More sendmessage.php SPAM

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • SurfCityvBer
    New Member
    • Sep 2006
    • 23
    • 3.6.x
    #1

    More sendmessage.php SPAM

    Greetings...

    I'm having similar sendmessage.php SPAM problems as others here on a board I administer for a client... about 100 in the past 2 months with about 80 different IP addresses. Lately they're about 4 in a batch, twice a day.

    It made me think back a couple of years ago at a similar problem I had from using the old wwwboard cgi script where these bots hit domainname.com and tried several different common posting strategies. At my current server logs confirmed my suspicion that the IP trail indicates the entrance of the culprit is directly to the domainname.com/sendmessage.php file.

    I am still running 3.5 awaiting a MySQL upgrade on the server to run vBulletin 3.6... oh, and my current Mac-based server setup doesn't support GD or ImageMagick.

    Since this SPAM is really annoying and I figured I'd try this experiment...

    I renamed the sendmessage.php file to something different, and changed the references in the template via the Style Manager to match that new name. So far, so good. My quandry is that there's a reference to sendmessage.php in the vbulletin_global.js file... but I can't seem to update that file due to permissions problems on the server... and of course I have little idea as to what that file does.

    Any feedback would be appreciated.
    Last edited by SurfCityvBer; Sat 2 Sep '06, 11:51am. Reason: to correct spelling error
    Tags: None
    • cyburbia
      Senior Member
      • Aug 2001
      • 441
      • 3.7.x
      #2
      Visit http://www.dnsstuff.com and perform an IPWHOIS lookup on the originating IP addresses of the emails. I'm willing to bet that they're all from Russia, Belarus or the Ukraine - that was the case with mne when I got hit about a month ago. They were hitting me, even with image verification turned on.

      If that's the case, add this to your .htaccess file.

      Code:
      # Block Eastern Europe hackers and spammers.
<limit GET HEAD POST PUT DELETE>
order allow,deny
# Inhoster: Ukraine
deny from 85.255.112.0/20 195.95.218.0/23 195.255.176.0/22
# resolve.ru: Russia
deny from 72.36.244.129/32 72.36.244.130/31 72.36.244.132/30 72.36.244.136/29 72.36.244.144/28 72.36.244.160/27 72.36.244.192/26
# Prohosim: Russia
deny from 207.58.178.0/24
# TheZone: Bulgaria
deny from 85.217.192.0/18
allow from all
</limit>

# Block Intercage hackers and spammers.
<limit GET HEAD POST PUT DELETE> 
order allow,deny
deny from 69.22.162.0/23 69.31.64.0/20 69.31.80.0/21 69.31.128.0/22 69.31.132.0/23 69.50.160.0/19 216.255.176.0/23
allow from all
</limit>
      According to that I've seen on a few other sites, Intercage has some sort of a relationship with Inhoster, which was the source of most of the "contact us" spam that we got.
      Last edited by cyburbia; Sun 3 Sep '06, 10:05am.
      Cyburbia Forums - a third place for urban planners
      http://www.cyburbia.org/forums

        Comment

        • SurfCityvBer
          New Member
          • Sep 2006
          • 23
          • 3.6.x
          #3
          cyburbia,

          Thanks for the input! I do plan to block the IPs, but I delayed doing so as the problem has been until only recently have they used the same IP more than once.

          In fact, looking at my error logs for the last 36 hours, about 8 of the SPAM attempts occurred since I renamed sendmessage.php are from repeat-offender IP addresses.

          [Sat Sep 2 15:24:14 2006] [error] [client 72.30.131.202] File does not exist: site/sendmessage.php
          [Sat Sep 2 16:37:14 2006] [error] [client 125.244.54.130] File does not exist: /site/sendmessage.php
          [Sat Sep 2 16:39:14 2006] [error] [client 80.81.53.2] File does not exist: /site/sendmessage.php
          [Sat Sep 2 16:39:20 2006] [error] [client 201.0.4.148] File does not exist: /site/sendmessage.php
          [Sat Sep 2 16:41:36 2006] [error] [client 195.175.37.71] File does not exist: /site/sendmessage.php
          [Sat Sep 2 16:51:28 2006] [error] [client 125.63.70.4] File does not exist: /site/sendmessage.php
          [Sat Sep 2 16:51:38 2006] [error] [client 200.71.42.181] File does not exist: /site/sendmessage.php
          [Sat Sep 2 16:51:40 2006] [error] [client 210.0.216.227] File does not exist: /site/sendmessage.php
          [Sat Sep 2 18:47:10 2006] [error] [client 72.30.107.150] File does not exist: /site/sendmessage.php
          [Sun Sep 3 01:21:14 2006] [error] [client 203.79.251.1] File does not exist: /site/sendmessage.php
          [Sun Sep 3 01:21:40 2006] [error] [client 203.26.206.129] File does not exist: /site/sendmessage.php
          [Sun Sep 3 01:21:48 2006] [error] [client 202.29.20.152] File does not exist: /site/sendmessage.php
          [Sun Sep 3 01:26:34 2006] [error] [client 203.109.34.34] File does not exist: /site/sendmessage.php
          [Sun Sep 3 01:26:41 2006] [error] [client 200.88.125.9] File does not exist: /site/sendmessage.php
          [Sun Sep 3 01:26:46 2006] [error] [client 203.160.1.146] File does not exist: /site/sendmessage.php
          [Sun Sep 3 01:30:42 2006] [error] [client 203.109.34.34] File does not exist: /site/sendmessage.php
          [Sun Sep 3 01:30:43 2006] [error] [client 200.65.127.163] File does not exist: /site/sendmessage.php
          [Sun Sep 3 01:30:50 2006] [error] [client 219.93.174.105] File does not exist: /site/sendmessage.php
          [Sun Sep 3 01:34:03 2006] [error] [client 200.65.127.163] File does not exist: /site/sendmessage.php
          [Sun Sep 3 03:43:13 2006] [error] [client 202.213.200.228] File does not exist: /site/sendmessage.php
          [Sun Sep 3 03:43:25 2006] [error] [client 206.82.130.210] File does not exist: /site/sendmessage.php
          [Sun Sep 3 05:05:06 2006] [error] [client 201.0.4.148] File does not exist: /site/sendmessage.php
          [Sun Sep 3 05:06:21 2006] [error] [client 203.26.206.130] File does not exist: /site/sendmessage.php
          [Sun Sep 3 05:06:24 2006] [error] [client 203.160.1.170] File does not exist: /site/sendmessage.php
          [Sun Sep 3 07:13:14 2006] [error] [client 82.103.131.31] File does not exist: /site/sendmessage.php
          [Sun Sep 3 07:13:35 2006] [error] [client 220.228.157.20] File does not exist: /site/sendmessage.php
          Notice the multiple hits from different IPs within a short period of time... this has been a signature pattern for this problem.


          Oh, and I relalize now I should have placed this thread in the version 3.5 forum... sorry about that.

            Comment

            • cyburbia
              Senior Member
              • Aug 2001
              • 441
              • 3.7.x
              #4
              [Sat Sep 2 15:24:14 2006] [error] [client 72.30.131.202] File does not exist: site/sendmessage.php
              Inktomi Corporation : just a search engine.

              [Sat Sep 2 16:37:14 2006] [error] [client 125.244.54.130] File does not exist: /site/sendmessage.php
              PUBNETPLUS, South Korea

              [Sat Sep 2 16:39:14 2006] [error] [client 80.81.53.2] File does not exist: /site/sendmessage.php
              Kurzemes datorcentrs: Latvia

              [Sat Sep 2 16:39:20 2006] [error] [client 201.0.4.148] File does not exist: /site/sendmessage.php
              TELECOMUNICACOES DE SAO PAULO S.A: Brazil

              [Sat Sep 2 16:41:36 2006] [error] [client 195.175.37.71] File does not exist: /site/sendmessage.php
              Turk Telekom: Turkey

              [Sat Sep 2 16:51:28 2006] [error] [client 125.63.70.4] File does not exist: /site/sendmessage.php
              Spectranet Ltd., India

              [Sat Sep 2 16:51:38 2006] [error] [client 200.71.42.181] File does not exist: /site/sendmessage.php
              TV Cable S.A., Colombia

              [Sat Sep 2 16:51:40 2006] [error] [client 210.0.216.227] File does not exist: /site/sendmessage.php
              Hutchison Telecom, Hong Kong

              [Sat Sep 2 18:47:10 2006] [error] [client 72.30.107.150] File does not exist: /site/sendmessage.php
              Inktomi: search engine

              [Sun Sep 3 01:21:14 2006] [error] [client 203.79.251.1] File does not exist: /site/sendmessage.php
              Asia Pacific On-line Services Inc., Taiwan

              I didn't bother with the rest. Looks like they've gone fron static Inhoster IPs to zombies.

              And people think Americans are the most prolific spammers of the world ...
              Cyburbia Forums - a third place for urban planners
              http://www.cyburbia.org/forums

                Comment

                Previous template Next

                Related Topics

                Collapse
                Working...