Wonder if they're trying to see if they can use it to send spam to other
people... Are there any funky headers or anything like that?
> -Original Message-
> From: Les Mizzell [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 10, 2006 9:52 AM
> To: CF-Talk
> Subject: OT - "Nice site I will
On Thursday 10 August 2006 14:52, Les Mizzell wrote:
> "Nice site I will recommend you to all my friends."
It's a test to find vulnerable sites without bothering to wait for a POST of a
form to come back - just submit the request and check back at some future
point.
--
Tom Chiverton
What would they be waiting for?
-Original Message-
From: Tom Chiverton [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 10, 2006 9:30 AM
To: CF-Talk
Subject: Re: OT - "Nice site I will recommend you to all my friends."
On Thursday 10 August 2006 14:52, Les Mizzell wrote:
&g
On Thursday 10 August 2006 15:44, Andy Matthews wrote:
> What would they be waiting for?
Google to reindex the site.
--
Tom Chiverton
This email is sent for and on behalf of Halliwells LLP.
Halliwells LLP is a limited liability partnership
-Original Message-
From: Andy Matthews [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 10, 2006 10:44 AM
To: CF-Talk
Subject: RE: OT - "Nice site I will recommend you to all my friends."
What would they be waiting for?
-Original Message-
From: Tom Chiverton [mai
ugust 10, 2006 4:55 PM
To: CF-Talk
Subject: RE: OT - "Nice site I will recommend you to all my friends."
Once theyve ran it for a while, theyll give it a week or so and search
Google for the text. If they find it, that means their method of posting it
worked and the site is exactl
.
-Mark
-Original Message-
From: Andy Matthews [mailto:[EMAIL PROTECTED]
Sent: Friday, August 11, 2006 8:10 AM
To: CF-Talk
Subject: RE: OT - "Nice site I will recommend you to all my friends."
Ah...I gotcha. So they Google for the unique text they posted (on your site)
and if the
sage-
>From: Andy Matthews [mailto:[EMAIL PROTECTED]
>Sent: Friday, August 11, 2006 8:10 AM
>To: CF-Talk
>Subject: RE: OT - "Nice site I will recommend you to all my friends."
>
>Ah...I gotcha. So they Google for the unique text they posted (on your site)
>and if
On Friday 11 August 2006 14:17, Mark A Kruger wrote:
> guestbook, what advantage is there to not waiting for the POST request to
> return and googling for my text later? I'm trying to think of a scenario
> where this would save time rather than waste time.
Because google do the indexing and retur
> If you're not getting any text in the message it may be your naming
> convention on the form
"Nice site I will recommend you to all my friends." *is* the text.
That's why I was initially confused about this particular spam bot.
Seemed to serve no purpose.
I understand the bots that fill the
AM
To: CF-Talk
Subject: Re: OT - "Nice site I will recommend you to all my friends."
On Friday 11 August 2006 14:17, Mark A Kruger wrote:
> guestbook, what advantage is there to not waiting for the POST request
> to return and googling for my text later? I'm trying to think of
9:50 AM
To: CF-Talk
Subject: Re: OT - "Nice site I will recommend you to all my friends."
Having no link in the message of any kind threw me off at first. Why not
go ahead and try to post all the intended spam the first time around
instead of a two tiered attack? Twice the work to do it
> Don't most guestbooks or blogs automatically post the
> message? Why would
> you need to wait to check? Couldn't you check right away? I
> must be missing
> something.
I think it's because these guys are using software to post to thousands
of sites at once. It would be quite a job to manuall
On Friday 11 August 2006 15:02, Mark A Kruger wrote:
> Don't most guestbooks or blogs automatically post the message? Why would
I think it is Blogger that goes so far as to say 'there may be a delay before
your message appears'
> you need to wait to check? Couldn't you check right away? I must
Ah... I see... So they are now purchasing web forms... (sigh)
-Original Message-
From: Munson, Jacob [mailto:[EMAIL PROTECTED]
Sent: Friday, August 11, 2006 10:01 AM
To: CF-Talk
Subject: RE: OT - "Nice site I will recommend you to all my friends."
> Don't most g
One of my colleagues suggested a solution that almost works, On the form page
you have a form field which has the time when the form is loaded (now()), on
the action page, you make sure hte field exists, and then also see if now() now
is atleast 1-2 seconds more than the formfield value (hoping
I implemented something like that a few weeks ago ( checking time to
post and also the referrer) and it does help a lot... most of the bots
somehow set the referrer to be the action page.. but some set it to
the original form page also.. but the time never looks
right.. usually either 0 second
st 11, 2006 9:18 AM
To: CF-Talk
Subject: RE: OT - "Nice site I will recommend you to all my friends."
Tom or Andy,
Fill me in on this a little more. If I'm a hacker posting to a blog or
guestbook, what advantage is there to not waiting for the POST request to
return and googling for
ssage-
From: Brian Dumbledore [mailto:[EMAIL PROTECTED]
Sent: Friday, August 11, 2006 11:32 AM
To: CF-Talk
Subject: Re: OT - "Nice site I will recommend you to all my friends."
One of my colleagues suggested a solution that almost works, On the form
page you have a form field which has th
On Friday 11 August 2006 21:18, Al Musella, DPM wrote:
> somehow set the referrer to be the action page.. but some set it to
Sending custom HTTP headers is trivial.
Referer should not be used as part of security.
> the original form page also.. but the time never looks
> right.. usually either
20 matches
Mail list logo
