Results 1 to 10 of 10
  1. #1
    ABW Ambassador
    Join Date
    November 25th, 2005
    Posts
    639
    Giberish Spam?
    Normally, I can figure most things out on my own but I have a spam issue that has been going on for a few years and could use some insight from ABW'ers... I have a coupon site with a contact form that keeps getting spammed.
    What I would like to know is why do the messages look like links made up of giberish?

    The spam messages seem to be built in four different parts divided by commas:
    1) A standard < a href > link but the url and linked text are non-sensical letters and numbers (different from the other links and text)
    2) A second [ url= ] tag but again, the url and linked text are non-sensical letters and numbers (different from the other links and text)
    3) A third [ link= ] tag but again, the url and linked text are non-sensical letters and numbers (different from the other links and text)
    4) A straight-up http link and again, the url and linked text are non-sensical letters and numbers (different from the other links and text)

    It is a pain but I just wondering what is the purpose behind this?
    What possible use is a domain made from a jumble of letters?

    Dave

  2. #2
    ABW Ambassador 2busy's Avatar
    Join Date
    January 17th, 2005
    Location
    Tropical Mountaintop
    Posts
    5,636
    Maybe human testing for spam bot setup? Practicing their routine? I have never seen a problem like this, hope someone else can tell you for sure what it is. I have seen redirect sites set up with useless jumbled names. Can you match the junk with access logs and see if there is an IP to ban?

  3. #3
    Moderator MichaelColey's Avatar
    Join Date
    January 18th, 2005
    Location
    Mansfield, TX
    Posts
    16,232
    What they're probably trying to do is to overflow the input field and make your contact form send spam emails out to people.

    For instance, they might enter a from email address of "test@test.com\nTo: huge list of email addresses\nSubject: Buy Viagra\n\nVisit my spam site to buy Viagra.\n\n\n\n\n\n". If your script doesn't handle things right, that may cause your server to send spam out instead of sending the feedback to you.

    The fact that you got the email makes it sound like it's probably handling things right. They're just testing it (probably in an automated way) to try to find vulnerable contact forms.

    That's my guess, anyway.
    Michael Coley
    Amazing-Bargains.com
     Affiliate Tips | Merchant Best Practices | Affiliate Friendly? | Couponing | CPA Networks? | ABW Tips | Activating Affiliates
    "Education is the most powerful weapon which you can use to change the world." Nelson Mandela

  4. #4
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    What possible use is a domain made from a jumble of letters?
    A throw away domain.

  5. #5
    Comfortably Numb John Powell's Avatar
    Join Date
    October 17th, 2005
    Location
    Bayou Country, LA
    Posts
    3,432
    Quote Originally Posted by CanadianDave View Post
    Normally, I can figure most things out on my own but I have a spam issue that has been going on for a few years and could use some insight from ABW'ers... I have a coupon site with a contact form that keeps getting spammed.
    What I would like to know is why do the messages look like links made up of giberish?

    The spam messages seem to be built in four different parts divided by commas:
    1) A standard < a href > link but the url and linked text are non-sensical letters and numbers (different from the other links and text)
    2) A second [ url= ] tag but again, the url and linked text are non-sensical letters and numbers (different from the other links and text)
    3) A third [ link= ] tag but again, the url and linked text are non-sensical letters and numbers (different from the other links and text)
    4) A straight-up http link and again, the url and linked text are non-sensical letters and numbers (different from the other links and text)

    It is a pain but I just wondering what is the purpose behind this?
    What possible use is a domain made from a jumble of letters?

    Dave
    I saw this for the first time today. 2 emails back to back and not one word that I could recognize. It doesn't even begin to look like a language. Contact form also here.


  6. #6
    Comfortably Numb John Powell's Avatar
    Join Date
    October 17th, 2005
    Location
    Bayou Country, LA
    Posts
    3,432
    Quote Originally Posted by Kellie aka Ms. B View Post
    A throw away domain.
    I got another one this morning with 5 different gibberish domains that whois says are invalid. Looking in the server log shows it was from Barcelona, Spain. Can't figure out what's the point.


  7. #7
    Full Member bobby131313's Avatar
    Join Date
    November 12th, 2007
    Location
    Dover, DE
    Posts
    550
    They try to inject a line break so they can piggyback a CC field on the "to" field. So when they submit the form it goes to you plus a bazillion addresses they've injected into the new cc field. It's an old exploit that most apps have sanitized, but they still try to make it work.
    Last edited by bobby131313; February 18th, 2011 at 09:08 AM.

  8. #8
    Comfortably Numb John Powell's Avatar
    Join Date
    October 17th, 2005
    Location
    Bayou Country, LA
    Posts
    3,432
    Quote Originally Posted by bobby131313 View Post
    They try to inject a line break so they can piggyback a CC field on the "to" field. So when they submit the form it goes to you plus a bazillion addresses they've injected into the new cc field. It's an old exploit that most apps have sanitized, but they still try to make it work.
    So I guess then this would just be a probe to see if there is a vulnerability. If it works then they do a real spam message that would benefit them?


  9. #9
    Moderator MichaelColey's Avatar
    Join Date
    January 18th, 2005
    Location
    Mansfield, TX
    Posts
    16,232
    That's my guess. They probably have a spider/bot just looking for contact forms and testing them for vulnerabilities, then a separate spider/bot that spams through any vulnerabilities they find.
    Michael Coley
    Amazing-Bargains.com
     Affiliate Tips | Merchant Best Practices | Affiliate Friendly? | Couponing | CPA Networks? | ABW Tips | Activating Affiliates
    "Education is the most powerful weapon which you can use to change the world." Nelson Mandela

  10. #10
    ABW Ambassador
    Join Date
    November 25th, 2005
    Posts
    639
    Thanks everyone! It's good to get some informed information on this. Now that I think of it, I am seeing similar spam across a number of different domains/flavour of email (form to database, Yahoo mail and domain addresses).
    When the only tool you have is a hammer - everything looks like a nail.

  11. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Replies: 8
    Last Post: November 16th, 2007, 01:36 PM
  2. Am I being used to Spam?
    By bghtn in forum Midnight Cafe'
    Replies: 11
    Last Post: July 28th, 2003, 05:17 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •