PNG Spam

[c0ldshadow]

Hi LPF Team,
I am working on a ModSecurity rule to block PNG spam
please ignore / don't ban the 'coldtest' user account



feel free to test replying to this post with PNG spam

I want see if my rule blocks it reliably.. but note I may be modifying this rule a lot.. so it may work on and off

 

[T_Warne]

It looks like it's working. Each of my attempts were met with a glaring white page stating 403 forbidden.

 

[joeybab3]

http://***********
Lol ^ ill take it that works

 

[VisibleGreen]

What pray tell is png spam?

 

[ARG]

It's bots posting single pixel PNG's, LPF embed's images so every time someone looks at their post it makes a call out to the server hosting the image, and they track this. Why? beats me.

 

[c0ldshadow]

I have a theory why they do this. Each time someone views a post with the PNG link, it logs the IP on that external server, and this lets the spammers track how many unique people viewed the spam. especially if paying someone else to run spam campaign , this can help the person paying assess how effective the spam actually is or whatever

just a thought i could be wrong.

 

[H2Oxide]

I have a theory why they do this. Each time someone views a post with the PNG link, it logs the IP on that external server, and this lets the spammers track how many unique people viewed the spam. especially if paying someone else to run spam campaign , this can help the person paying assess how effective the spam actually is or whatever

just a thought i could be wrong.

So should we just avoid clicking on spam-esque threads for the time being?

Why is LPF being hit by spammers anyway? What are they trying to accomplish?

 

[Pi R Squared]

So should we just avoid clicking on spam-esque threads for the time being?

Why is LPF being hit by spammers anyway? What are they trying to accomplish?

Just avoid quoting their posts.

All public forums are hit by spammers, every last one of them.

Alan

 

[crazyspaz]

I have a theory why they do this. Each time someone views a post with the PNG link, it logs the IP on that external server, and this lets the spammers track how many unique people viewed the spam. especially if paying someone else to run spam campaign , this can help the person paying assess how effective the spam actually is or whatever

just a thought i could be wrong.

The IP part is correct. I googled it a while back and found sites that let you embed invisible images to say, forum PM's, (or normal thread posts), and then recorded the IP of whoever viewed it and logged it, allowing you to trace location and whatnot. Could be also used for spammer traffic logging like you said.

 

[joeybab3]

They post on threads though, how i think it works is they have it embed an invisible image(1x1px) and because the way your browser works, it'll send them a lot of information (though basically useless). It can give them your IP, user agent(tells them which device you are on), OS, and a few other things. And with IP, as long as they dont use a vpn you can locate their general area...

 

[T_Warne]

I understand that quoting spammers might annoy the mods because it creates a little extra work since they now must delete TWO posts... BUT

In this situation, quoting the spammer ( especially since I broke the IMG link and prevented the image from being called up by my post ) does no further harm. It is no more dangerous than posting a normal reply to the thread.

Just the act of you viewing the thread is enough for the hidden image to track you.:na:

 

[joeybab3]

Also i just reported their domain. They use a .tk which is free to anyone but has a strict policy on spam and phishing sites.

 

[ARG]

The IP part is correct. I googled it a while back and found sites that let you embed invisible images to say, forum PM's, (or normal thread posts), and then recorded the IP of whoever viewed it and logged it, allowing you to trace location and whatnot. Could be also used for spammer traffic logging like you said.

Never thought about the applications of it in PM's, that would be a really easy way of getting someone's IP for DDoS attacks. :tinfoil:

I understand that quoting spammers might annoy the mods because it creates a little extra work since they now must delete TWO posts... BUT

In this situation, quoting the spammer ( especially since I broke the IMG link and prevented the image from being called up by my post ) does no further harm. It is no more dangerous than posting a normal reply to the thread.

Reasons not to quote/reply to spam:
1. If the spammer necroposted then anyone replying to the spam also bumps the thread once the spam is removed.
2. Not everyone breaks the URL and I'm too lazy to check.
3. More work for mods :yabbmad:
4. No purpose. Bots don't read replies.
5. I'm often on autopilot when I remove spam, accidents happen and I sometimes check the ban user option out of habit when removing the replies. :shhh:

 

[joeybab3]

One way you guys can help is by sending an email report to abuse@dot.tk and tell the the domain a a s w a l l . T k is sending spam to forums. A simple search shows that lpf isnt the only ones targeted.

Also i dont know if you could do this but if possible provide some ips of the spammers and we could have a look around and see what else they are doing with the information gathered...

 

[Pman]

I'm just glad you seem to be on top of it cOld and ARG and whoever else is on it. Thanks guys. All I can do is REP and of course keep the donations coming.

 

[InfinitusEquitas]

:bumpit:

So just want to check in regarding this... the new security rule prevents any .png image from being posted?