Vraul

What happens when you purposely and maliciously spam a website that is operated and owned by a company that specializes in internet and network security?  The chances of that company taking the actions as a joke is very unlikely.  When our spamming issues started, we had to first take immediate actions to get it to stop before our database becomes overwhelmed, and secondly we had to determine if the attacks were malicious in nature.  There are a few ways to determine this, but for the purpose of spamming the main concern is, “did the aggressor intentionally try and bypass safeguards?”

The same system in which defines if a home intrusion is breaking and entering or simple trespassing forgoes the same methods in determining if the spam was criminal or not and is based upon the principals if someone entered through an unlocked door or window or bypassed the safeguards that were in place.  In this case, we had everything from the CAPTCHA system which is the first safeguard against spam bots, a terms of service agreement that would be the second legal safeguard, and lastly we also had other methods to “bust” typical bot access.  Some spammers though, are so persistent, that they intentionally bypass these safeguards in order to vomit all of their filth all over the internet in a relentless manner.   We determined that it was this type of spammer that we were up against.

How It Works
We had first of all deployed a CAPTCHA system in which blocks 99% of bot access to our website by simply having the reader view an image with some text and type what they see.  This appears to a human to be an annoyance, but to a bot that is not programmed to read an image, they have a 99.9999999999% chance to guess the wrong code and fail the check.

Secondly we have browser agent blocking in place.  This safeguard looks at the “Browser type” accessing the website.  Browsers that are marked, “crawler”, “bot”, etc are immediately blocked from the registration page.  This usually blocks about 50% of the bots that are programmed to read the CAPTCHAs.

Our last line of defense is a referrer check, that ensures that the user submitted data from a form from our website.  This blocks another 35% of the bots that passed the previous 2 safeguards.

As you can see, you can never be 100% effective in stopping spam on a public interface such as Vraul, but there are safeguards to keep them out.  Our friend that had spammed us had:

1. Image reading bot to pass CAPTCHA tests
2. Browser agent to appear to be a legitimate user (my user agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 GTBDFff GTB7.0 (.NET CLR 3.5.30729).. their user agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.6 (KHTML like Gecko) Chrome/2.0.174.0 Safari/530.6. As you can see their bot was cloning the Chrome web-browser’s signature making it impossible for our second line of defense to stop them.
3. Referrer spoofing.  They were able to make their bot to appear to had been referred from our own site, by sending the referring packet to appear to be from our own website.

From this, any monkey on a piano can put 2 and 2 together to figure out that the spamming was targeted in a manner that intentionally bypassed any and all safe-guards that could possibly be put in place.  Thankfully, law-enforcement is own our side!

FBI Response
This morning I was informed that the FBI, Cyber Crimes Division, had tracked down the subject responsible for the spam on our website and are now days away from making an arrest.  This person(s) are now facing criminal electronics hacking and intrusion charges which are felonies and if convicted, will cause the person to loose the right to ever touch another computer system for the rest of their natural lives.  This subject operates a SEO company that specializes in “increasing your Google page rank by 3!“.  Sadly, their customers will be disappointed when their page ranks now drop by 2 from the original page-rank they did receive.  I am one of those rare people that knows the ins and outs of the Google Search Engine.  I also have their search algorithm nailed down to a “T” — in fact I know so much, that I had been propositioned in the past to go and work for Google, though the offer wasn’t still there when I was discharged from the Army.  But I know enough about their system that the customers this company had that gained +3 to their page rank, will be sorely disappointed to know that when someone removes a link, they loose more page-rank than they received!  The formula boils down to about a 1.2 loss.  So if they had a 3, gained 4 making it now 7, they would drop down to less than 2, most likely a 1.

With that said, if anyone reading this ever wants to get a better page rank, the best thing to do is ensure you thoroughly investigate the company you are doing business with, ensure that the link-backs they generate are legit and organic (no spamming), even ask to see some of their customer’s that they have optimized; then search google for “link:www.theirsite.com” to see the quality of their links; from that if you see a bunch of spam links that make no sense whatsoever or spam blogs, etc, you know that is not the company you want.  If you see links that are on forum signatures, other websites recommending the site, etc, that is a company you can stick with.  I would personally recommend my own company, www.mlwassociates.com but then again, make sure you do your own homework .