Jump to content

Recommended Posts

Posted

OpenID login methond has been removed from WinCert.net for the reasons mentioned in post on robrohan.com web site:

This blog has been having some serious uptime problems, but with our move and starting our new jobs, I haven't had time to look into the problem.

At completely random times the server would just spin out of control as if it was under a denial of service attack. I figured it was just someone's home made, badly written spider, and it would just stop – but it kept happening.

Finally, I got a chance to sit down and see what might be going on with the box, and it looks like someone – well, several people, actually a lot of people – were using the OpenID plugin on wordpress (and the openid module on drupal (I have both on this server)) to either proxy porn and gambling sites, or to increase hits on their porn and gambling sites.

The apache error log was full – and I mean full – of things like this (where "…" is some porn or gambling site):

[color=#555C62][font=arial, helvetica, arial, tahoma, sans-serif][size=2]21-Dec-2010 10:40:10] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[21-Dec-2010 11:02:26] Got no response code when fetching [url="http://www.kiralikotolar.org/audi-q7-kiralama.html"]http://www.kiralikotolar.org/audi-q7-kiralama.html[/url]
[21-Dec-2010 11:02:26] CURL error (6): Couldn't resolve host 'www.kiralikotolar.org'
[21-Dec-2010 11:10:59] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[21-Dec-2010 11:23:02] Successfully fetched 'http://www.kravmagabootcamp.com/': GET response code 200
[21-Dec-2010 11:36:38] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[21-Dec-2010 11:55:27] Successfully fetched 'http://onlinealibabamovie.tk/': GET response code 200
[21-Dec-2010 12:08:47] Successfully fetched 'http://www.kravmagabootcamp.com/': GET response code 200
[21-Dec-2010 12:23:03] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[21-Dec-2010 12:42:04] Successfully fetched 'http://www.advantagewareny.com/celebrex-in-heart-rhythm/': GET response code 200
[21-Dec-2010 12:43:02] Successfully fetched 'http://antiagingreviews.iibc.com/': GET response code 200
[21-Dec-2010 13:03:10] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[21-Dec-2010 13:04:07] Successfully fetched 'http://trig.com/ghjgweu/biography': GET response code 200
[21-Dec-2010 13:23:13] Successfully fetched 'http://www.kravmagabootcamp.com/': GET response code 200
[21-Dec-2010 13:42:36] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[21-Dec-2010 13:45:30] Successfully fetched 'http://www.pozycjonowanie3.pl/': GET response code 200
[21-Dec-2010 14:27:50] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[21-Dec-2010 14:38:42] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[21-Dec-2010 14:54:53] Successfully fetched 'http://pozycjonowanie-clpik.otobiznes.pl/': GET response code 200
[21-Dec-2010 14:58:17] Successfully fetched 'http://www.myrosebags.com/': GET response code 503
[21-Dec-2010 15:20:42] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[21-Dec-2010 15:33:15] Successfully fetched 'http://goarticles.com/article/How-to-Get-Your-Ex-Back-Learn-From-My-Experiences-and-Avoid-the-Pain-That-I-Felt/2437656': GET response code 200
[21-Dec-2010 15:47:10] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[21-Dec-2010 16:26:10] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[21-Dec-2010 16:29:13] Successfully fetched 'http://confeccionesorquidea.com/': GET response code 200
[21-Dec-2010 16:30:20] Successfully fetched 'http://www.truckers.chicagocleaningservices.us/cleaning-service-chicago.html': GET response code 406
[21-Dec-2010 16:38:04] Successfully fetched 'http://www.braceletpandora.com/': GET response code 200
[21-Dec-2010 16:52:26] Successfully fetched 'http://www.goingpublic.us/': GET response code 200
[21-Dec-2010 16:53:27] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[21-Dec-2010 17:44:12] Successfully fetched 'http://www.seomarketingservicesonline.com/': GET response code 200
[21-Dec-2010 17:48:35] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[21-Dec-2010 18:39:30] Successfully fetched 'http://www.avazo.com/': GET response code 200
[21-Dec-2010 18:52:29] Successfully fetched 'http://www.webzanacka.ru/': GET response code 200
[21-Dec-2010 18:53:46] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[21-Dec-2010 19:56:57] Successfully fetched 'http://amazingteenbabes.com/': GET response code 200
[21-Dec-2010 20:05:13] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[21-Dec-2010 20:11:35] Successfully fetched 'http://hosting-blog.edu.pl/': GET response code 200
[21-Dec-2010 20:26:04] Successfully fetched 'http://casino.ru/online/poker': GET response code 200
[21-Dec-2010 21:27:48] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[21-Dec-2010 21:55:06] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[21-Dec-2010 22:28:45] Got no response code when fetching [url="http://www.problemsquealworld.nl/"]http://www.problemsquealworld.nl/[/url]
[21-Dec-2010 22:28:45] CURL error (52): Empty reply from server
[21-Dec-2010 22:30:12] Successfully fetched 'http://www.evdenevenakliyatt.net/': GET response code 200
[21-Dec-2010 22:40:37] Successfully fetched 'http://iphones-4you.ru/': GET response code 200
[21-Dec-2010 23:31:13] Successfully fetched 'http://seoplotki.pl/': GET response code 200
[21-Dec-2010 23:33:01] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[22-Dec-2010 00:11:14] Successfully fetched 'http://4etag.kiev.ua/zamer-okon.html': GET response code 200
[22-Dec-2010 00:42:38] Successfully fetched 'http://hosting-blog.edu.pl/': GET response code 200
[22-Dec-2010 01:14:47] Successfully fetched 'http://www.tophotonline.info/sitemap.html': GET response code 200
[22-Dec-2010 01:25:17] Successfully fetched 'http://www.evdenevenakliyatt.net/': GET response code 200
[22-Dec-2010 01:54:38] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[22-Dec-2010 02:05:22] Successfully fetched 'http://riva.san-ta-maria.org/search.php?q=tramadol': GET response code 200
[22-Dec-2010 02:10:30] Successfully fetched 'http://www.flyingloans.com/loan-with-bad-credit.htm': GET response code 200
[22-Dec-2010 02:14:18] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[22-Dec-2010 02:26:14] Successfully fetched 'http://confeccionesorquidea.com/': GET response code 200
[22-Dec-2010 02:26:46] Successfully fetched 'http://www.articlesofinfo.com/': GET response code 200
[22-Dec-2010 02:31:59] Successfully fetched 'http://www.v7em.com/': GET response code 200
[22-Dec-2010 02:36:47] Successfully fetched 'http://www.arizonahomespecialists.com/': GET response code 200
[22-Dec-2010 03:13:38] Successfully fetched 'http://www.evdenevenakliyatt.net/': GET response code 200
[22-Dec-2010 03:18:44] Successfully fetched 'http://oxparuerthe.edublogs.org/': GET response code 200
[22-Dec-2010 03:38:39] Successfully fetched 'http://riva.san-ta-maria.org/search.php?q=tramadol': GET response code 200
[22-Dec-2010 03:44:25] Successfully fetched 'http://ukraineindependentescorts.com/': GET response code 200
[22-Dec-2010 03:58:44] Successfully fetched 'http://www.padeelshare.com/': GET response code 200
[22-Dec-2010 04:00:47] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[22-Dec-2010 04:19:44] Successfully fetched 'http://www.bespy.be/': GET response code 200
[22-Dec-2010 04:32:02] Successfully fetched 'http://www.trendandcoffee.pl/index.php': GET response code 200
[22-Dec-2010 04:40:20] Successfully fetched 'http://www.uhrenreplica.com/': GET response code 200
[22-Dec-2010 04:42:50] Successfully fetched 'http://study.one-it.tk/': GET response code 200
[22-Dec-2010 05:10:58] Successfully fetched 'http://www.canon500d.net/': GET response code 200
[22-Dec-2010 06:04:09] Successfully fetched 'http://www.pussinen.fi/forum/profile.php?mode=viewprofile&u=88251': GET response code 200
[22-Dec-2010 06:17:41] Successfully fetched 'http://forexgurudroid.com/': GET response code 200
[22-Dec-2010 06:19:56] Successfully fetched 'http://www.sms-flirtkontakte.com/': GET response code 200
[22-Dec-2010 06:34:40] Successfully fetched 'http://www.jewfro.org/phpBB-2.0.17/phpBB2/profile.php?mode=viewprofile&u=95487': GET response code 200
[22-Dec-2010 06:51:17] Successfully fetched 'http://www.evdenevenakliyatt.net/': GET response code 200
[22-Dec-2010 07:03:09] Got no response code when fetching [url="http://www.totaldvd.net/"]http://www.totaldvd.net/[/url]
[22-Dec-2010 07:03:09] CURL error (7): couldn't connect to host
[22-Dec-2010 07:09:44] Successfully fetched 'http://fc-lokomotiv.kz/forum/index.php?action=profile;u=122523': GET response code 200
[22-Dec-2010 07:40:50] Successfully fetched 'http://trendyheel.com/community/profile.php?id=54882': GET response code 200
[22-Dec-2010 07:42:57] Successfully fetched 'http://www.legionpharma.com/': GET response code 200
[22-Dec-2010 08:10:37] Successfully fetched 'http://www.marketmoms.com/forums/memberlist.php?mode=viewprofile&u=142992': GET response code 200
[22-Dec-2010 08:22:24] Successfully fetched 'http://www.articlesofinfo.com/': GET response code 200
[22-Dec-2010 08:42:00] Successfully fetched 'http://www.moroznik.ru/forum/member.php?u=120942': GET response code 200
[22-Dec-2010 08:43:22] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[22-Dec-2010 08:56:01] Successfully fetched 'http://f.janek.ru/': GET response code 200
[22-Dec-2010 08:58:49] Successfully fetched 'http://photoline.org.ua/': GET response code 406
[22-Dec-2010 09:13:08] Successfully fetched 'http://canewoodgc.com/forums/index.php?action=profile;u=135591': GET response code 200
[22-Dec-2010 09:15:40] Successfully fetched 'http://www.evdenevenakliyatt.net/': GET response code 200
[22-Dec-2010 09:25:38] Successfully fetched 'http://www.buykamagra.biz/': GET response code 200
[22-Dec-2010 09:35:12] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[22-Dec-2010 09:42:23] Successfully fetched 'http://amazingteenbabes.com/': GET response code 200
[22-Dec-2010 09:45:39] Successfully fetched 'http://artline-comics.com/forum/profile.php?mode=viewprofile&u=151052': GET response code 200
[22-Dec-2010 09:57:54] Successfully fetched 'http://www.niesplaca.pl/': GET response code 200
[22-Dec-2010 10:09:46] Successfully fetched 'http://www.v7em.com/': GET response code 200
[22-Dec-2010 10:17:12] Successfully fetched 'http://www.santahamina.fi/foorumi/profile.php?mode=viewprofile&u=86428': GET response code 200
[22-Dec-2010 10:41:26] Successfully fetched 'http://blackjackonlinebasics.com/': GET response code 200
[22-Dec-2010 10:47:22] Successfully fetched 'http://www.virtus.01d.ru/forum/profile.php?mode=viewprofile&u=84562': GET response code 200
[22-Dec-2010 10:52:52] Successfully fetched 'http://www.replicasswiss.com/': GET response code 200
[22-Dec-2010 10:58:33] Successfully fetched 'http://www.buzzle.com/articles/how-to-play-video-poker-like-a-pro.html': GET response code 200
[22-Dec-2010 11:11:26] Successfully fetched 'http://gamecheatshack.com/': GET response code 200
[22-Dec-2010 11:16:18] Successfully fetched 'http://gamecheatshack.com/': GET response code 200
[22-Dec-2010 11:20:00] Successfully fetched 'http://brimmer.kiev.ua/for//profile.php?mode=viewprofile&u=82365': GET response code 200
[22-Dec-2010 11:22:13] Successfully fetched 'http://onlinealibabamovie.tk/': GET response code 200
[22-Dec-2010 11:33:20] Successfully fetched 'http://confeccionesorquidea.com/': GET response code 200
[22-Dec-2010 11:40:53] Successfully fetched 'http://gamecheatshack.com/': GET response code 200
[22-Dec-2010 11:45:51] Successfully fetched 'http://www.evdenevenakliyatt.net/': GET response code 200
[22-Dec-2010 11:52:16] Successfully fetched 'http://gadgetstoget.com/Forum/index.php?action=profile;u=99392': GET response code 200
[22-Dec-2010 12:22:39] Successfully fetched 'http://www.ecazorla.com/insomnio/foros/profile.php?mode=viewprofile&u=181259': GET response code 200
[22-Dec-2010 12:47:24] Got no response code when fetching [url="http://www.libertytraffic.ru/billing/order.php?type=shop&group=1"]http://www.libertytraffic.ru/billing/order...hop&group=1[/url]
[22-Dec-2010 12:47:24] CURL error (6): Couldn't resolve host 'www.libertytraffic.ru'
[22-Dec-2010 12:49:33] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[22-Dec-2010 12:49:48] Successfully fetched 'http://bazafile.ru/': GET response code 200
[22-Dec-2010 12:54:58] Successfully fetched 'http://spinelessfiction.com/forum/index.php?action=profile;u=149601': GET response code 200
[22-Dec-2010 13:07:52] Successfully fetched 'http://najtanszeocac.net/': GET response code 200
[22-Dec-2010 13:11:59] Successfully fetched 'http://www.evdenevenakliyatt.net/': GET response code 200
[22-Dec-2010 13:13:44] Successfully fetched 'http://promocjebukmacherskietop10.com/': GET response code 200
[22-Dec-2010 13:25:22] Successfully fetched 'http://performersparadise.com/paradise/forum/profile.php?mode=viewprofile&u=242443': GET response code 200
[22-Dec-2010 13:35:55] Successfully fetched 'http://www.ojosymas.com/usefull-info-about-diflucan/': GET response code 200
[22-Dec-2010 13:56:04] Successfully fetched 'http://selenagomez-fanclub.com/forum/index.php?action=profile;u=119109': GET response code 200
[22-Dec-2010 14:19:29] Successfully fetched 'http://bestaltimeterwatch.com/': GET response code 200
[22-Dec-2010 14:28:43] Successfully fetched 'http://www.eddjss.com/forum/member.php?u=149810': GET response code 406
[22-Dec-2010 14:35:06] Successfully fetched 'http://peter2124morley.insanejournal.com/1100.html': GET response code 200
[22-Dec-2010 14:42:01] Successfully fetched 'http://promocjebukmacherskietop10.com/': GET response code 200
[22-Dec-2010 14:51:59] Successfully fetched 'http://www.evdenevenakliyatt.net/': GET response code 200
[22-Dec-2010 14:53:33] Successfully fetched 'http://www.bibliotecka.ru/': GET response code 200
[22-Dec-2010 15:01:56] Successfully fetched 'http://www.visitwarsaw.viapolonia.pl/forum/profile.php?id=125347': GET response code 200
[22-Dec-2010 15:19:18] Successfully fetched 'http://www.kravmagabootcamp.com/': GET response code 200
[22-Dec-2010 15:33:34] Successfully fetched 'http://www.winkeyelash.com/board/index.php?action=profile;u=126259': GET response code 200
[22-Dec-2010 16:04:10] Successfully fetched 'http://www.evdenevenakliyatt.org/': GET response code 200
[22-Dec-2010 16:04:56] Successfully fetched 'http://www.neuralstatic.com/phpBB2/profile.php?mode=viewprofile&u=93808': GET response code 200
[22-Dec-2010 16:08:56] Successfully fetched 'http://vividhust.110mb.com/': GET response code 200
[22-Dec-2010 16:33:57] Successfully fetched 'http://www.evdenevenakliyatt.net/': GET response code 200
[22-Dec-2010 16:37:57] Successfully fetched 'http://www.hatunca.net/forum/index.php?action=profile;u=58153': GET response code 200
[22-Dec-2010 16:44:35] Successfully fetched 'http://www.israguides.com/': GET response code 200
[22-Dec-2010 16:47:36] Successfully fetched 'http://casino.ru/group/poker/poker_game/blog': GET response code 200
[22-Dec-2010 16:58:40] Successfully fetched 'http://www.israguides.com/': GET response code 200
[22-Dec-2010 16:58:42] Successfully fetched 'http://internetmarketing-software.com/': GET response code 200
[22-Dec-2010 17:00:43] Successfully fetched 'http://www.sms-flirtkontakte.com/': GET response code 200
[22-Dec-2010 17:09:24] Successfully fetched 'http://furfag.com/forums/profile.php?mode=viewprofile&u=128686': GET response code 200
[22-Dec-2010 17:36:24] Successfully fetched 'http://livero.pl/': GET response code 200
[22-Dec-2010 17:39:58] Successfully fetched 'http://www.bespy.be/': GET response code 200
[22-Dec-2010 17:42:28] Successfully fetched 'http://www.pullwithbothhands.com/phpBB2/profile.php?mode=viewprofile&u=107200': GET response code 200
[22-Dec-2010 17:56:50] Successfully fetched 'http://www.abercrombiefitchuk.net/': GET response code 200
[22-Dec-2010 18:03:10] Successfully fetched 'http://www.rus-dom.net/': GET response code 200
[22-Dec-2010 18:16:15] Successfully fetched 'http://static.atlanticmasters.org/msc//profile.php?mode=viewprofile&u=160636': GET response code 200
[22-Dec-2010 18:21:01] Successfully fetched 'http://www.pachi-park.com/': GET response code 200
[22-Dec-2010 18:27:29] Successfully fetched 'http://latesthostgatorcoupons.com/promo-codes-for-hostgator': GET response code 200
[22-Dec-2010 18:48:48] Successfully fetched 'http://www.prologon.se/forum/index.php?action=profile;u=116162': GET response code 200
[22-Dec-2010 18:51:00] Successfully fetched 'http://www.evdenevenakliyatt.net/': GET response code 200
[22-Dec-2010 18:59:47] Successfully fetched 'http://www.myrosebags.com/': GET response code 200
[22-Dec-2010 19:05:37] Successfully fetched 'http://mistapikavippi.com/': GET response code 200[/size][/font][/color]

What they were doing – I think – is using the OpenID authentication form and putting in the site they wanted to increase traffic to as the authority / verification site. OpenID would then try to verify them. The transaction would fail of course, but not before registering a hit on the fake verification site.

I shudder to think at how many porn and gambling sites now have my site in their log files. It's no wonder I've been getting a huge increase in spam lately. Sigh.

Needless to say, OpenID comments are no longer allowed here.

(There could of course be other problems, but this was definitely not helping. Since I've turned it off, the server seems much more snappy.)

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...