Strange site attack - help please!

[rynnor]

My mates site has a message board using Frontpage's message board - which has been Ok'ish for a few years but in the last week hes started getting a lot of weird messages containing a bunch of URL's which all feature YMRA03 in them.

Does anyone know - A. What the hell are these about?

B. What can he do to prevent them? Can he turn off URL's being permitted in messages using Frontpage?

Heres an example I overwrote bits of with @ signs so that the URL's are no longer valid.

Nice site! <a href="http://@@@@@/ymra03/auto-1.html">auto extended warranty</a> | <a href="http://@@@@@/ymra03/key.html">weddings key west</a> | <a href="http://@@@@@/ymra03/pillows.html">sewing throw pillows</a> | <a href="http://@@@@@/ymra03/reviews.html">lcd hdtv reviews</a> | <a href="http://@@@@@/ymra03/weight.html">diet weight loss</a> | <a href="http://@@@@@/ymra03/discount-3.html">discount hot tubs</a> | <a href="http://@@@@@/ymra03/learning.html">e learning structure</a> | <a href="http://@@@@@/ymra03/electric.html">electric heating pads</a> | <a href="http://@@@@@/ymra03/saws.html">compound miter saws</a> | <a href="http://@@@@@@/ymra03/car-2.html">car rental usa</a>

Any ideas please?

 

[Penguin]

It just looks like regular spam to me? Never used frontpage before so no idea what kind of features it has but maybe if possible make it so that users need to register before posting and perhaps you could include some kind of human verification? (Picture codes etc.)

Might be an idea to try and alternative message board like SMF, PHPBB or MYBB?

- Penguin

 

[TdC]

it's a bot spamming the site. Recently Maljonic had a similar problem on one of his sites. You can check out how our resident webdev people helped him here.

if you like, I can move the whole thread to the webdev forum.

 

[Ch3tan]

There is no point even thinking you have a choice in wether tdc moves it or not, his cold moderator heart will do whatever it wants.







And probably force pictures of kittens on you as well.

 

[rynnor]

it's a bot spamming the site. Recently Maljonic had a similar problem on one of his sites. You can check out how our resident webdev people helped him here.

if you like, I can move the whole thread to the webdev forum.

Aye, just spotted that one and have suggested the dumb question approach to my mate - I dont know if its doable in frontpage but I hope so.

What do the bots gain by spamming these forums tho - are they just hoping people click the links?

Edit - Oh and webdev seems more suitable - do the honours please

 

[Ch3tan]

Yes and probably advertising money for the clicking.

 

[Penguin]

Something we got a fair bit on a web master forum i moderate is links to system "repair" programs which can scan your pc through your browser! (The wonders of GIF/Flash Animations).

 

[Maljonic]

There's been a whole spate of spam attacks on PHPNuke sites this week. Bots that are somehow bypassing the graphic log in protection and storing accounts in the 'waiting to be activiated' tables in the database and all been activated at once in a single day. I think that lattter part might be done by humans who then go and add comments to articles with loads of spam links similar to the stuff you get in junk mail. Casinoes, hoodia etc.

With PHPNuke you can get their IP address once they've posted something and ban it, which is still an arduous task if there's hundreds of them but seems to work.

I think integrating the dumb question thing on signup might work though, I guess the bots are only programmed with PHPNuke's (or front page in your case) security in mind and wont get past something you invent yourself and 'include' it from a file name of your own invention too.

Edit: in fact just changing the name of your signup page might do the trick in some cases?

 

[TdC]

there you go

on topic: I actually turned off certain aspects of my CMS because it was getting spammed there were widgets I could ahve installed ofc, but at the time I was in a more "ffs get rid of" mood :/


edit: cold moderator heart? I'll have to remember that

 

[Maljonic]

Yeah I just turned of all comments on Planet Surveyor because I just can't be arsed at the moment.

 

[Shovel]

What do the bots gain by spamming these forums tho

Google Juice. Google's and other search engine algorithms base certain amounts of their rankings on incoming links. Therefore by spamming your forum each of those links gets one extra point in the link count. Furthermore, the link text (e.g. ‘LCD HDTV Reviews’) is percieved as a search term that someone is likely to use, therefore the link is also associated with that search.

In conclusion, the world is full of scum bags.

You can improve matters a bit… Using a less common formatting system in your comments and rejecting HTML/BBCode will help. Something like Textile, for instance is an excellent alternative.

Note the bit about rejecting HTML/BBCode though. Recently my blog has had spam that includes both HTML and BBCode versions of the links. There's nothing to say that they won't at some point start including Textile code in there too, but if you reject HTML/BBCode those messages will still bounce.

Also, when your messageboard converts comments into HTML you can add the rel="nofollow" attribute to the anchor. This tells the major search engines to ignore the link and therefore means that the spam won't have any effect. However, a year on from its introduction, nofollow has done nothing to reduce the amount of spam people get (and arguably you want to allow legitmate comments to spread Google love anyway. It's not Google's finest hour anyway).

My prefered anti-spam technique remains the 'human parsable question' technique which others have linked to: ‘What colour is an Orange’ and so on nukes the automated bots without limiting the languages users can use and so on.

As for whether any of this can be implemented with Frontpage, I have no idea. Ultimately if your friend's choice of messageboard can't cope with spam then it's probably time to migrate to new software that can.