The iTest starts in 12 days
Wed September 10, 2008

WOOT Orientation in 12 days
Wed September 10, 2008

19th Birthday in 14 days
Fri September 12, 2008

HMMT Registration in 33 days
Wed October 1, 2008

USAMTS Deadline in 46 days
Tue October 14, 2008

Intel STS Deadline in 82 days
Wed November 19, 2008

AMC Registration in 108 days
Mon December 15, 2008

AMC 12A in 165 days
Tue February 10, 2009

World Math Day in 187 days
Wed March 4, 2009

AIME I in 213 days
Mon March 30, 2009

USAMO in 242 days
Tue April 28, 2009

ARML in 273 days
Fri May 29, 2009

21st Birthday in 744 days
Sun September 12, 2010

Turning 40 in 7684 days
Wed September 12, 2029

tags in Topics

more tags

Feeds

Navigation

Links

If you liked this post, buy me a beer... I mean cookie.

Spam

Most sophisticated and dangerous Facebook spam spotted

Posted January 15th, 2008 by Mgccl

Maybe you have seen a lot of spam on facebook. Messages and Funwall are usually where it stays. But, me, a really sophisticated person who used internet for half of my life, don't fall into spams, especially facebook messages and funwall, because with a little brain power, spam can be identified. A unknown person sending crap and funwall mass posting... ok, we get it.
But I never, ever expected facebook spam can be on my wall, the original facebook wall! Because I let my guard down, I finally fall for a spam.
This spam is not like normal spam, it's sophisticated spam. Please wait for explanation after reading my story.

Wall post:

hey... did you can almost get find anyone song available at http://got-served.com for you cell?

I will use "she" and "her" referring to the spam sending victim... for privacy sake(my blog is part of the mass media).
At first, I was a bit suspicious.
1. Initial response "What are you smoking?" The person who send it to me is the no.1 smartest kid in school, so those kind of grammar error is just.... shocking...
2. After visiting the URL, I found it redirect to another site, if I refresh, it shows another layout. The URL is a Doorway page, what spammers love to use. start to suspicious.
3. The wall post was posted at 12:24 pm today, I was with her at the AP chem class at that moment. Unless she uses her cellphone to post it, there is no other way. But seriously.. who would relies on me so much to actually use a cellphone to post a message like that?
But, I just don't believe there are something that can go into people's Facebook and post a wall post. I know no Facebook applications can do that.
So, I replied to the wall post with around 10 minutes of research across the internet.
And, to my surprise, 2 hours later, she told me that she never wrote the wall post.
I have been tricked by a spam! Nooo, that never happened in years!!! Not since the first time I clicked on a spam link!!!

After that, I start to do analysis(calculus!) on this spam.
First of all, I did some research, and found a forum post and a blog post with the same experience. The dates are really recent, so, not a lot of people noticed it yet.

Then, I wonder, how come this spam didn't get a lot people to notice, because usually, each user under the spammer's influence will send thousands of copies and...
The spammers are smart...
I'm the only person on her contact got this spam, in fact, I believe I'm the only person in my entire school got spammed.
So the spam isn't wide spread.
But why didn't the spammer send a lot? Spams like this can go maybe a few hours without wide notice, that can generated enough traffic to brighten those black hat customers' day.
Aha, on Facebook, a person can see who post on whose wall, so... 1000 same wall post can be easily spotted and suspected. "why all my friends getting the same(or similar) wall posts?"

She have over 100 friends, how come I'm the one to get the spam? is this spamming program smarter than I think?
Some hypothesis...
1. We have 29 posts on the wall to wall. the spam would assume I'm close to her and I'm more likely to pay attention to the wall post than others.
2. There are a few people with more posts on her wall... maybe it depends on how many characters are contained in total, I do write too much on walls...

This lead us to the worst possible conclusion.
Spammers are and capable to using your friends against you with a high chance of success1.
They have bring the unholy to the best social network ever...
I bet they are celebrating their success by drinking the blood of little children.

1. well...they always have been, but not on Facebook Walls

The blog's recent attacker/spammer

Posted July 8th, 2007 by Mgccl

evil spammer with evil information
The comment filled with useless characters and direct to URLs that does not exist. and the commenter IP is changing all the time.
This could only mean one thing. The spammer is using a testing it's power...

Only read the following if you are the spammer, don't tell me I didn't warn you:

Shame on you!!!
SHOW YOURSELF!!!
Who ever you are, I deleted all the spam/attack comment you made. I see you are still spamming, and I will be up here all night delete everything you made!
This blog is running on a kind person's hosting, don't you dare put your dirty claws on this server!
I made comment free for all (except people who can't solve basic math), and you spammers/attackers to abuse the system. Don't make me start the moderation system!

Don't ever f*ck with Chinese bloggers/web developers who is learning C++, because we WILL eat your babies and blog about it!

...and... don't attack my site when I'm on the airplane.... duel me fair and square!

Bots get the Honey Pot--bees will do the justice

Posted May 7th, 2007 by Mgccl

Bots
Spam

Harvesters and Comment Spam bots? Time for them to get pwned!
Akismet, Bad Behavior are doing their part, but one more recruit won't hurt.
Project Honey Pot just planted a pot in my site and waiting for bots to fly in and get screwed ...screwed well
The project let user downloads a small honey pot script and upload on your website. Then, after setting up, put a link to the script in the page, but can't be seen by normal visitors so only the evil bots will click on it and wala...
This is what happens to harvesters
This is what happens to spam bots

Blog owners who does not have PHP or other server side script support, you can sign up for a link from the project site so you don't have to host it.

Wordpress and phpbb seems like the center of spambot's attention

Posted April 26th, 2007 by Mgccl

Today, I browsed the Top 'page not found' errors page in my blog so I can setup some redirections. Two of those entries are very unusual.

Top 'page not find' errors

The wp-comments-post.php is a file usually used in wordpress to submit a comment, it's common someone will access that script, but it is uncommon to access it directly since that page does not make sense to humans.

The other one features "/phpbb". spambot mistake that as where phpbb is installed. That post is 5 months old and not popular posts, it's only logic to assume spambot is the one that views that page.

That's pretty much explains why there is so little spam in my site now(I didn't even implement CAPTCHA!) , the spambots that visit my site are mostly ones made to target wordpress and phpbb. Glad I made the switch :)

Mgccl's blog
1 comment
28197 reads

Bad Behavior

Posted January 28th, 2007 by Mgccl

Bad behavior just WORKS! The bad behavior block count in the footer of the page shows 231. It is pretty powerful because I have only installed it for 2 days. There is no spam in the comment, and there is only one spam found. I have just added bad behavior on my forum and let us check out how it does.

Bad Behavior works by checking the HTTP user agent, check the database of the bad bots, if matches, block them entirely. Because this works before the bot can even get into your site, it saves your time by not loading the entire page. I think any CMS should have incorporate this system into their script because for the basic function, only one line of code is need to be added.