Welcome to Laser Pointer Forums - discuss green laser pointers, blue laser pointers, and all types of lasers

Buy Site Supporter Role (remove some ads) | LPF Donations

Links below open in new window

FrozenGate by Avery

PNG Spam

c0ldshadow

c0ldshadow

LPF Founder / Admin
Staff member
LPF Site Supporter
Joined
Mar 17, 2006
Messages
2,866
Points
113
Hi LPF Team,
I am working on a ModSecurity rule to block PNG spam
please ignore / don't ban the 'coldtest' user account



feel free to test replying to this post with PNG spam

I want see if my rule blocks it reliably.. but note I may be modifying this rule a lot.. so it may work on and off
 





It looks like it's working. Each of my attempts were met with a glaring white page stating 403 forbidden.
 
It's bots posting single pixel PNG's, LPF embed's images so every time someone looks at their post it makes a call out to the server hosting the image, and they track this. Why? beats me.
 
I have a theory why they do this. Each time someone views a post with the PNG link, it logs the IP on that external server, and this lets the spammers track how many unique people viewed the spam. especially if paying someone else to run spam campaign , this can help the person paying assess how effective the spam actually is or whatever

just a thought i could be wrong.
 
c0ldshadow said:
I have a theory why they do this. Each time someone views a post with the PNG link, it logs the IP on that external server, and this lets the spammers track how many unique people viewed the spam. especially if paying someone else to run spam campaign , this can help the person paying assess how effective the spam actually is or whatever

just a thought i could be wrong.
Click to expand...

So should we just avoid clicking on spam-esque threads for the time being?

Why is LPF being hit by spammers anyway? What are they trying to accomplish?
 
H2Oxide said:
So should we just avoid clicking on spam-esque threads for the time being?

Why is LPF being hit by spammers anyway? What are they trying to accomplish?
Click to expand...

Just avoid quoting their posts.

All public forums are hit by spammers, every last one of them.

Alan
 
c0ldshadow said:
I have a theory why they do this. Each time someone views a post with the PNG link, it logs the IP on that external server, and this lets the spammers track how many unique people viewed the spam. especially if paying someone else to run spam campaign , this can help the person paying assess how effective the spam actually is or whatever

just a thought i could be wrong.
Click to expand...

The IP part is correct. I googled it a while back and found sites that let you embed invisible images to say, forum PM's, (or normal thread posts), and then recorded the IP of whoever viewed it and logged it, allowing you to trace location and whatnot. Could be also used for spammer traffic logging like you said.
 
They post on threads though, how i think it works is they have it embed an invisible image(1x1px) and because the way your browser works, it'll send them a lot of information (though basically useless). It can give them your IP, user agent(tells them which device you are on), OS, and a few other things. And with IP, as long as they dont use a vpn you can locate their general area...
 
I understand that quoting spammers might annoy the mods because it creates a little extra work since they now must delete TWO posts... BUT

In this situation, quoting the spammer ( especially since I broke the IMG link and prevented the image from being called up by my post ) does no further harm. It is no more dangerous than posting a normal reply to the thread.

Just the act of you viewing the thread is enough for the hidden image to track you.:na:
 
Also i just reported their domain. They use a .tk which is free to anyone but has a strict policy on spam and phishing sites.
 
crazyspaz said:
The IP part is correct. I googled it a while back and found sites that let you embed invisible images to say, forum PM's, (or normal thread posts), and then recorded the IP of whoever viewed it and logged it, allowing you to trace location and whatnot. Could be also used for spammer traffic logging like you said.
Click to expand...

Never thought about the applications of it in PM's, that would be a really easy way of getting someone's IP for DDoS attacks. :tinfoil:

T_Warne said:
I understand that quoting spammers might annoy the mods because it creates a little extra work since they now must delete TWO posts... BUT

In this situation, quoting the spammer ( especially since I broke the IMG link and prevented the image from being called up by my post ) does no further harm. It is no more dangerous than posting a normal reply to the thread.
Click to expand...


Reasons not to quote/reply to spam:
1. If the spammer necroposted then anyone replying to the spam also bumps the thread once the spam is removed.
2. Not everyone breaks the URL and I'm too lazy to check.
3. More work for mods :yabbmad:
4. No purpose. Bots don't read replies.
5. I'm often on autopilot when I remove spam, accidents happen and I sometimes check the ban user option out of habit when removing the replies. :shhh:
 
One way you guys can help is by sending an email report to abuse@dot.tk and tell the the domain a a s w a l l . T k is sending spam to forums. A simple search shows that lpf isnt the only ones targeted.

Also i dont know if you could do this but if possible provide some ips of the spammers and we could have a look around and see what else they are doing with the information gathered...
 
Last edited:
I'm just glad you seem to be on top of it cOld and ARG and whoever else is on it. Thanks guys. All I can do is REP and of course keep the donations coming.
 
Last edited:
:bumpit:

So just want to check in regarding this... the new security rule prevents any .png image from being posted?
 
You must log in or register to reply here.





Back
Top