Alden Bates' Weblog: Spamming through search forms

Ads by Project Wonderful! Your ad here, right now: $0

Home : September 2006

« Another great parking job | Main | Newsweek covers »

Spamming through search forms

Filed in: Spam.

I've had a few occasions where people have used the MT search.cgi form to search for URLs. Since they've been the only hit I've gotten from that URL (no graphics or style sheets) I suspect it's the work of a spammer. Why though? Are there sites which are publishing the searches made through their search form (other than AOL that is...)? If so, the URLs are unlikely to be published linked.

Domain #1: COMLIVE.BIZ, which is registered to "Mesalina Poling", however the email address attached to that is an admin address for a domain registered to Maximilian Berkovich.

Domain #2: WANTISPYWARE.INFO, registered to "Alexey Andreychenko", Moskva, Tverskaya str., Russia. A search on the email address (rskin@mail.ru) gave me a forum where he's been spamming and the alias "Rukhmanov Sergey".

Also there was a case where someone searched for a <script> tag, presumably trying to inject javascript into my pages. The <script> tag called a javascript file on another domain which redirected the user to google, but could easily have redirected the user to any number of nasties.

Posted September 25, 2006 11:18 PM

Comments

Hi,
You're the first person I've found who's mentioned this strange spam.

I get searches like this via my weblog that also uses Movable Type - such as URLs containing names of pills, cheap insurance, cheap hotels, x-rated stuff, the usual slew of garbage, along with nonsense characters. Earlier today I got about a dozen queries with the same script tags and url links within them, too.

For awhile someone or several people were dumping spam comments into the search box field, too. Strange stuff.

I can't figure out what they're trying to do aside from just trying to see the scripting at my site or something. Clearly it's just a search form and they can't hack into it or leave comment spam or anything. It goes nowhere.

Well, I'll try to check back at your site to see if you figure this out. I might write about it at my own site, too. I'm sure we're not the only ones getting this strange search query stuff. :-)

Posted by: Shirley Kaiser | October 11, 2006 7:27 PM

It's possible that they're using a program to try to post spam comments, and it's simply mistaking the search form for a comment form, but so far it's a mystery!

Posted by: Alden Bates | October 11, 2006 9:51 PM

I just did a search on the email address rskin@mail.ru - he owns a domain name that is pedalling porn images on my bulletin boards... :(

Posted by: braw | December 2, 2006 7:45 PM

Alden Bates' Weblog

Feigning normality since 1973

Spamming through search forms

Comments

Post a comment


	Home : September 2006 Alden Bates' Weblog Feigning normality since 1973 « Another great parking job \| Main \| Newsweek covers » Spamming through search forms Filed in: Spam. I've had a few occasions where people have used the MT search.cgi form to search for URLs. Since they've been the only hit I've gotten from that URL (no graphics or style sheets) I suspect it's the work of a spammer. Why though? Are there sites which are publishing the searches made through their search form (other than AOL that is...)? If so, the URLs are unlikely to be published linked. Domain #1: COMLIVE.BIZ, which is registered to "Mesalina Poling", however the email address attached to that is an admin address for a domain registered to Maximilian Berkovich. Domain #2: WANTISPYWARE.INFO, registered to "Alexey Andreychenko", Moskva, Tverskaya str., Russia. A search on the email address (rskin@mail.ru) gave me a forum where he's been spamming and the alias "Rukhmanov Sergey". Also there was a case where someone searched for a <script> tag, presumably trying to inject javascript into my pages. The <script> tag called a javascript file on another domain which redirected the user to google, but could easily have redirected the user to any number of nasties. Posted September 25, 2006 11:18 PM Comments Hi, You're the first person I've found who's mentioned this strange spam. I get searches like this via my weblog that also uses Movable Type - such as URLs containing names of pills, cheap insurance, cheap hotels, x-rated stuff, the usual slew of garbage, along with nonsense characters. Earlier today I got about a dozen queries with the same script tags and url links within them, too. For awhile someone or several people were dumping spam comments into the search box field, too. Strange stuff. I can't figure out what they're trying to do aside from just trying to see the scripting at my site or something. Clearly it's just a search form and they can't hack into it or leave comment spam or anything. It goes nowhere. Well, I'll try to check back at your site to see if you figure this out. I might write about it at my own site, too. I'm sure we're not the only ones getting this strange search query stuff. :-) Posted by: Shirley Kaiser \| October 11, 2006 7:27 PM It's possible that they're using a program to try to post spam comments, and it's simply mistaking the search form for a comment form, but so far it's a mystery! Posted by: Alden Bates \| October 11, 2006 9:51 PM I just did a search on the email address rskin@mail.ru - he owns a domain name that is pedalling porn images on my bulletin boards... :( Posted by: braw \| December 2, 2006 7:45 PM Post a comment Name: Email Address: URL: Remember personal info? Comments: (you may use HTML tags for style)
Tetrap.com Site Map