Auto bot hacking forums! Dev_Tej_Kohli

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Wizzer
    New Member
    • Jul 2002
    • 17

    Auto bot hacking forums! Dev_Tej_Kohli

    This message is appearing over lots of my forums. A search on the net reveals it is spreading like wild fire and no one realises that it a bot hack!

    Hi-this is Dev Tej Kohli
    I am new to this forum.

    Thnx for accepting my registration .


    Search the net and see how many forums have been affected .

    How it is working, what can be done to stop it?
    Last edited by Wizzer; Fri 21 Jul '06, 3:59am.
  • Jinovich
    Senior Member
    • Feb 2005
    • 232
    • 3.5.x

    #2
    Well I presume it has registered as a member?

    If it has I suggest that you enable image verification image in the registration form.

    By going to

    AdminCP --> vBulletin Options --> User Registration Options

    Scroll down to "Image Verification", Ensure you can see the image saying "vBulletin" and if it is there click "Yes" and save it.

    Possibly do an IP search on the account as it must have originated from a computer and if its a Unique IP ban it. Then delete the account so that it will be forced to register again and it will stumble across the image verification process and wont be able to register.

    Oh you can also use:
    Prune tool under "threads and Posts" to delete all his threads easily.

    AdminCP --> Threads and Posts --> Prune

    Comment

    • Wizzer
      New Member
      • Jul 2002
      • 17

      #3
      That's the really scarly thing - I have image verification turned on!

      I have just double checked the forums affected and they all have it turned on. I can only guess that the bot writer has developed some kind of OCR program. To register, reply to the email address and get past the IV, it must be pretty clever code.
      Last edited by Wizzer; Fri 21 Jul '06, 3:41am.

      Comment

      • Wizzer
        New Member
        • Jul 2002
        • 17

        #4
        For the record, the registered email address is:

        [email protected]

        And the registered IP address is:

        220.227.249.85

        Comment

        • Jinovich
          Senior Member
          • Feb 2005
          • 232
          • 3.5.x

          #5
          Originally posted by Wizzer
          That's the really scarly thing - I have image verification turned on!

          I have just double check the forums affected and they all have it turned on. I can only guess that the bot writer has developed some kind of OCR program. To register, reply to the email address and get past the IV, it must be pretty clever code.
          Well if that is the case I take my hat off to them, what about the possibility of being able to IP ban the bot unless it is using proxies.

          Apparently that IP is registered to this company,


          Comment

          • Wizzer
            New Member
            • Jul 2002
            • 17

            #6
            This guy has a website!



            Does some kind of hand writing analasys, maybe that's how he is reading the IV?

            Comment

            • Wizzer
              New Member
              • Jul 2002
              • 17

              #7
              Originally posted by Jinovich
              Apparently that IP is registered to this company,

              http://www.reliancecommunications.co...ocomm/home.jsp
              Looks like that's his ISP.

              Searching for the guys name on Google is frightening, the number of identicle posts he has made on countless forums and all the hosts are welcoming him. At the moment, it doesn't seem to be doing anything more than opening accounts and making one post in the number one forum, but you have to wonder what he is up to and what his plans are for the next move . From his site, it looks like he is lining up a "pay per click through" marketing scam.
              Last edited by Wizzer; Fri 21 Jul '06, 3:58am.

              Comment

              • sweet22
                Senior Member
                • Aug 2003
                • 197

                #8
                ban the username as well.

                Comment

                • Steve Machol
                  Former Customer Support Manager
                  • Jul 2000
                  • 154488

                  #9
                  Wrong forum. Moved.
                  Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                  Change CKEditor Colors to Match Style (for 4.1.4 and above)

                  Steve Machol Photography


                  Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                  Comment

                  • Renn 208
                    New Member
                    • Jun 2006
                    • 1
                    • 3.5.x

                    #10
                    This has also affected my forum...please announce when this problem is understood as it is affecting more by the day.

                    Comment

                    • Anonymous999
                      Senior Member
                      • Aug 2005
                      • 207
                      • 4.1.x

                      #11
                      44 Google Pages all with Dev Tej Kohli on them

                      If this is an autobot that can get past the image verification then thats frightnening !

                      If its not an auto bot then whoever's doing this certainly has a lot of free time!!!

                      They even have a post at vb.org

                      Edit: This should read post at vbadvanced.com (I misread my url and got confused )

                      Seems the only place they havent registered is here!
                      Last edited by Anonymous999; Thu 3 Aug '06, 1:55am. Reason: Mistake on the hyperlink!

                      Comment

                      • Marco van Herwaarden
                        Senior Member
                        • Nov 2004
                        • 6999
                        • 3.8.x

                        #12
                        Originally posted by Anonymous999
                        They even have a post at vb.org
                        That is not a link to vB.org.
                        Want to take your board beyond the standard vBulletin features?
                        Visit the official Member to Member support site for vBulletin Modifications: www.vbulletin.org

                        Comment

                        • steponfrog
                          Member
                          • Mar 2006
                          • 62
                          • 3.6.x

                          #13
                          To me, that...

                          looks very much like he's just registering his name all over the place, so that when you search (or when, say, google bots search for that name - which happens to be his domain turdbucket.com ) that name & domain will pop up right at the top of the results list.

                          This quoted post just shows how right I am....!
                          Originally posted by Anonymous999
                          44 Google Pages all with Dev Tej Kohli on them
                          The man is obviously using all your forums as free advertising billboards; bastardised bulletin boards.

                          It's a very successful marketing ploy, very similar to the old ways of bouncing your domain links from website to website so that your original domain is clocked up more times with major search engines, and which (as I understand) was outlawed a long time ago by search engine owners as an "I'll kick your arse if you do it again" not to do type of thing...! (And, I can't remember what it's technical term is.. someone will though!)

                          I have the feeling that he is in the UK, or that he refers or commutes to the UK as one of his Blogs states:
                          Viral Marketing - kohli
                          If you’d like to see a short news clip about the video, take a look at the BBC website - ‘Amarillo’ video crashes MoD PCs; though for the full version I’d recommend you go to The Sun newspaper and download it from there (you pay £0.50 but all proceeds go to the Armed Forces Memorial Appeal)
                          ...And, he even uses the British ££££, sterling.!

                          If he was elsewhere in the world, surely he'd refer to news items and newspapers from that region?

                          Perhaps he does commute a lot, just a thought, because this place quoted is in India:
                          Originally Posted by Jinovich
                          Apparently that IP is registered to this company,

                          http://www.reliancecommunications.co...ocomm/home.jsp
                          And, I firmly (scuse the pun - firm-ly, as in 'company'... urg.. never mind!) believe that his software is being run from that company and not his domain, which is serious naughty kick ass stuff (unless they do things differently in India!)

                          Whatever the case, if you're not happy with this bloke using your board as free and easy advertising, then you should report the bloke & web address to all seach engines. To me, the way he is advertising is simply a slightly more developed way of the old web address link bouncing of days gone by (and, gone by so much so they are, that when I were a young lad and all this here used to be fields and I used to eat slops for tea and me and me brothers and sister were dunked in the sheep dip regularly because we didn't have money for bathwater... eeeeee, when I were a lad.. No, seriously, it was a long time ago!)

                          And, besides... the most important thing is that if he can hack the IV, perhaps it's time to update the IV software before he manages to flog his methods on to some little 'runts that'll have fun buggering with your forum... who knows, eh?!

                          He needs sorting out, and so does the IV software!

                          I'm not sure that he, in particular, is setting up webclicks, as he is only blogging about webclicks and other things... and, he's only been blogging since Nov' 05. I dunno, it seems he's just blogging, but then he could quite easily make a **LOT** of ca$h from the amount of referrals he gets through the trezillionillionillionillion-and-1 links he has created on Google.

                          However, I completely agree with Jinovich...
                          Original post by Jinovich
                          Well if that is the case I take my hat off to them,
                          But, then he is a very, very nuaghty boy...! (not Jinovich, though, just in case you are misled by that.. but, then I wouldn't know, you'd have to ask Jinovich if he, or she is)

                          Read the 'Requests for Removal of Links or Cached Materials' on this page --> http://www.google.co.uk/terms_of_service.html

                          And, although Google is on the internet and is a very big internet company, they don't seem to have an eMail address (isn't that odd!?) --> http://www.google.co.uk/contact/

                          <EDIT> Actually, he's a CEO of GrafixSoftech
                          This is very, very naughty indeed -->
                          Tej Kohli, CEO said that Mobile Internet Consulting can provide business with immediate, complete and fully customised end-to-end solutions
                          ...And, this is the company --> http://www.grafixsoftech.com/

                          This just shows that he is going for advertising without paying... Google don't like that... probably, not many other Search Engines will either - a company grabbing free advertising, eh!?

                          PS. sorry for the length blarb and waffle!

                          The following whois search just shows that he's registered through 'GODADDY.COM'
                          Registrant:
                          Domain Manager
                          Oficentro Sabana
                          San Jose, SJO 1000
                          Costa Rica

                          Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
                          Domain Name: NAVTEJ-KOHLI.COM
                          Created on: 28-Jun-04
                          Expires on: 27-Jun-07
                          Last Updated on: 21-Jun-06

                          Administrative Contact:
                          Manager, Domain [email protected]
                          Oficentro Sabana
                          San Jose, SJO 1000
                          Costa Rica
                          2908916 Fax -- 2908916

                          Technical Contact:
                          Manager, Domain [email protected]
                          Oficentro Sabana
                          San Jose, SJO 1000
                          Costa Rica
                          2908916 Fax -- 2908916

                          Domain servers in listed order:
                          NS1.NAVTEJKOHLI.COM
                          NS2.NAVTEJKOHLI.COM


                          Registry Status: REGISTRAR-LOCK
                          Registry Status: clientDeleteProhibited
                          Registry Status: clientRenewProhibited
                          Registry Status: clientTransferProhibited
                          Registry Status: clientUpdateProhibited
                          Last edited by steponfrog; Thu 3 Aug '06, 1:41am.
                          _______________________________________________________________

                          Got Shadows, Ghosts, Numb3rs, Angels, or Phenomenon?
                          You're not the only one.!

                          Comment

                          • Wizzer
                            New Member
                            • Jul 2002
                            • 17

                            #14
                            The vBulleting team have clearly read this thread, but so far have only thought to tell us that it's in the wriong place and then correct someone who posted a wrong link. It would be nice to have some more constructive comment from them ?

                            Comment

                            • Anonymous999
                              Senior Member
                              • Aug 2005
                              • 207
                              • 4.1.x

                              #15
                              I have corrected my misposted link with an edit note

                              I was a bit hungover when i got up and got confused

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...