Handbag spam

ningxiaoyan's picture
Removed spam post.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

gtoledo3's picture
Re: Handbag spam

Hey, it's obvious this is a trash spam comment, but I'm curious about something...

When people plan a DoS attack, is this like the base level way of doing it, without using tools like LOIC? I don't know, not clicking on the links. It seems like social engineering like this would be a way of routing more traffic than usual to a given website.

cybero's picture
Re: Handbag spam

IMO - this is an example of routing traffic , there are several posts of this URL, which will have been produced by someone either being paid to post such a link to various forums, or else simply running a script that eventually posts to the number of posted results found. If done automatically it points to a weakness in the site's current capture system, if done manually then it will be some dipwad in a room somewhere earning a few pence per link posted on behalf of this no doubt in other respects bona fide company. The number of links posted indicates a mechanical means of achievement.

I have sent them this email

Quote:

Are you aware that your firm is getting lots of unwanted and impertinent links to this no doubt bona fide site for a no doubt bona fide organisation posted up to forums and blogs that have absolutely nothing by and large to do with your firm's business. see [redacted] for over 4,040,000 results that are far from likely to generate real interest or appreciation in your firm's business. Indeed it is far more likely to bring your firm's business into a state of disrepute.

Removed spam link.

For more than one reason, I do not expect a reply •~

psonice's picture
Re: Handbag spam

You could do it like that, but you wouldn't do it as a general spam post. You'd write something provocative to get people clicking. Think about it a little, which works best as click-bait, an advert for hangbags or "OBAMA AND BRITNEY CAUGHT DOING IT ON CAMERA!"?

The crap above is probably just a con site. Set up some basic site selling random products (this can be automated, searching a bit retail site for popular products and automatically cloning a product list and prices (which are artificially low of course)). Leave it running for an hour or two and you have a few hundred sites up and running. Then set your botnet to work spamming sites like this with links to them. You might only get 1 hit per spammed link, and only 1 in 10 of those hits might risk a purchase, but if you have 10,000 computers spamming 10,000 sites per day the numbers add up. You don't sell any products of course, you just take the card details (or paypal account, or even western union payment) and steal the money.

The other side of it is all the fake products that get sold. I remember a year or two back my wife was buying some expensive hair straighteners. There were about 5 fake sites for every authorised seller offering them, no joke! They were pretty well made sites too, although some were obviously just ripping off the original website. They all appeared high in google's rankings too. Lots of people were complaining that they'd bought the straighteners but they didn't work well and were unreliable - quite a few of those complaints turned out to be from the fake sites, my guess is that the rest were mostly fakes too and they just didn't know it. Point here being: if you're selling fake products, you're not going to worry about using dodgy marketing tactics like spamming websites.

gtoledo3's picture
Re: Handbag spam

That's been my take on it, but I was starting to wonder, because it seemed like one could possibly achieve a DoS if enough links were put out by a bot.

gtoledo3's picture
Re: Handbag spam

Sure, sounds right to me - I would traditionally take it as a spam bot for shady internet sales, but it seems like I've read about people using some really primitive techniques lately when trying to orchestrate DoS attacks, so it got me wondering.

On the note about hair straighteners; my mom asked me to buy a DVD collection of a TV show for a friend of hers, because she's not really an online type of person. I started getting a weird feeling about it, and realized "hey, this show has never been put on DVD". Then I did some searches of the sites selling it, and everyone of the company names turned up people on "rip off reports" complaining about getting... ripped off.

cybero's picture
Re: Handbag spam

Yes but the DoS in that case would more likely not be upon the site posted, by encouraging click throughs.

As it happens, I think psonice is captious of this problem's origin and nature ;the explanation I originally gave came nowhere close except in regards of the mechanical means by which the site's links were posted. A need for more robust captcha check out and chuck 'em if they're unable to do the Turing test, which this crew must have twigged how to overcome.

cybero's picture
Re: Handbag spam

What this link needs is to be buried under a whole slew of new [and pertinent] posts or else for this whole thread to be deleted, albeit that there might well be something to be pondered and solved in regards of what to do about autobots posting links to fake goods sites.

psonice's picture
Re: Handbag spam

We've given ourselves a dilemma - we need to delete the post + thread, or the spammers get what they're after (which isn't just clicks from us, oh no - they want active links to the site to help boost their rankings on google, because that's how google judges site popularity!). We don't want them to 'win' now, do we? But we also have this interesting discussion which is a shame to lose.

Can we just get the original post & title edited and the thread left intact?

cybero's picture
Re: Handbag spam

Actually that is exactly what has been settled upon links have been removed, and this thread with its increasingly interesting discourse on autobots and such has been left intact. Captcha Captcha, that's the key question, or so I would have thought, else how could anyone have registered as a user to place a post, and it must as you I think rightly indicated, be a product of some massive mechanical operation [over 4KK links produced in Google alone]. Come to think of it, may be overkill but I'd do a thread rename if possible. Also one search thread also exists within an earlier post of mine upon this thread, lets stifle those webots and spiders on this thread entirely methinks.

bmellen's picture
Re: spam spam spam spam spam

In the future, if you could all refrain from replying to spam posts so that we don't have to do this kind of extensive editing to avoid nuking a legitimate conversation, it'd be much appreciated.

gtoledo3's picture
Re: Handbag spam

Yeah, I guess I didn't realize it was a big deal... it didn't feel like the forum was going to crumble because of a link staying or not. ("oh no, they went up to 110,686,698 in ratings!") :-)

I guess the next step of innovation for targeting guys like us is for them to figure out how to submit valid code with commented spam url's interspersed :-)

cybero's picture
Re: spam spam spam spam spam

humblest of apologies

gtoledo3's picture
Re: spam spam spam spam spam

Sorry that it took extra work. I didn't know it would be a problem.