Name: eunwqh
Surname: eunwqh
Email: zqfnpe@klrarj.com
Area: RXzqivXygZREXWvBym
Number: ejnoEIJMadDSLG
I have a: Question about upgrading my website
Your message: ztdgar  <a href="http://ihxmtoiamhhi.com/">ihxmtoiamhhi</a>, 
[url=http://brszkxdaikrb.com/]brszkxdaikrb[/url], 
[link=http://hpuydlhmlkfe.com/]hpuydlhmlkfe[/link], http://wpqfrzusaeot.com/


What is the point of all this then? There is no actual written promotion 
spam there, but I won't go to the links for viral safety.

I'm surprised crackguitar hasn't suffered these yet. It's the same PHP 
mailer (thanks Geoff) but CG rates much-much higher in Google.

-dE|_---

On Thu, 7 Aug 2008 12:38:05 +0100, "dE|_"
 wrote:

>Name: eunwqh
>Surname: eunwqh
>Email: zqfnpe@klrarj.com
>Area: RXzqivXygZREXWvBym
>Number: ejnoEIJMadDSLG
>I have a: Question about upgrading my website
>Your message: ztdgar  <a href="http://ihxmtoiamhhi.com/">ihxmtoiamhhi</a>, 
>[url=http://brszkxdaikrb.com/]brszkxdaikrb[/url], 
>[link=http://hpuydlhmlkfe.com/]hpuydlhmlkfe[/link], http://wpqfrzusaeot.com/
>
>
>What is the point of all this then? There is no actual written promotion 
>spam there, but I won't go to the links for viral safety.
>
>I'm surprised crackguitar hasn't suffered these yet. It's the same PHP 
>mailer (thanks Geoff) but CG rates much-much higher in Google.
>
dE|_

Your form mail code is weak. 

I was getting exactly the same problem, until I switched the feedback page
code and URL. Now I just look at how many 404's I get from the old feedback
page.

The inserter is using a script, trying to get the url's into a forum or
online list, where search engines will find them and using Google's
(alleged) 'The more people link to you the higher up the results you go'
rules, will promote the site in search results.

Richard
See http://www.caravanningnow.co.uk where my caravan's for sale.
-- 
...and so, as the absent-minded zookeeper of time scrubs his loo with
the startled bush-baby of hope, and the frisky King Penguin of fate
approaches the small nun of destiny... - Humphrey Lyttelton closing
comment in I'm sorry I haven't a clue.

Message-ID:  from Richard
Cole contained the following:

>>
>>I'm surprised crackguitar hasn't suffered these yet. It's the same PHP 
>>mailer (thanks Geoff) but CG rates much-much higher in Google.
>>
>dE|_
>
>Your form mail code is weak. 

I don't see that the form mail code (which I wrote) has anything to do
with it unless there is some way of uniquely identifying this attack
(which the random characters are designed to prevent).  I have had the
same problem with other forms and have incorporated a honeytrap into
many of them which seems very effective so far.  Del, mail me if you
want the modification.
>
>I was getting exactly the same problem, until I switched the feedback page
>code and URL. Now I just look at how many 404's I get from the old feedback
>page.

Well switching the URL probably had a lot to do with it.

-- 
Geoff Berrow  0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011
http://slipperyhill.co.uk

"Geoff Berrow" wrote:
>
>>>
>>>I'm surprised crackguitar hasn't suffered these yet. It's the same PHP
>>>mailer (thanks Geoff) but CG rates much-much higher in Google.
>>>
>>dE|_
>>
>>Your form mail code is weak.
>
> I don't see that the form mail code (which I wrote) has anything to do
> with it unless there is some way of uniquely identifying this attack
> (which the random characters are designed to prevent).  I have had the
> same problem with other forms and have incorporated a honeytrap into
> many of them which seems very effective so far.  Del, mail me if you
> want the modification.

I'll get back to you next week, thanks.

-dE|_---

On 7 Aug, 12:38, "dE|_"  wrote:
> Name: eunwqh
> Surname: eunwqh
> Email: zqf...@klrarj.com
> Area: RXzqivXygZREXWvBym
> Number: ejnoEIJMadDSLG
> I have a: Question about upgrading my website
> Your message: ztdgar  <a href="http://ihxmtoiamhhi.com/">ihxmtoiamhhi</a>,
> [url=http://brszkxdaikrb.com/]brszkxdaikrb[/url],
> [link=http://hpuydlhmlkfe.com/]hpuydlhmlkfe[/link],http://wpqfrzusaeot.com/
>
> What is the point of all this then? There is no actual written promotion
> spam there, but I won't go to the links for viral safety.
>
> I'm surprised crackguitar hasn't suffered these yet. It's the same PHP
> mailer (thanks Geoff) but CG rates much-much higher in Google.
>
> -dE|_---

Thats called BB code rather than html.
Its trying to get a back linkj put on a page of course.

I have a line in my form to email script that stops the script if it
contains strings like

[url

and various other ones.
Stops 99.9999% of these things.
Only seen one in the past month or so and its easier for users than
captcha.

"Gordon Hudson" wrote;
>> Name: eunwqh
>> Surname: eunwqh
>> Email: zqf...@klrarj.com
>> Area: RXzqivXygZREXWvBym
>> Number: ejnoEIJMadDSLG
>> I have a: Question about upgrading my website
>> Your message: ztdgar <a href="http://ihxmtoiamhhi.com/">ihxmtoiamhhi</a>,
>> [url=http://brszkxdaikrb.com/]brszkxdaikrb[/url],
>> [link=http://hpuydlhmlkfe.com/]hpuydlhmlkfe[/link],http://wpqfrzusaeot.com/
>>
>> What is the point of all this then? There is no actual written promotion
>> spam there, but I won't go to the links for viral safety.
>>
>> I'm surprised crackguitar hasn't suffered these yet. It's the same PHP
>> mailer (thanks Geoff) but CG rates much-much higher in Google.
>>
>> -dE|_---
>
> Thats called BB code rather than html.
> Its trying to get a back linkj put on a page of course.

? Back link ?

> I have a line in my form to email script that stops the script if it
> contains strings like
>
> [url
>
> and various other ones.

I have a 'banned' file with mine in which I can list characters I want to 
trigger a rejection. Two I have listed are
<a
http://
but I just ran a test pasting a http anchor, it seems I had the file in the 
wrong directory. Dipstick.

-dE|_---
Getting ready to rumble at Reading.