Author Topic: new jokes (OR: dealing with botnet generated message board spam)  (Read 22465 times)


  • Guest

A blonde, a brunette, and a redhead are crossing an enchanted bridge in Magical Fairyland when they run into a fairy. The fairy says that they can be granted a transformation if they jump off the bridge and call out their wish. The brunette immediately jumps off the bridge and yells "Eagle!" She turns into a beautiful bird of prey and flies away. The redhead jumps off the bridge and yells out "Salmon!" She turns into a gorgeous shimmering salmon and swims upstream to spawn. The blonde is at this point so excited that she jumps off the bridge without thinking of her wish. She panics.


Your mama's teeth are so yellow, when she smiles the cars start to slow down.


Yo mama is so dumb that she was on her way to the airport and saw a sign that said “airport left.” So she turned around and went home.


 A frog leaps out of the magical forest where he has lived all his life and into a real forest. Since he lived in the magical forest he has magical powers. He sees a bear chasing a rabbit and thinks to himself, this isn't right, everyone should live in peace. So he stops the bear and rabbit and tells them that if they stop chasing each other he'll give them both three wishes.
The bear thinks for a second and wishes that all the rest of the bears in the forest were female. Poof, all of them are female. Next the rabbit wishes for a crash helmet. The bear looks at the rabbit wondering why he would want a crash helmet.

The bear thinks for a second making sure he makes a good second wish and wishes that all the rest of the bears in the country were female. Again -- poof -- all the rest became female. Then the rabbit wishes for a motorcycle. Now the bear steps back and looks at the rabbit in amazment. How dumb is this rabbit he thinks to himself. All he had to do was wish for money and he could buy all the motorcycles he ever wanted. This has to be the dumbest creature the bear has ever seen, he thinks to himself.

It is time for the bear's final wish and he takes a second to think and makes sure he doesn't waste it. After a minute he wishes that all the other bears in the whole world were female. And again poof they are all female.

Next the rabbit puts on his helmet and jumps on the bike. He turns around and smiles. Then he says, ''I wish that that bear is gay.''


Be happy ;)

[Link removed.  See below. -Pete]
« Last Edit: June 08, 2006, 08:50:46 PM by Pete »


  • Administrator
  • Full Member
  • *****
  • Posts: 44
  • Owner, Operator, Object of Affection
    • AOL Instant Messenger - xx+analog+boy+xx
    • View Profile
    • Science, Information Technology, and Society
Re:new jokes
« Reply #1 on: June 08, 2006, 07:10:51 PM »
Boooooooooo**** booooooooo****
**** throws tomato ****

Stupid jokes, right?  Harmless, stupid jokes.  Not quite.  If you run a website, spammers may be targeting you and using your site to illicitly boost their rank in search engines.  Posts like this might seem harmless, but they can actually hurt your site's rank in search engines once these sites are identified as spam -- because your site is associated with the spammer!  In this case, the remote user probably was running a program that automatically registers and posts to internet forums like this one.  Part of the problem is that this site doesn't require new users to register to post (makes you wonder why they went through the trouble of registering -- probably because the program registered to make the post seem like a new user, less likely to be regarded as spam).

But the devil is in the details here.  In the user's signature, there was some markup instructing the bulletin board to create a link.  For example, I can create a link to a site I like:

by using the code:


But in this case the user inserted the code:

[download mp3]

Which of course links to the address:

Go to this site and you get a message saying "This site was deleted from hosting".  Funny, because they just posted it today.  But in any event, I obviously removed the link and blocked the IP address of the spammer.  There's no future protection afforded by blocking the IP addresses here since hardcore spammers use botnets anyway (as you'll see).  In fact, these spammers are so determined that you will probably get a few posts every couple of days just by having a message board exposed to the internet!  So if you run a forum and don't give it as much care as you should, make today the day you go to it and look for strange, off-topic posts or users with strange habits.

Here's the list of accounts that were registered by the spammer, as well as the IP address & host name they were coming from, the email address they used, and some other notes about the host.

These computers all have a couple of things in common (other than that the same hacker is maliciously using them).  First note that these are probably compromised servers.  They all are overseas, also.  Two of them were running Windows Server 2003, with some services (such as Remote Desktop and IIS without an active webpage) were exposed.  A few had other services exposed, such as SMTP (obviously a spammer would prefer if the hacked computer could send emails too).  If this is all interesting to you but you don't actually want to get this hardcore about tracking the spammer down, you can just click on the IP addresses in the table below and see a Google search for these IPs.  They all show up on Google because other people, like me, identify these computers as abusive and tag them.  But is that really a solution?  No, because I keep getting spam posts (and probably always will).  If you build it they will come.  But anyway:

UsernameIP (Hostname)EmailNotes
newsjokes77217.10.43.102 (
looqeu200.122.132.182 (somewhere in Buenos Aires)whoops, deleted it!Mail and Application firewall page open on HTTP port that identifies itself as; it resolves to (WHOIS)
Gregory124206.78.27.231yrtyfghvbnytu6@cashette.comServer 2003, Remote desktop open, IIS default page
StevensonArera218.56.144.42 (somewhere in red China)
Interneoforums66.226.75.89 ( 2003, Remote desktop open
christian_co85.141.251.51 ( SMTP server
Interneoforumm66.226.75.89 (
sentimentarin217.147.41.147 (traceroute stopped at, Lithuania)
Advertizer200612.108.203.147 (Identifies itself as desktop open
Strekotok84.204.165.213 (definitely in Russia)kechutkin.yulyan@mail.ruRemote desktop open, system runs in Russian Windows XP
I-want-know195.131.214.212 (Deutch!)
viagra1283.237.45.54 ( daemon on port 25 TCP
JiggerLova217.172.21.99 ( daemon on port 25 TCP
mr.Asertiovat206.51.229.192 (in the US?  wow)pavlii.genadii@mail.ruRemote desktop open, IIS default page, another SMTP port daemon
gratis-casino80.134.62.205 ( SMTP server
millaerbv219.140.165.91 (somewhere in China)vcv5bbv@cashette.comUnresponsive SMTP server, running IIS 6.0 + ASP.NET, serves a WML file on port 80 with no content and a title of "MoSpace".  This domain also resolves to: (WHOIS) (WHOIS) (WHOIS) (WHOIS) - Active site (WHOIS) - Active site (WHOIS)
seowarez200.63.213.2 ( SMTP server, open telnet & HTTP server identifies itself as "Application and Content Networking System Software 5.0.9" by Cisco
Comiss7982.179.73.10 (
fantalltheweb82.114.69.130 (
Fucker70.87.87.98 (
getfunhere200861.129.102.208 (
viagra-shop202.202.0.92 (
movieanimexx192.168.6.81 (
Farmatseft66687.248.173.155 (
splitcam200888.152.252.29 (
mortgage_loan_s123q169.231.250.53 (
ntprSid206.225.145.34 (
Dernik55269.61.78.23 (

My particular favorite Google search result was found while searching for "":

Hello! I offer the services on dispatch of messages on forums. My site {http://}

Email me interneo{at}

Efficiency of dispatch on forums:

the Analysis of the existing sites subjected to procedure of registration in forums,
has shown, that 1000 backlink from forums raise PR a site from 100 up to 200 units
(depending on subjects)
Reference ranging: 1000 references with key words from forums allow a site almost
precisely (naturally depending on subjects and a competition) to appear in the first five
in search system
Target visitors: for the first week your announcement will read about 25-30 person at
each forum. For all time of existence of the announcement of it will see 100-200 person
(depending on attendance of a forum).

Practice shows, that dispatch on 1000 forums gives 150 unique, interested in the promoted
goods or service of visitors every day in the first week after dispatch. Then the amount of
visitors is reduced up to 50-100 hosts in day.

Email me interneo{at}

Opportunities of posting:

• Registration at a forum with editing a profile of the user
• Dispatch on the forums supporting a guest input
• Notices on e-mail about answers at a forum or private messages
• the Opportunity of registration without posting (increases PR Google)

On the ending of dispatch you receive the report on the done work - direct references to
your announcement.

Write to me on interneo{at}

The prices for mass dispatch on forums:

2)1000 forums - $35/1000
3)4000-6000 forums - $33/1000
4)7000-9000 forums - $31/1000
5)10000-13000 forums - $30/1000
5)20000 forums and more - $20/1000

Total of Russian forums - 45.000
Amount of English-speaking forums - 70.000

Upon end of dispatch the full report - direct references to your announcement is given.

UNIQUE software for dispatch on forums - 1500$. Bypasses all protection, all is

Email me interneo{at}
IP :

Last updated: 6/10/2006 18:05 EDT
« Last Edit: June 13, 2006, 06:44:09 PM by Pete »

"It's always best to close with a quote."

D. J. Berson

  • Guest
Re:new jokes (OR: dealing with botnet generated message board spam)
« Reply #2 on: June 09, 2006, 03:11:41 PM »
Interesting.... Its too bad the internet is teeming with this type of lowlife. I wish they would go find something productive to do with themselves.

Sam Zeng

  • Guest
Re:new jokes (OR: dealing with botnet generated message board spam)
« Reply #3 on: June 20, 2006, 01:24:27 PM »
I just noticed many new IDs created on my BBS running YaBB SP1.1 Gold. They didn't use regular browsers because my image counter didn't register them, and I was wondering where they came from. They haven't started posting on my BBS yet, and I have removed all the IDs. Thanks for the information. I didn't know their intention until reading this post. Looks like they use a robot program doing the same thing to many YaBB forums, so, they don't care if they need to register to post.
Here is a list of email address I collected. I didn't compare with yours but I bet they are the same list. Oh, I need also remove those IDs from .ru.

Thanks again!




  • Guest
Re:new jokes (OR: dealing with botnet generated message board spam)
« Reply #4 on: June 20, 2006, 02:23:33 PM »
This was exactly as I suspected - but I am gratefull to have this confirmed.
And now back to clearing this crap off the member list - as if I didn't have plenty else to do today!


  • Guest
Re:new jokes (OR: dealing with botnet generated message board spam)
« Reply #5 on: June 20, 2006, 04:54:41 PM »
Thanks again for this info!
Here is my list, including the only IP address I was able to find:   Interneoforumm
Information related to ' -'

inetnum: -
netname:        DSLVO323-LAN
descr:          JSC Peterstar
descr:          St.Petersburg
country:        RU
admin-c:        DTD1-RIPE
tech-c:         DTD1-RIPE
status:         ASSIGNED PA
mnt-by:         PSTAR-MNT
source:         RIPE # Filtered

role:           Data Transfer Department
address:        ZAO PeterStar
address:        Bld. 31, Line 16
address:        Vassilyevski Island
address:        199178 St.-Petersburg
address:        Russia
phone:          +7 812 329 9004
fax-no:         +7 812 329 9003


  • Guest
Re:new jokes (OR: dealing with botnet generated message board spam)
« Reply #6 on: July 25, 2006, 02:00:28 PM »
This onslaught continues on a daily basis - Is there any mod or upgrade that gives more control over the registration - requiring an approval (after verifying the email) or somesuch? It is taking extreme vigilance and too much time!

tThanks in advance.


  • Administrator
  • Full Member
  • *****
  • Posts: 44
  • Owner, Operator, Object of Affection
    • AOL Instant Messenger - xx+analog+boy+xx
    • View Profile
    • Science, Information Technology, and Society
Re: new jokes (OR: dealing with botnet generated message board spam)
« Reply #7 on: December 04, 2006, 05:55:40 PM »
I think I was able to develop a solution to the bot spam, but I'll give it time and see if it works the way I expect to.  Stay tuned.

"It's always best to close with a quote."


  • Administrator
  • Full Member
  • *****
  • Posts: 44
  • Owner, Operator, Object of Affection
    • AOL Instant Messenger - xx+analog+boy+xx
    • View Profile
    • Science, Information Technology, and Society
Re: new jokes (OR: dealing with botnet generated message board spam)
« Reply #8 on: December 09, 2006, 03:53:35 PM »
As I mentioned earlier, I implemented a quick fix to stop the botnet spam.  This will cause users without JavaScript to be unable to register.  Note that I don't think this is a serious issue; almost everybody surfs the web with JavaScript enabled and those that don't already have a degraded user experience.  Frankly I'd rather one person, that is surfing the web differently than everyone else, have trouble registering out of a hundred others trying to register, than have to come back to this site every day and delete messages about viagra, cialis, and porn.  Here are the changes I made to the SMF templates to achieve this.

Note the principle here is that the software used to generate botnet spam does not implement JavaScript.  It's a cat and mouse game, so eventually they probably will implement JavaScript in their bots.  Once they do, this solution won't work.  Here are the changes you need to make (pretty easy IMHO!):

Open the file ./Themes/default/Register.template.php

Find the line:

<form action="', $scripturl, '?action=register2" method="post" name="creator" onsubmit="return defaultagree();">

Replace this with:

<form action="', $scripturl, '?action=register2" method="post" name="creator" onsubmit="return defaultagree();">
<input type="hidden" name="myform" id="myform" value="no" />
<script type="text/javascript">
document.creator.myform.value = "yes";

Then in the file ./Sources/Register.php

Find the line:

if (!empty($modSettings['requireAgreement']) && (empty($_POST['regagree']) || $_POST['regagree'] == 'no'))

Replace this with:

if (!empty($modSettings['requireAgreement']) && (empty($_POST['regagree']) || $_POST['regagree'] == 'no' || $_POST['myform'] != "yes"))

Now you'll be safe for the moment from this particular network of bots.  Another one will come along again some day, though!

"It's always best to close with a quote."