Security: Silent Spamming - Is your Website Being Abused?

[Kathy]

Kathy submitted a new Article:

Security: Silent Spamming - Is your Website Being Abused?

Silent Spamming on Your Forums: Is your Website Being Abused?

Website Abuse

Do you have full and proper control of your website? It's possible you do. But if you run a successful web site, blog, or forum, then there's a good chance that your site is being abused.

Many webmasters are helping support adult and spam marketing sites – without ever realising it.

In their constant battle to seek out every exploitable niche of internet space, many spammers have resorted to a practice referred to as "Silent Spamming".

That is, a form of spamming that is effectively invisible to most human users – but very visible to the very thing that the spammers are targeting most: search engines.

And they could be manipulating your site to do it.

Silent spamming

The more overt e-mail spamming is well known to all. Without the overheads that postal marketing encumbers, e-mail marketing can reach millions of people with extremely minimal cost.

And because of the volumes involved, even the smallest return is clear profit.

But the backlash against unsolicited e-mail marketing (not least the implementation of legislation against spamming in Europe and the USA), coupled with the ever increasing importance of search engines for website marketing has led to a more subversive trend: the direct yet invisible abuse of websites. Silent spamming.

This article will cover some of the commonest methods that are used, and offers solutions to each of them.

Forum Spamming

Many forum administrators and moderators are all too familiar with the problem of blatant spamming by hit and run visitors to their boards. However, most are completely unaware that they are also likely being "Silent Spammed".

The simplest way this happens is for the spammer to register as a member, and simply link to their website from their member profile. The end.

If the forum is spidered by search engines, then the profile link will show as a backlink to the site in question. That means that it benefits the spammer and helps promote their site.

That may not sound terrible in itself – until you realise that these links go to any range of porn sites, incest sites, and penis extension sites. Member profiles could even be linking to child abuse sites. And your forum could be being manipulated to promote them.

The scale of the problem is also not to be discounted.

Realise that many Silent Spammers have multiple web sites, and therefore will...

Read more about this article here...

 

[kerplunk]

I wouldn't recommend this unless for some reason you don't want the huge advantage of having search engines list your message boards.

 

[Sal Collaziano]

Great article.. Kerplunk, this is only blocking your Memberlist from the search engines - not the message board itself...

 

[eijikel]

Excellent article!

 

[Brian Turner]

Why, thank you.

I only discovered the problem when a moderator in my religion forum noticed a new user by the name of "!_!_!" with a porn link in their profile.

When I ran a search of the memberlist I found lots of similar members. It was strange experience watching these people constantly registering, not realising I was on to them.

Most of the "silent spammers" are themselves victims - not simply of their own greed, but of "work at home get rich schemes". They're basically reselling as affiliates, and trying to earn money through various affiliate programs.

There's probably a handbook out there specifically recommending spamming forum memberlists in this way - and I strongly suspect there's a special section on vBulletins, as phpbb's that I've looked at arrange their memberlists in such a way as to be entirely disadvantageous to these spammers.

It's all "poor man SEO" really, and the abuse of memberlists is easily countered. But I guess, as with many things in life, people need being made aware of the problem in the first place so that it can be addressed.

 

[/dev/urandon]

I have alot of silent spammers at vBt I am having to delete all the time, it's everywhere to, not just on vBulletins. I see it on almost every forum I visit now a days

 

[/dev/urandon]

Im back with my solution, I relize this is not a hacking forum but I thought a one liner would be ok.

Basicly, ive hacked memberlist.php to only show users that have 1 or more posts, ive never seen one of these users post before, and seeing how I could not keep up with them before they showed up on my memberlist. I settled on this.

Open your memberlist.php file and find:

	AND user.usergroupid IN ($ids)

Replace it with:

  			AND user.usergroupid IN ($ids)
			// HACK HACK HACK HACK (0 posters will not show on memberlist)
			AND user.posts >= 1
			// END HACK HACK HACK

The number 1 in the new line specifys the number of posts a user needs before they will show up on the list.

 

[welo]

Your hack doesn't work on RC4. However, if you change the Default "Members" group to something like "Starter Member", give them maybe five posts to make it past that level and make this group non-viewable on the member list, it does the same thing.

 

[/dev/urandon]

It dose work on vB 3 rc 4, I have it running on www.vbulletintemplates.com

 

[welo]

I'm not making this up:

Database error in vBulletin 3.0.0 Release Candidate 4:


Invalid SQL: 
                SELECT user.*,usertextfield.*,userfield.*, user.userid, options,
                        IF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid
                
                ,avatar.avatarpath,NOT ISNULL(customavatar.avatardata) AS hascustomavatar,customavatar.dateline AS avatardateline
                
                
                FROM vb3_user AS user
                LEFT JOIN vb3_usertextfield AS usertextfield ON(usertextfield.userid=user.userid)
                LEFT JOIN vb3_userfield AS userfield ON(userfield.userid=user.userid)
                
                LEFT JOIN vb3_avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN vb3_customavatar AS customavatar ON(customavatar.userid = user.userid)
                
                WHERE 1=1
                        AND user.usergroupid IN (0,9,10,11,18,7,15,6,17,2,5)
                        // HACK HACK HACK HACK (0 posters will not show on memberlist)
                        // AND user.posts >= 5
                        // END HACK HACK HACK
                ORDER BY user.username asc 
                LIMIT 0, 30

Dunno man. Are you not using database table prefixes on your version? This might have something to do with it.

 

[/dev/urandon]

Change:

// AND user.posts >= 5

to:

AND user.posts >= 5

 

[Wired]

So the file is just this?

User-agent: *
Disallow: /forum/memberlist.php

Sweet!

 

[Nicholas]

Either way, it's an excellent article. I've noted this happening when my site suddenly gets links from the weirdest places that have nothing to do with my subject matter (from porn sites all the way to John Kerry's blog), but didn't realize it was a rampant thing.

 

[Lee Davies]

Indeed, I've only just found this by chance and great work!

If I recall, a majority of our (all forums everywhere) boards where Silient Spammed, by Hydromedia (click here for more info).

I'll definately be using robots.txt as well as possibily using the query too. Though now I've heard these people are posting at least once to get around this.

 

[powerstroke]

Here is a good article about crime not paying. Check out what he got a month. WOWZA!

http://www.pcworld.com/news/article/0,aid,118493,tfg,tfg,00.asp

 

[cori]

One thing this article misses that I've recently seen a lot of is wiki-spamming - hiding a long list of links in "invisible" text on a page in a wiki.

Readers never see them - they're only visible through the edit pages, and unless you subscribe to a recent changes feed you're likely to miss them.

 

[mobo]

The robots.txt file should in all theory do the job so Im off to try. Thanks for the heads up kathy. Great article and well deserving of a bump..

Bumpty bump

 

[The Wizard]

We faced this problem about a year ago and disabled signature and user profile spamming for the same reason. There is also a chace of mass PMing, if you come across them make sure to add the site URL to your word filter and replace it with ILLEGAL URL or something similar.

 

[dollarman]

Nice read, great job Kathy!

 

[Schwpz]

Thank you so much for sharing this information.
I had never thought of it (God, I'm so naive!! XD), and after taking a closer look at some of the unactivated accounts in the memberlist I did find quite a few horrible links. I have deleted about 60 such accounts so far, and I have banned the email prefix @mail.ru from the forum, as it seems to be popular among the silent spammers on my site.
In addition I removed completely the website addresses from the memberlist. No website link in the memberlist means no way to promote a website link without posting, which should take care of the problem for my part. Now that I'm thinking of it I'm not even quite sure why it's default to have website addresses on phpBB memberlist pages. It was a very easy operation and I only needed to edit 2 files, I'll be glad to help anyone out if needed.

Thanks again for sharing this information Kathy, you have been the most helpful!