Share This!

Tuesday, January 25, 2011

Junk Posts

I have a page on my site that allows interested parties to post questions to my business.  Recently it's been flooded with these junk posts.  I'm not sure what the payload is, because my e-mailer strips out all the HTML and JavaScript before messaging me.  There is one aspect of this that I find somewhat disturbing though.

All the posts are similar, but they come from IP addresses all over the world.  Here are the latest ones:

IP addressevent occuredCountry 03:15:01.097AUSTRALIA 00:15:28.947SWEDEN 23:48:23.503JAPAN 22:36:23.813UNITED KINGDOM 22:16:55.657 21:20:31.047UNITED STATES 19:31:49.997UNITED STATES 14:23:03.003VENEZUELA 08:58:20.940CANADA 06:30:30.783PORTUGAL 05:55:59.257UNITED STATES 03:32:39.443CHINA 23:07:47.327UNITED STATES 09:54:13.323CHINA 05:13:55.220ARGENTINA 05:09:22.023NETHERLANDS 05:04:51.767ARGENTINA 01:14:22.237BRAZIL 01:06:39.560SAUDI ARABIA 23:53:00.620FRANCE 21:19:54.407 17:09:40.170IRELAND

The thing would not be alarming but the emails (with the java and HTML removed) are all nearly identical. They all look something like this:

Dx6CQw ccvpfvghxsko, [url=]qdzwgbbwegwf[/url], [link=]zadpuhxlkcme[/link],

Don't worry, I tried looking for these domains and they are all unregistered. The real payload of the post must have been in the HTML/JavaScript. It is my hope in posting these that some of you googling upon this page might see this and have some insight as to what the point might be. If so, please comment below.

Bryan Valencia is a contributing editor and founder of Visual Studio Journey.  He owns and operates Software Services, a web design and hosting company in Manteca, California.

No comments:

Post a Comment

Contact Us


Email *

Message *