Wednesday, June 11, 2014

YouPic comment spam on Google+

I'm becoming enervated by these spams-comments added on all new posts in various photo-groups on Google+:

Do you have You Pic account to showcase and explore it more?

Multiple accounts do this, but there are no links, just text. I guess they're afraid Google+ will put youpic.com on a blacklist if they linked it.

UPDATE:

They have recently altered the spam-text to:

"Superior photography, do you showcase this on the webpage YouPic ?"

No I don't, and I won't. Ever. Please go die in a fire. Seriously.

UPDATE #2:

The spammers have altered their tactics. Payload now contains a link to YouPic's Google Plus page, and the text is more random.

Beautiful Photography, want to know how much likes you got ? https://plus.google.com/[…]/videos

Good Photography, want to know your comments, https://plus.google.com/[…]/videos

creative click, want to know your public likes, https://plus.google.com/[…]/videos

Beautiful...why can't you connect with our community... https://plus.google.com/[…]/videos

UPDATE #3:

I'm not the only one who has reacted to YouPic's shoddy business practices:


Stay away from YouPic!

Saturday, June 07, 2014

Looking for a job?

Looking for a job? Some Chinese IPs in the 202.46-range sure are. On our server no less. Why? Dunno.

None of these files have ever been on our server:

jobs-accounting-auditing.html
jobs-aerospace-defence.html
jobs-agriculture-forestry-fishing.html
jobs-apparel-fashion-textile.html
jobs-architecture-building-construction.html
jobs-arts-design-entertainment.html
jobs-automotive-motor-vehicles.html
jobs-banking-financial-services.html
jobs-charities-not-for-profit.html
jobs-consultancy.html
jobs-customer-service-call-centers.html
jobs-education-training.html
jobs-electronics-robotics.html
jobs-engineering.html
jobs-food-processing.html
jobs-health-care.html
jobs-human-resources.html
jobs-information-technology-telecoms.html
jobs-insurance.html
jobs-law-enforcement-security.html
jobs-legal-tax.html
jobs-management-executive.html
jobs-manufacturing-maintenance.html
jobs-maritime-shipbuilding-boating.html
jobs-marketing-public-relations.html
jobs-media-advertising.html
jobs-oil-gas-mining.html
jobs-personal-care.html
jobs-public-sector.html
jobs-publishing-printing.html
jobs-purchasing.html
jobs-quality-assurance.html
jobs-real-estate.html
jobs-restaurants-food-service.html
jobs-retail-wholesale.html
jobs-sales.html
jobs-science-research-development.html
jobs-secretarial-pas-administration.html
jobs-social-care.html
jobs-steels-metals.html
jobs-tourism-travel-hospitality.html
jobs-translations.html
jobs-transportation-logistics.html
jobs-wood-paper-furniture.html


Example:

xxx:80 202.46.xxx.xxx - - [xx/xxx/2014:xx:xx:xx +0200] "GET /jobs-education-training.html HTTP/1.1" 403 230 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0"

Hello and welcome. Have a 403.

Tuesday, June 03, 2014

China loves ColdFusion?

Some Chinese IPs in the 202.46.xx.xx-range are regularly trying to reach the following pages on our webserver:


Adware_Removal.cfm
Best_Browser.cfm
Computer_Parts.cfm
Disk_Defragmenter.cfm
Firewall_Protection.cfm
Fix_Slow_Computer.cfm
Format_Hard_Drives.cfm
Laptop_Repairs.cfm
Online_Data_Backup.cfm
Registry_Cleaner.cfm
Registry_Restore.cfm
Security_Software.cfm
Virus_Removal.cfm
Windows_Repair.cfm
Windows_XP_Help.cfm
Windows_XP_Software.cfm

Example:

xxx:80 202.46.xxx.xxx - - [xx/xxx/2014:xx:xx:xx +0200] "GET /Registry_Restore.cfm?fp=[randomcharacters]&maxads=0&prvtof=[randomcharacters]&kt=xxx&kbc=xxx&ki=xxxxxx&ktd=0&kp=4 HTTP/1.1" 403 222 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0"

These appear to be ColdFusion files, and, well, we're not running ColdFusion. These files aren't on our server and they are met with a 403 anyway... I'm puzzled, though. It there ColdFusion package with gaping security holes out there? What are these files?