The is a post in the Whip the Admins forum from this user.
DorisAxline
I went to check profile because of the use of the word s**t with the actual letters. No user profile. When you hover mouse over the words "buy viagra" the link shows as a buy at a discount somewhere. Was looking for a way to report to mod's, decided to post here. Anyone know what is going on?
Think I figured part of this out. Tormie may have deleted the user, but the post remained. Since it looks like it is very late where Tormie is, I reported the post to Pangor in PM, and hopefully he will take a look tonight before Tormie gets up in the morning.
No problem melamkish, it was good that I was still lurking around.
We just faced a spammer attack, I deleted the post and changed the permissions of the "whip the admin" forum. That forum was supposed to be also a help for people who are unable to register so it was opened to guest writing and that guy posted his spam, his kind of spam was done in order to increase the position of his disgusting site in search engines position posting here the link of his site, masked under the bbcode (you probably didn't noticed it but luckily you were fast to see the post and I dreamed about you lol). When a search engine bot/crawler found a link, wherever it was, it follows it and the more links it found of a site the higer the rank become so this is the reason why those people try to spread the link to their site everywhere.
Actually I immediatly changed the permissions of the whip the admin forum, now it's read only to guest like the rest of the site, the only support for problems will be the email address of the forum, . This is a special address on spamcop.net. I pay 30$ a year for it because they collect automatically the incoming spam, send me a report about them and have an accurate system to reveal from where the email comes really and then it give me the option to send the report automatically to the abuse service from where the email started.
Actually I installed on the site a powerful IP logger and if the spammer want to write more now he has to register and he will be caught by his ip, even if he try to mask it behind a proxy server or an anonimyzer. I banned the IPs of all known anonymizers and we have a system that stops naughty people who tries to use anonymous proxy, so the spammer will simply get caught.
Now, I don't know if this kind of attacks will continue but we'll have to keep an eye open on the site and the log, some days ago I banned the ip from an user who was masking his browser under a strange "ADA" browser, probably a hacker trying to do something.
In the meantime I'll backup the database, just in case.
That explains it At least we caught it fast. Pangor will be able to stand down from red alert when he recieves my PM and gets here. Sometimes its good to be a light sleeper
Wow, I go off-line to set p a Render for MBotW and to do some chores and things go wild. Sorry that I was not here in time to help. Melamkish, thank you for catching it and taking action.
A quik search for the user name results in many other sites that have been spammed by this person, could a bot have been used? At sites with open posting forums, the same message is posted, at other sites, a user by that name has registered and then posted that message. in each case, it contains a link to a blog site in france or to a geocities page. The blog has been shutdown, I think. Where this person has registered, those links are also used in the wabsite listing in the profile page.
At least it wasn't a serious attack. With all the DDos (Direct Denial of Service) and other such stuff going on out there, anything strange sets off warnings and you must expect the worst until proven otherwise.
Users browsing this topic: 0 Registered, 0 Hidden and 0 Visitors Registered Users: None
Permissions List
Permissions List
You cannot post new topics You cannot reply to topics You cannot edit your posts You cannot delete your posts You cannot vote in polls You cannot attach files You cannot download files You cannot post calendar events