May 142009
 

Last updated on November 21st, 2015

It’s happened again!

Actually, it’s happened several times but this is the first post on it…

While looking at my stats logs for this website, strangelyperfect.tv, I’ve had some incongruous hits from US universities, some of whom should have better I.T. departments, IMHO.

Example One

Here are four from yesterday – I had two hits from each address.

  • http://dhibwiki.buffalo.edu/index.php/Buy_Levitra_Online_Order Levitra_Online_Purchase_Levitra_Online_Cheap
  • http://dhibwiki.buffalo.edu/index.php/Buy_Viagra_Online_Order Viagra_Online_Purchase_Viagra_Online_Cheap
  • http://dhibwiki.buffalo.edu/index.php/Buy_Cialis_Soft_Tabs_Online_Order_Cialis Soft_Tabs_Online_Purchase_Cialis_Soft_Tabs_Online_Cheap
  • http://dhibwiki.buffalo.edu/index.php/Buy_Cialis_Online_Order_Cialis_Online Purchase_Cialis_Online_Cheap

You get the drift?  The main index folder is left open and someone has written to the space with four crap spam things.  The main index page is normal with an intro to the ‘Digital Humanities’ dept of the yooni.  Most of the 4 dodgy pages have been accessed >600 times.  Being a Wiki, you can check the history… … …

It was put there yesterday and the referring URL is calling itself Lilurl.  This is something new for me so I need a bit more poking around.  However, it’s a kind of dashboard, splattered with ads and a text box for url entry…

Example Two

  • https://www.umbc.edu/ddm/wiki/Buy_Cialis_Online_Order_Cialis_Online_Purchase_Cialis_Online_Cheap  – this morning!!

This is called the Distributed and Ubiquitous Data Mining (DDM) encyclopedia that anyone can edit from the University of Maryland Baltimore County (UMBC)….  I call it referral spam!

Example Three

  • https://www.stanford.edu/group/htgg/cgi-bin/mediawiki/index.php?title=Levitra_professional_overnight_delivery  –  you read it right!

Yes.  Stanford University.  A list of their alumni is here, but suffice to say that most of the modern IT & communications world is derived from Stanford folk…

The Problem

The problem for me, not being an IT genius, is how these sites find and then ping my website?  What do they hope to achieve?

Another issue is the ease with which these websites are cracked using this Wiki software and the apparent ease with which extra processes can run, even in a knowledgeable place like Stanford.

All the above links were working as of early A.M., 14 May 2009. I haven’t added actual hyperlinks, but a copy & paste will do it for you if you wish to check.

Update 21 May 2009

I got pinged again last night from the Buffalo links which are still there!

  2 Responses to “Spam Pings from American University”

  1. @Kazim, while being the owner of o00.co.uk also left his URL of c0deblack.com

    Now let’s see. Since the original post, some deatil has been lost, but I’ve now found that https://www.lilurl.com is the creation of a guy called Sean who lives out in Nebraska, who told me this via his WordPress blog at https://www.marginalideas.com

    The principle has been around for a while (most notably as tinyurl.com). Personally, I don’t use them – I like to know what I’m connecting to…

    As far as I can see, Kazim used lilurl to enter some spam into the various wiki addresses I listed in my main post. He did this by using his php clone of lilurl which is called o00.co.uk to dump the offending links for bigger manhood, but made it appear that lilurl had done it. This showed up in my Wassup logs if I recall. I can’t find any lilurl references anywhere in the URLs in the main post above anymore.

    If Kazim didn’t do it, then it was someone using the service.

    The lilurl T&Cs provide some clues to how these links are pinging myself here: https://www.lilurl.com/about.php They expressly forbid dumping spam on folk and will select random URLs for any shortcuts that fail the spam test.

    Now for a few WHOIS enquiries to verify the veracity of Kazim and his sarcastic comments.

    o00.co.uk The registrant is indeed Kazim but his address is hidden
    c0deblack.com Registered in Karachi, Pakistan by ApnaLarkana.com
    ApnaLarkana.com Registered in Pakistan by TightMall.com
    TightMall.com has no current registration details. It’s had a few changes over the last few years but it’s now active but detail-less!

    I’m still pretty clueless about the whole point of this. Kazim has some code which makes a copycat mini URL thing on a UK domain, registered in Pakistan and hosted in the US. Someone may have used this to drop spam onto some US universities that should really be better protected. Then I get pinged to look at the spam by someone using LilURL.

    The thing is, I’ve a huge willy. In actual fact it’s so big that it’s awkward when walking up stairs as I tend to tread on it. I made the famous cock-competition joke about it. When I’m in a public toilet, I usually have to put warning cones and signs around me because of health and safety issues. When aroused I cannot enter lifts.

    From this, you’ll gather that I have no need for any of these enhancement drugs and am perplexed at my targeting.

  2. Hello 🙂
    I apologize for any convenience, I’m the owner of o00.co.uk. For further co operations you can contact me :)!
    Have a Nice Day!

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

© 1977, Strangely Perfect.