is that PLONE rolls out new S/W (and mandates this upgrade), that may tighten up the ship a bit.
September 10, 2006 at 2:08 pm #705391AnonymousInactiveIt’s an exploit, not help from plone.org or the sites.
This exploit allows them to run Javascript. When they do that, they create what they want. This is my small level of understanding.
I really don’t believe they are in kahootz with all these Plone sites. If they were, then why not Mambo, Joomla, Xoops, phpNuke, etc…. ?
September 10, 2006 at 2:24 pm #705393AnonymousInactivekwblue,
I wasn’t insuating that there was any cooperation with these site. What I was insinuating is that they have login/passwords that enable them to use this systems…..this could be from cohorts (e.g., kids that go to those schools) on the inside. I certainly don’t think that it has anything deliberate to do with PLONE.ORG or the various site administrators.
September 10, 2006 at 2:30 pm #705394AnonymousInactivedhayman wrote:kwblue,I wasn’t insuating that there was any cooperation with these site. What I was insinuating is that they have login/passwords that enable them to use this systems…..this could be from cohorts (e.g., kids that go to those schools) on the inside. I certainly don’t think that it has anything deliberate to do with PLONE.ORG or the various site administrators.
Could be. I’m sure Plone.org can clear it up for us. I really feel that it is an exploit, though. Seems more logical to me that they have found a way to get a page on an older site through this manner.
September 10, 2006 at 5:32 pm #705411AnonymousInactiveJust corresponded with someone at:
All of Morohin’s spam has been deleted. They have removed their “Anonymous” login policy………that answers my question above !
Let’s keep this train moving !
September 10, 2006 at 5:48 pm #705412AnonymousInactiveOk, this post is now deleted as far as that goes.
September 10, 2006 at 5:52 pm #705413AnonymousInactiveOk, more stuff deleted.
September 10, 2006 at 6:12 pm #705414AnonymousInactivePlease delete and disregard the above posts. Not what I wanted to say! private info.
-
AuthorPosts