Planet Descent
Community => Mess Hall => Topic started by: Crash on April 21, 2011, 10:27:50 AM
-
Every time our router overflows its IP stack, it has to be restarted. When it restarts, it is allocated a new IP address from our internet provider.
Today, I tried to log on to PlanetDescent, only to be presented with a page that itself appeared highly suspect.
Its design was unprofessional and it appeared to me as though the site itself had been hacked. I only entered the data that the page required out of sheer curiosity and because I knew that our firewall and antivirus would handle anything that the site threw at us.
I disapprove of the PHP script (warning.php), which presumably originates from Project Honeypot. I feel that due to the above, it fails in purpose and makes too many assumptions. On our network, we have 2 dozen PCs and devices connected to the network.
Therefore the script's wording ie ("check the details for your IP: 86.130.224.89 to see exactly what it has been doing wrong") is insulting and wholly presumptive.
I also had a look at the Project Honeypot and its report on our new IP address was so vague and unclear that it supported no conclusions anyway.
I figure that the script is part of the CMS system but I figured I'd let you know, in case no-one has seen it.
I think it would help if the page had used the site's own formatting so that you were able to identify it as genuinely belonging to PlanetDescent.
-
I'll look into it. What is the url?
Edit: I looked at your ip on project honeypot, and there is nothing vague about that report. Your ip was used, a couple months ago, by spammers. Nothing presumptive there, your ip has a rating of 25 which indicates over 100 spam messages to a trap. Without blocking of spammers, we would be over run by them.
The page you hit is a trap. It is designed to look like a page full of e-mail addys only to a spam bot.
The plugin looks at a number of factors before blocking an ip. One of which is a bad report from project honeypot. Unfortunately, there are bound to be false positives, I am sorry you became one. You might want to bring this to the attention of you ip provider. You could also restart your router again and hope to get a clean ip this time.
-
I'm guessing that the previous user of that IP was the one running the malicious stuff (could have been anything from a spam server to pirate torrents to DoS attacks, who knows).
Your ISP probably had that IP marked as malicious, and they fed you that page. It was probably the first one you visited after resetting the router, correct?
-
Sorry, edited my post while you were replying, Foil. I believe the page he got was served by a plugin i installed here, designed to block spammers and crackers. His ip is reported as having been used by spammers and dictionary attackers.
-
The page I hit was a warning page with a red header and two columns of instructions; one in English and the other in Spanish. The address was just planetdescent.net/warning.php.
The way I accessed the site was to input two antispam calculations into the page's forms. It wasn't a list of spam-baiting addresses.
What I thought was problematic about the honeypot report was how it was saying that 40+ emails had been sent over 3 months. So someone whose PC had been zombified and then rescued/cleaned long before my birthday in February would still have been blocked now and for ... who-knows how long into the future (which is ridiculous). Because most cheap routers jam every so often (the old router I shared in East-Germany seized several times/day on occasions), I would think it uncommon for someone to keep the same IP address for 3 months.
At least the page wasn't blaming the user personally because obviously a spammer's best tool is a zombie network; far better than tying up their own machine and connection doing their dirty work. So in that sense it was well-informed.
But telling them to scan their PC to work out what "it" had been doing was narrow.
-
I've got that very same page from time to time when entering Planet Descent (i. e. after restarting my router) and it's really a nuisance. :P
I'm not sure why it also happens on my side.
-
reminds me of this, not saying they're related. just what Pumo said as well about getting that from time to time:
http://www.pclinuxos.com/forum/index.php/topic,89891.0.html
as far as your case is concerned, I don't really have any ideas. sorry.
-
Thing is - if the list shows that the PC *might* be sending spam emails ... then why try and restrict the user from accessing the site?
All it should do is say "Oh by the way, you might want to run a check for malware because there's been funny stuff coming from this IP address".
Why it would frustrate you in accessing the site? I don't know, unless it's to try and punish intentional spammers, but all that will do is proliferate zombie botnets.
-
Hmm, I've never seen anything like this before on my end, and we reset our server almost daily...
-
I haven't seen the suspicious activity screen you've seen before, but I have recently gotten my first spam email. That could be related to this issue or it may very well be my own separate issue, this virus I've been fighting.
-
Thing is - if the list shows that the PC *might* be sending spam emails ... then why try and restrict the user from accessing the site?
Because I have to delete dozens of spam registrations every day. And that is not including however man TechPro and Commander In Chief delete. Would be hundreds if they were not blocked. Do you want this site overrun with spam?
-
Do you want this site overrun with spam?
Yes please!
;)
-
Do you want this site overrun with spam?
Yes please!
;)
\
I suspect sarcasm ;)
-
Thing is - if the list shows that the PC *might* be sending spam emails ... then why try and restrict the user from accessing the site?
Because I have to delete dozens of spam registrations every day. And that is not including however man TechPro and Commander In Chief delete. Would be hundreds if they were not blocked. Do you want this site overrun with spam?
I take that as an acceptable answer. ;D
-
Do you want this site overrun with spam?
Yes please!
;)
\
I suspect sarcasm ;)
What's sarcasm?
-
Something you seem to use fairly frequently. :)
-
Something you seem to use fairly frequently. :)
I assure you I don't know what you're talking about. I enjoy spam more than anything, and would love to see this site overrun by it.
-
love spam. gimme gimme
-
Mmmm... Fried SPAM with slices of Kraft cheese singles melted on top .... mmmmmMM!