[SAC] CASE2: human spammer tried to obtain mantra (and failed)

Sandro Santilli strk at keybit.net
Wed May 18 06:23:20 PDT 2016


A user with nick name "yousufmallick" joined #osgeo IRC channel
and asked for the mantra:

      < yousufmallick> hello
      < yousufmallick> can you please help me with the mantra

Norman Vine figured the user was coming from a suspicious IP,
so I gave him the wrong mantra. After some minutes a new user
with nick name "amber_" joined #telascience IRC channel

      < amber_> hello
      < amber_> can anyone help me with mantra

At the time both users were connected with the two different nicks.
Both connected via the freenode webchat application, connected
with an HTTP client from IP 103.38.177.2

NO such IP hit the user creation form in the recent days.
The last POST from that IP was on May 5:

      103.38.177.2 - - [05/May/2016:12:47:00 -0700] "POST /ossim/wiki/USA%201*800*445*2790!!!%20norton%20a ntivirus%20t.e.c.h%20s.u.p.p.o.r.t%20p.h.o.n.e%20n.u.m.b.e.r HTTP/1.1" 303 789

We had a chat with the guy, to try at getting more info out.
It didn't look like a bot to me, confirming the previous analisys
about the captcha not having an effect. An extract:

      < strk> amber_: what do you need an OSGeo Userid for ?
      < amber_> i want to post my conten
      < strk> what content ?
      < amber_> מאַנטראַ al ++ 1.800..445..2790 us uk canada t.ech s.up.p.or.t p.h.one n.u.m.be.r, bullguard  p.h.one n.u.m.be.r

I think Mateusz has a full log of the chat, if someone is interested from
a sociological point of view :)

Mantra-based keeps working !

--strk; 


More information about the Sac mailing list