AutoPligg Spam Tool: Pligg Spam Just Got A Whole Lot Worse

Posted by Lincoln in Pligg on Monday, July 28th 2008   

Digg it

Bookmark it

Stumble it

Mixx It

AutoPligg Spam Tool: Pligg Spam Just Got A Whole Lot WorseIf you have read any of our previous articles on Pligg Spam you will no doubt already be aware that Pligg has had more than it’s fair share of spam related problems in the past. Pligg webmasters now face a potentially devastating new threat in the guise of an fully automated Pligg Submission and Voting Spam Tool titled AutoPligg from syndk8.net. Whether you currently own or are simply pondering starting your very own pligg website you will want to read this article.

On the 23rd July the Pligg Demo website was hit with a new type of spam attack originating from a tool titled AutoPligg, AutoPligg automatically creates multiple user accounts, submits stories and then even votes upon those submitted stories from the multiple pligg accounts that it created. This is really bad as by voting upon the stories that AutoPligg submits to you pligg site AutoPligg also effectively promotes those spam entries to the main pligg homepage.

As you can see this tool is a nightmare for any pligg webmaster to defend against. with pligg failing to effectively deal with simpler forms of spam than AutoPligg this particular tool could cause a lot of problems for pligg site owners.

Below is how AutoPligg describes it’s product.

Register unlimited accounts, post as much stories as you want and even leave comments on those sites.

  • High quality 1 way links to your website
  • Automatically register for accounts. Even breaks CAPTCHAs!!
  • Create UNLIMITED profiles and indentities
  • Submit stories and comment to 1000’s of sites
  • Automated pinging after each submission
  • Stats to show succesful submissions
  • Proxy support
  • Increase your page ranking
  • Tag friendly
  • Flexible features
  • FREE lifetime upgrades
  • Access to the private forum
  • Get indexed in less than 24 hours flat! (google)
  • Get indexed in less than 48 hours flat! (yahoo)

Some of the more worrying features are Proxy support and Create UNLIMITED profiles and indentities.

We decided to digg a little deeper into AutoPligg.

The user name used for the attack at Pligg.com was “whadu” and searching google for “pligg whadu” returned some interesting results, whadu has been a busy bot.

We found a pligg site titled http://newstime.ro that has been hit by AutoPligg using the whadu user name, and as you will see the potential threat it poses to pligg webmasters is huge.

NewsTime Wahdu Profile Page http://newstime.ro/user.php?login=whadu

Home Page Of NewsTime http://newstime.ro/

120 submitted links 109 published.

NewsTime Fake Automated Voters

http://www.newstime.ro/story.php?title=Gears_of_War_2_GDC_Unreal_Tech_demo

You will notice that all stories on NewsTime have the same fake voters to gain promotion to the published section.

One pligg user pingskie has made a post in the pligg forums requesting a solution on how to block this tool, as yet their has been no reply you can read pingskie’s post here. It’s worth noting though that there is currently no solution to combat the AutoPligg tool at the moment, none of the available modules at pligg will work to defend your site as will none of the available hacks.

Due to an image (Shown Below) on the AutoPligg website we would strongly advise that you remove the “Powered By Pligg” text from the footer of your template, this is one of the methods described by AutoPLigg as to how to find Pligg sites with Google.

With the pligg project’s lack of development problems and general disarray this is the last type tool that they wanted or needed to see released, as for pligg users it’s just another thorn in the side that’s will most probably cause a vast majority of users problems at some point. If you like this article why not bookmark, share or digg it to let other pligg webmasters know about the existence of such a harmful tool.

The AutoPligg site has some videos available of the spam tool in action that you may want to watch.

Visit: AutoPligg

Big thanks to graphicsguru of FoxieWire for the tip off on this tool.

Update: Pligg users are reporting  that using reCaptcha may stop this threat but this still theory, without confirmation though we cannot say 100% whether reCpatcha will stop an AutoPligg attack we really hope it does. It would be advisable to enable reCaptcha as it’s a better option than the standard pligg captcha to begin with. It’s also worth noting however that reCpatcha is breakable in the past it was with the use of a perl based script, reCaptcha like an captcha based confirmation is not bulletproof although it is better than most.

Popularity: 12% [?]



If you enjoyed this post, make sure you subscribe to our RSS feed!

  

This post was written by:

Lincoln - who has written 182 posts on Social CMS Buzz.

Founder of Social CMS Buzz and a fan of all things open source, social and design related.

Contact the author

Web: http://socialcmsbuzz.com

Related Content

Subscribe to the post comments feeds or Leave a trackback


Tags: , , , ,

30 Comments Already

commenter
rayz Said,
July 28th, 2008 @10:34 am  

Thanks for the heads up!

commenter
rakanblog Said,
July 28th, 2008 @10:42 am  

that is really bad news.. ‘even breaks CAPTCHAs’….
I would love to see one step register with confirmation email built-in to pligg core.

wonder when will pligg release ver1.0?…hurmm…

commenter
coglethorpe Said,
July 28th, 2008 @12:11 pm  

Interesting comments. How do you propose to defend against it?

commenter
Mihai Said,
July 28th, 2008 @1:30 pm  

Dude, please stop spamming me. Just because I may have commented on one or two of your articles before it does not mean I want to get an email each time you post another one.
There’s also no unsubscribe link in your email messages.

commenter
PliggNZ Said,
July 28th, 2008 @2:25 pm  

“It’s worth noting though that there is currently no solution to combat the AutoPligg tool at the moment”

I guess you are underestimating reCAPTCHA. Can it bypass reCAPTCHA during registration process? If not, why not use it? It already comes with the official Pligg Beta 9.9.0. All you need to have are the keys which you can get freely at reCAPTCHA’s website.

commenter
eos Said,
July 28th, 2008 @3:12 pm  

Ok, this is a serious threat.

If there is a way to combat this, why isn’t it POSTED on the Pligg site?

What really is going on over at Pligg. I know the main developer was away for a while and there was the failed sale of pligg. But what are the plans for going forward?

Seriously, these issues need to be addressed.

commenter
blaze2u Said,
July 28th, 2008 @3:30 pm  

I believe using “recaptcha” defends against this. I do not think it can get past that, only the default captcha and mathematical question. At least this is what has been rumored thus far. Of course, you can always use the “approve story” hack — as I’m sure this likely work.

http://forums.pligg.com/core-development/11337-solved-complete-solution-approve-story-after-being-submitted.html

commenter
David Mackey Said,
July 28th, 2008 @3:30 pm  

Seems like the reCAPTCHA mod should handle this threat? You should update your article to reflect this.

commenter
blaze2u Said,
July 28th, 2008 @3:33 pm  

By the way, Pligg is working on this exploit and it has been discussed in the fourms that they are working on this patch. They were the ones who recommended using “recaptcha”. It cannot be confirmed if this will work though. But as I said, the “approve story” hack should work. Yes, it’s a pain, but it’s better to be safe than have spam.

commenter
Andy Said,
July 28th, 2008 @6:00 pm  

Thanks for the heads up on this! Most useful to know…

commenter
John Said,
July 28th, 2008 @7:02 pm  

More sensational headlines from socialCMScrap. reCAPTCHA comes with Pligg by default, if you are not using it then you are an idiot, and probably shouldn’t’ be running a website anyway. New types of spam attacks happen on a daily basis through out the web, this is nothing new. Blaming the Pligg developers for someone else’s stupidity is really lame. The AutoPligg site says it was released just a few days ago. Pligg has even confirmed they have a patch they are going to release for those wern’t smart enough to upgrade to their latest version so I suggest you edit your article to reflect the truth.

commenter
Catchpen Said,
July 28th, 2008 @10:28 pm  

Go troll on your own forum since that’s the only way you don’t get banned from it. Your way of words sound uselessly familiar.

commenter
raatenstaat Said,
July 28th, 2008 @10:33 pm  

if you’re to stupid to block such things by activating recaptcha, you better shut down your site. this is no troll crap, this is reality.

commenter
PliggNZ Said,
July 29th, 2008 @2:43 am  

There’s a report that AutoPligg needs the “God” user account with default password to do those things. If it’s true then you can simply block it by changing your default “God” password.

@Lincoln
You should have bought and tried the software first before making your post. Or if it’s your own software, then you should have tested it fully before making such crap.

commenter
Charlie Bucket Said,
July 29th, 2008 @11:11 pm  

I have been looking into this tool and it dosent use the god password.

It just posts to pligs like a normal user.

The coding in it is good but it looks like the guy who wrote it made it work slowly rather than hit the sites too fast.

A better capture will fix this because the professional seos in those sites dont want to hit live sites.

If this makes pligg better and someone actually continues the development we have a lot to thank these toolshed guys for.

Sometimes we need a small slap to wake us up and stop us getting lazy.

commenter
Pligg Super Fan Said,
July 30th, 2008 @2:59 pm  

I didnt see the problem there, the example story was a legit story. I saw some increase in my pligg powered sites, but nothing spammy, normal stories. If the stories are not spam, i really don’t understand what the problem is.

commenter
Seth Said,
July 30th, 2008 @3:37 pm  

I can 100% confirm this tool does not require a god account like was suggested, PliggNZ maybe you should buy the software then at least you wouldn’t have to post weak reports and simple suggestions with no factual or practical basis. Either get the facts straight and do your own research or reserve your comments for inside your own skull where they would probably be most appreciated.

You also say reCaptcha cannot be broken search google ;), even if reCpatcha was 100% secure it wouldn’t matter as you can bypass the entire pligg registration process by using a pyCurl script ;)

commenter
Collin - Feed Flare Said,
August 19th, 2008 @3:05 pm  

I think the recaptcha will not work for long. If they can break the first one there going to be breaking them all.

What pligg owners should be thinking about is a way to get the owners of this tool to raise there price a lot more then it is. 189 is cheap for what it can do so what needs to be done is it put out of reach for the average person. Reducing the amount of spam your getting may be the best thing.

commenter
vorax Said,
September 20th, 2008 @7:17 pm  

i just and to my .htaccess

deny from 93.103.6.86
deny from 85.242.224.75
deny from 202.156.11.5
deny from 203.150.228.110
deny from 96.9.131.37
deny from 75.126.17.170
deny from 202.156.10.13
deny from 67.18.18.82
deny from 78.129.168.58
deny from 203.211.130.33
deny from 67.220.194.34
deny from 81.193.63.64
deny from 208.109.181.17
deny from 72.37.245.134

rename my submit.php, register
and end of problem

Pingback & Trackback
mygif
Pingback from Vote for this article at blogengage.com
July 28th, 2008 @12:34 am  
mygif
Pingback from bloggingzoom.com
July 28th, 2008 @11:22 am  
mygif
Pingback from pligg.com
July 28th, 2008 @11:52 am  
mygif
Pingback from newstube.de
July 28th, 2008 @12:10 pm  
mygif
Pingback from www.entirelyopensource.com
July 28th, 2008 @5:53 pm  

Related Post

Please Leave Your Comments Below

Please Note: All comments will be moderated

« How To Protect Your Website Template and CSS Files From Theft
SocialBrowse: Social Sharing Start Up Private Beta (50 Invites) »