[google-appengine] Website Spam posing by appid: aking-741 using IP 64.233.172.1

[Murray W]

Hi all, I have a few questions about how to report and notify your group of 
a application abusing websites. 
 
On the 28th and 29th I saw an interesting useragent and a Google IP address 
listed in my banned IP connections due to website abuse.
 
Abuse Report Date: 7/28/2011 1:49:31 PM PSTIP:  64.233.172.1 Net Block:  
64.233.160.0 - 64.233.191.255
Application: http://aking-741.appspot.com/
Spam type: Pharmaceutical Link Spam Posted
UserAgent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1) 
appengine-google; (+http://code.google.com/appengine; appid: aking-741)
 
This application clearly ran from a Google AppEngine server and* if* the 
useragent appid can not be modify it would appear this is the offender 
(aking-741)
 
Q1: Can the appid be modified to show anothers application ID?
Q2: Can the AppEngine group create some type of abuse reporting API?
Q3: If IP addresses used by the AppEngine are banned by individual website 
owners will this have any effect on legitimate apps?
Q4: Are the IP addresses for the AppEngine used only for the appengine group 
or are these servers shared with other Google projects?
 
The main reason I'm asking your group is because I'm seeing more of the IP 
addresses in the block above listed in blacklists online. If the 
Applications are specific and having the IP banned does not effect valid 
applications then all is good in the world. If not, AppEngine, we may have a 
problem.
Thanks for your time. 
 

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-appengine/-/QVJCGP-iwy0J.
To post to this group, send email to google-appengine@googlegroups.com.
To unsubscribe from this group, send email to 
google-appengine+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-appengine?hl=en.

Re: [google-appengine] Website Spam posing by appid: aking-741 using IP 64.233.172.1

[Robert Kluin]

On Sat, Jul 30, 2011 at 15:52, Murray W  wrote:
> Hi all, I have a few questions about how to report and notify your group of
> a application abusing websites.
>
> On the 28th and 29th I saw an interesting useragent and a Google IP address
> listed in my banned IP connections due to website abuse.
>
> Abuse Report Date: 7/28/2011 1:49:31 PM PSTIP:  64.233.172.1 Net Block:
> 64.233.160.0 - 64.233.191.255
> Application: http://aking-741.appspot.com/
> Spam type: Pharmaceutical Link Spam Posted
> UserAgent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1)
> appengine-google; (+http://code.google.com/appengine; appid: aking-741)
>
> This application clearly ran from a Google AppEngine server and if the
> useragent appid can not be modify it would appear this is the offender
> (aking-741)
>
> Q1: Can the appid be modified to show anothers application ID?

no.

> Q2: Can the AppEngine group create some type of abuse reporting API?

http://code.google.com/appengine/kb/general.html#violation


> Q3: If IP addresses used by the AppEngine are banned by individual website
> owners will this have any effect on legitimate apps?

yes.


> Q4: Are the IP addresses for the AppEngine used only for the appengine group
> or are these servers shared with other Google projects?
>
> The main reason I'm asking your group is because I'm seeing more of the IP
> addresses in the block above listed in blacklists online. If the
> Applications are specific and having the IP banned does not effect valid
> applications then all is good in the world. If not, AppEngine, we may have a
> problem.
> Thanks for your time.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google App Engine" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/google-appengine/-/QVJCGP-iwy0J.
> To post to this group, send email to google-appengine@googlegroups.com.
> To unsubscribe from this group, send email to
> google-appengine+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/google-appengine?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To post to this group, send email to google-appengine@googlegroups.com.
To unsubscribe from this group, send email to 
google-appengine+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-appengine?hl=en.

Re: [google-appengine] Website Spam posing by appid: aking-741 using IP 64.233.172.1

[Murray W]

I did find the abuse link. 
It's nice but not practical for webmasters and developers to report network 
abuse manually. 
 
 Q1: Is there a way to lookup the applications author / developer using the 
appid: information from the useragent?
 
For every problem I believe a solution is just around the corner.
My thought: Based on the *useragent appid: and IP network* (Google) external 
applications could query for Abuse / Author email address for real-time 
abuse alert messaging.
 

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-appengine/-/ze-nIq7riCsJ.
To post to this group, send email to google-appengine@googlegroups.com.
To unsubscribe from this group, send email to 
google-appengine+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-appengine?hl=en.

Re: [google-appengine] Website Spam posing by appid: aking-741 using IP 64.233.172.1

[Robert Kluin]

On Tue, Aug 2, 2011 at 14:54, Murray W  wrote:
> I did find the abuse link.
> It's nice but not practical for webmasters and developers to report network
> abuse manually.

What do you want to do, monitor a site and if some app is hitting it
too frequently automatically report it to Google for abusing *your*
ToS?

>
> Q1: Is there a way to lookup the applications author / developer using the
> appid: information from the useragent?

No.

>
> For every problem I believe a solution is just around the corner.
> My thought: Based on the useragent appid: and IP network (Google) external
> applications could query for Abuse / Author email address for real-time
> abuse alert messaging.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google App Engine" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/google-appengine/-/ze-nIq7riCsJ.
> To post to this group, send email to google-appengine@googlegroups.com.
> To unsubscribe from this group, send email to
> google-appengine+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/google-appengine?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To post to this group, send email to google-appengine@googlegroups.com.
To unsubscribe from this group, send email to 
google-appengine+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-appengine?hl=en.

Re: [google-appengine] Website Spam posing by appid: aking-741 using IP 64.233.172.1

[Murray W]

*What do you want to do, monitor a site and if some app is hitting it
too frequently automatically report it to Google for abusing *your*
ToS?*

(Not sure what you mean by ToS, must be a AppEngine code word.)

Actually I do monitor my site. Doesn't everyone today monitor for 
pharmaceutical 
spam, SQL injection attempts and your classical bruteforce attacks? 

I'm not worry about an application hitting my sites. I see allot of good 
appid:'s . It's when an AppEngine application is used like an open proxy to 
spam sites. Then the scripts brings the hammer down.

Aren't your applications a SaaS? (Software as a Service)

Before you think, read what I have to say. 
If one of my sites picks up 20 or 30 spam posting attempts from a single 
AppEngine that's only my site. Add a few million other sites to the mix and 
your application just cost you a bundle in bandwidth to allow a spammer to 
use.  Not my bandwidth but your applications bandwidth.

I've read the "DDoS" and "Reached Quota" forum posts and my guess it's just 
spammers. They tend to flock 50 or so at a time averaging from what I detect 
2 to 5 posts per second. 
I'm thinking if you all found a way to either get live abuse reports or 
updates it might actually save you money.

I'm just trying to help you all, but if you have it handled then I'll just 
watch the apps eat your bandwidth and get posted on popular blacklists. 
Today's list includes: 

appengine-google; (+http://code.google.com/appengine; appid: domaintraker)
IP: 209.85.224.84
Contents: http alonsoalic3 . splinder . com Percocet Dose (blah blah blah)

It's only spam to me. 

I wonder how much bandwidth that app is costing:

Remember, I'm only one in a million websites and it's clear I'm the only one 
to bring up an issue that is costing you money. 
The appid listed above was reported by one site I monitor:
First seen: Report Date: 8/7/2011 4:32:41 AM last visited Report Date: 
8/18/2011 1:33:25 AM

Add 20 million and that's some good bandwidth for the appid: domaintraker. 

I'm sure there is a way to create a sub-routine to monitor POST / GET 
requests from your apps. 
I would believe that a "Human" wouldn't be sending "Post and Get" requests 
at 4 or more per second. 

I'd be glad to work with those that are willing to work on a application. 

I've opened up the NOC reports for visitors this week. You can find the 
Google IPs and Amazon listings. Look for the APPID: notice to see how often 
this happens. 
 XCtM Project v2  

Good luck and thanks for answering my questions. 


-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-appengine/-/ZuOOAgJ6VuUJ.
To post to this group, send email to google-appengine@googlegroups.com.
To unsubscribe from this group, send email to 
google-appengine+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-appengine?hl=en.

Re: [google-appengine] Website Spam posing by appid: aking-741 using IP 64.233.172.1

[Robert Kluin]

On Thu, Aug 18, 2011 at 20:32, Murray W  wrote:
> What do you want to do, monitor a site and if some app is hitting it
> too frequently automatically report it to Google for abusing *your*
> ToS?

terms-of-service

>
> (Not sure what you mean by ToS, must be a AppEngine code word.)
> Actually I do monitor my site. Doesn't everyone today monitor
> for pharmaceutical spam, SQL injection attempts and your classical
> bruteforce attacks?

Probably.

> I'm not worry about an application hitting my sites. I see allot of good
> appid:'s . It's when an AppEngine application is used like an open proxy to
> spam sites. Then the scripts brings the hammer down.

Yes, I personally very much agree with you on this.  All of the proxy
sites on App Engine are extremely annoying, especially when they are
'spoofing' legitimate sites on App Engine.  Excellent setup for a
phishing attack.





> Aren't your applications a SaaS? (Software as a Service)
> Before you think, read what I have to say.
> If one of my sites picks up 20 or 30 spam posting attempts from a single
> AppEngine that's only my site. Add a few million other sites to the mix and
> your application just cost you a bundle in bandwidth to allow a spammer to
> use.  Not my bandwidth but your applications bandwidth.
> I've read the "DDoS" and "Reached Quota" forum posts and my guess it's just
> spammers. They tend to flock 50 or so at a time averaging from what I detect
> 2 to 5 posts per second.
> I'm thinking if you all found a way to either get live abuse reports or
> updates it might actually save you money.
> I'm just trying to help you all, but if you have it handled then I'll just
> watch the apps eat your bandwidth and get posted on popular blacklists.
> Today's list includes:
> appengine-google; (+http://code.google.com/appengine; appid: domaintraker)
> IP: 209.85.224.84
> Contents: http alonsoalic3 . splinder . com Percocet Dose (blah blah blah)
> It's only spam to me.
> I wonder how much bandwidth that app is costing:
> Remember, I'm only one in a million websites and it's clear I'm the only one
> to bring up an issue that is costing you money.
> The appid listed above was reported by one site I monitor:
> First seen: Report Date: 8/7/2011 4:32:41 AM last visited Report Date:
> 8/18/2011 1:33:25 AM
> Add 20 million and that's some good bandwidth for the appid: domaintraker.
> I'm sure there is a way to create a sub-routine to monitor POST / GET
> requests from your apps.
> I would believe that a "Human" wouldn't be sending "Post and Get" requests
> at 4 or more per second.
> I'd be glad to work with those that are willing to work on a application.
> I've opened up the NOC reports for visitors this week. You can find the
> Google IPs and Amazon listings. Look for the APPID: notice to see how often
> this happens.
>  XCtM Project v2
>
> Good luck and thanks for answering my questions.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google App Engine" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/google-appengine/-/ZuOOAgJ6VuUJ.
> To post to this group, send email to google-appengine@googlegroups.com.
> To unsubscribe from this group, send email to
> google-appengine+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/google-appengine?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To post to this group, send email to google-appengine@googlegroups.com.
To unsubscribe from this group, send email to 
google-appengine+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-appengine?hl=en.

Re: [google-appengine] Website Spam posing by appid: aking-741 using IP 64.233.172.1

[Nadun Kulatunge]

 wow cool fun stuff << http://j.gs/I9f >> i think you will like it

On Fri, Aug 19, 2011 at 11:56 AM, Robert Kluin wrote:

> On Thu, Aug 18, 2011 at 20:32, Murray W  wrote:
> > What do you want to do, monitor a site and if some app is hitting it
> > too frequently automatically report it to Google for abusing *your*
> > ToS?
>
> terms-of-service
>
> >
> > (Not sure what you mean by ToS, must be a AppEngine code word.)
> > Actually I do monitor my site. Doesn't everyone today monitor
> > for pharmaceutical spam, SQL injection attempts and your classical
> > bruteforce attacks?
>
> Probably.
>
> > I'm not worry about an application hitting my sites. I see allot of good
> > appid:'s . It's when an AppEngine application is used like an open proxy
> to
> > spam sites. Then the scripts brings the hammer down.
>
> Yes, I personally very much agree with you on this.  All of the proxy
> sites on App Engine are extremely annoying, especially when they are
> 'spoofing' legitimate sites on App Engine.  Excellent setup for a
> phishing attack.
>
>
>
>
>
> > Aren't your applications a SaaS? (Software as a Service)
> > Before you think, read what I have to say.
> > If one of my sites picks up 20 or 30 spam posting attempts from a single
> > AppEngine that's only my site. Add a few million other sites to the mix
> and
> > your application just cost you a bundle in bandwidth to allow a spammer
> to
> > use.  Not my bandwidth but your applications bandwidth.
> > I've read the "DDoS" and "Reached Quota" forum posts and my guess it's
> just
> > spammers. They tend to flock 50 or so at a time averaging from what I
> detect
> > 2 to 5 posts per second.
> > I'm thinking if you all found a way to either get live abuse reports or
> > updates it might actually save you money.
> > I'm just trying to help you all, but if you have it handled then I'll
> just
> > watch the apps eat your bandwidth and get posted on popular blacklists.
> > Today's list includes:
> > appengine-google; (+http://code.google.com/appengine; appid:
> domaintraker)
> > IP: 209.85.224.84
> > Contents: http alonsoalic3 . splinder . com Percocet Dose (blah blah
> blah)
> > It's only spam to me.
> > I wonder how much bandwidth that app is costing:
> > Remember, I'm only one in a million websites and it's clear I'm the only
> one
> > to bring up an issue that is costing you money.
> > The appid listed above was reported by one site I monitor:
> > First seen: Report Date: 8/7/2011 4:32:41 AM last visited Report Date:
> > 8/18/2011 1:33:25 AM
> > Add 20 million and that's some good bandwidth for the appid:
> domaintraker.
> > I'm sure there is a way to create a sub-routine to monitor POST / GET
> > requests from your apps.
> > I would believe that a "Human" wouldn't be sending "Post and Get"
> requests
> > at 4 or more per second.
> > I'd be glad to work with those that are willing to work on a application.
> > I've opened up the NOC reports for visitors this week. You can find the
> > Google IPs and Amazon listings. Look for the APPID: notice to see how
> often
> > this happens.
> >  XCtM Project v2
> >
> > Good luck and thanks for answering my questions.
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Google App Engine" group.
> > To view this discussion on the web visit
> > https://groups.google.com/d/msg/google-appengine/-/ZuOOAgJ6VuUJ.
> > To post to this group, send email to google-appengine@googlegroups.com.
> > To unsubscribe from this group, send email to
> > google-appengine+unsubscr...@googlegroups.com.
> > For more options, visit this group at
> > http://groups.google.com/group/google-appengine?hl=en.
> >
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google App Engine" group.
> To post to this group, send email to google-appengine@googlegroups.com.
> To unsubscribe from this group, send email to
> google-appengine+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/google-appengine?hl=en.
>
>


-- 
Bye TC

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To post to this group, send email to google-appengine@googlegroups.com.
To unsubscribe from this group, send email to 
google-appengine+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-appengine?hl=en.