Share This!

Tuesday, January 25, 2011

Junk Posts

I have a page on my site that allows interested parties to post questions to my business.  Recently it's been flooded with these junk posts.  I'm not sure what the payload is, because my e-mailer strips out all the HTML and JavaScript before messaging me.  There is one aspect of this that I find somewhat disturbing though.


All the posts are similar, but they come from IP addresses all over the world.  Here are the latest ones:

IP addressevent occuredCountry
125.7.106.362011-01-25 03:15:01.097AUSTRALIA
194.71.15.2422011-01-25 00:15:28.947SWEDEN
58.1.236.522011-01-24 23:48:23.503JAPAN
62.189.102.2292011-01-24 22:36:23.813UNITED KINGDOM
84.170.167.12011-01-24 22:16:55.657
174.133.230.402011-01-24 21:20:31.047UNITED STATES
71.101.103.2472011-01-24 19:31:49.997UNITED STATES
186.88.170.2232011-01-24 14:23:03.003VENEZUELA
216.185.76.742011-01-24 08:58:20.940CANADA
193.137.203.2312011-01-24 06:30:30.783PORTUGAL
74.121.148.32011-01-24 05:55:59.257UNITED STATES
219.234.246.2482011-01-24 03:32:39.443CHINA
68.238.66.1132010-12-09 23:07:47.327UNITED STATES
202.108.50.702010-12-09 09:54:13.323CHINA
190.177.66.1852010-12-09 05:13:55.220ARGENTINA
212.178.200.722010-12-09 05:09:22.023NETHERLANDS
200.55.16.502010-12-09 05:04:51.767ARGENTINA
187.9.58.1942010-12-09 01:14:22.237BRAZIL
212.71.32.942010-12-09 01:06:39.560SAUDI ARABIA
193.56.241.1252010-12-08 23:53:00.620FRANCE
85.255.197.1252010-12-08 21:19:54.407
79.125.121.1212010-12-08 17:09:40.170IRELAND


The thing would not be alarming but the emails (with the java and HTML removed) are all nearly identical. They all look something like this:

Dx6CQw ccvpfvghxsko, [url=http://qdzwgbbwegwf.com/]qdzwgbbwegwf[/url], [link=http://zadpuhxlkcme.com/]zadpuhxlkcme[/link], http://yvetloauhztz.com/


Don't worry, I tried looking for these domains and they are all unregistered. The real payload of the post must have been in the HTML/JavaScript. It is my hope in posting these that some of you googling upon this page might see this and have some insight as to what the point might be. If so, please comment below.





Bryan Valencia is a contributing editor and founder of Visual Studio Journey.  He owns and operates Software Services, a web design and hosting company in Manteca, California.

No comments:

Post a Comment

Contact Us

Name

Email *

Message *