homepage Welcome to WebmasterWorld Guest from 54.211.190.232
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Website
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque & physics

Webmaster General Forum

This 64 message thread spans 3 pages: < < 64 ( 1 [2] 3 > >     
Chinese Hijacking of THIS site! And mine too.
friendlyseo




msg:340922
 8:55 pm on Mar 6, 2005 (gmt 0)

My sites have been hijacked by <snip> and so has webmasterworld.com (already indexed by Google)

Just in case my other LONG WINDED post gets lost - it was in the Apache Web Server category, here is some shoocking info.

Too important for it not to get noticed.

[webmasterworld.com...]

They have 175,000 hijacked pages indexed on Google including this site.

Example of hijacked page:

<snip>

Look on Google:

site:<snip>

Thanks!

[edited by: trillianjedi at 8:47 pm (utc) on Mar. 9, 2005]
[edit reason] They're known here, let's lose the specifics [/edit]

 

StupidScript




msg:340952
 7:46 pm on Mar 10, 2005 (gmt 0)

It is truly becoming a problem.

For all of our work trying to bridge the Digital Divide, to allow people of all nations and income levels to access the Internet and become members of the global community, these problems of IP blocks being used for "bad" purposes create a vexing, artificial and avoidable diversion.

Our company, like others, felt that the security risks associated with allowing systems from within these IP blocks far outweighed the potential business benefits, and so we have banned not only Chinese IP addresses, but also many from Australia and the Netherlands. These have been demostrated to be the source of lots of activity ranging from brute force hack attempts to the issues posed by this thread. Whenever we detect an intrusion attempt, we research the IP and drop packets from sometimes entire Class C blocks.

Sometimes the Netherlands blocking is problematic, when traffic from the UK is routed through those servers, but what are our options? Let all the "bad" guys in for the chance to serve a few customers?

I feel badly about doing it, but if my corporate web server goes down because I feel bad, my business goes down with it.

I would like to encourage any person who uses the addresses in question to begin campaigning for tighter control over those machines. It's going to be a long road, filled with many many potholes, but it MUST be done if we are to keep from establishing a new "ghetto" on the Internet.

One day, perhaps, we can re-open our servers to the Chinese and all of the others, if substantial work is done and maintained. It could be awhile ... :(

friendlyseo




msg:340953
 8:01 pm on Mar 10, 2005 (gmt 0)

I'm happy to announce that I just noticed <snip>the offending sites</snip> are now gone from the google index.

I sent a spam report and it looks like it may have had impact. Maybe for another reason, but hey - they be gone!

[edited by: trillianjedi at 3:00 pm (utc) on Mar. 11, 2005]
[edit reason] See TOS [/edit]

jasonlambert




msg:340954
 8:16 pm on Mar 10, 2005 (gmt 0)

One possible solution to the dilemma of banning IP ranges for fraud orders is to intergrate something like GeoIP into your cart software, and automatically flag order's from some countries for manual inspection before processing the order.

For example you could require that all customers provide a phone number (a landline, and NOT a mobile), and for people in your suspect countries list give them a call to confirm before processing..

the_nerd




msg:340955
 8:57 pm on Mar 10, 2005 (gmt 0)

walkman,
NO ONE from let's say China benefits me, and no one from China benefits from my (one) site. On one hand I have nothing to gain, but I can lose my rankings over it because some Chinese site decides to copy my site. What should I do?

isn't this supposed to be the WORLD wide web? There might be people in countries that badly need information from the web because they don't get it from their governments. Ok, they probably could get along without a couples of aff sites, but real information should be available everywhere.

Wlauzon




msg:340956
 9:30 pm on Mar 10, 2005 (gmt 0)

isn't this supposed to be the WORLD wide web? There might be people in countries that badly need information from the web because they don't get it from their governments. Ok, they probably could get along without a couples of aff sites, but real information should be available everywhere.

So you are saying that I should not ban IP addresses that come from web hijackers <snip>?

[edited by: trillianjedi at 3:02 pm (utc) on Mar. 11, 2005]
[edit reason] Please, let's keep off the politics and Country-wide criticism. [/edit]

pincher34




msg:340957
 9:34 pm on Mar 10, 2005 (gmt 0)

In the 8 years I've been in business, I've never sold my services to someone outside the USA. Everyday, I used to receive unsolicited emails from the same parts of the world, offering to do my job for me at a fraction of the price. I have no intention of ever doing this. So, their IPs are now shut off to my site and they can't use all of the free info and tools I was trying to share with them. World Wide Web or not, it's my site and my call.

sidewinder




msg:340958
 9:40 pm on Mar 10, 2005 (gmt 0)

I just banned APNIC entirely. Got sick of dealing with endless stolen credit card orders. Now, no stolen cards.

Don't forget that includes Australia as well.

mrMister




msg:340959
 10:12 pm on Mar 10, 2005 (gmt 0)

I just banned APNIC entirely. Got sick of dealing with endless stolen credit card orders. Now, no stolen cards.

Don't forget that includes Australia as well.

How do you know that wasn't his intended target? :-)

mrMister




msg:340960
 10:13 pm on Mar 10, 2005 (gmt 0)

Isn't there anybody outside the USA who has this insular attitude?

Come on, there must be one! OK. I'll open my request to ex-pats. Any expatriated Americans planning to shut their web server's doors to the outside world?

gethan




msg:340961
 10:39 pm on Mar 10, 2005 (gmt 0)

There are a few confused issues in this thread:

1) Page copying - China blocks thousands of sites from being accessed by their citizens - to get round this there are lots of proxy servers set up and closed down daily. Some will cache the pages. Copyright is also different in China (as far as I know) which would mean these guys aren't breaking copyright in China. The problem is that google (other SE) then credits the mirror site with the content... the SE's need to sort this out, along with page jacking etc.

2) Fraudulant Orders - that's something for your business rules to be aware of - if 99.9% of orders from country X are fraudulant - then it makes sense to drop them.

3) ROI - if sending orders to country X is more hassle than it's worth then that's another business decision.

I think that no. 1 is the more interesting problem. For some of my sites I have an interest in keeping access from China - I'm sure there will come a day when some bureaucrat will click that block button.

China will be huge - half the worlds GNP in the coming decade (according to CNN just now!) - I'm sure that at some point there will be a demand for exotic foreign goods purchased over the net by the nuevo riche chinese - pitty that I'm not in that business cause we're living in interesting times...

walkman




msg:340962
 10:42 pm on Mar 10, 2005 (gmt 0)

qwer,
life is not fair. In a ideal world, when someone from Nigeria orders $4000 worth of electronics, does so legitimately. If 10 out 10 orders in the past year, have been fraudelent why shouldn't you block the country?

to all of you who have blocked entire countires, stop talking about it, unless you PM me the instructions...:)

stevegpan2




msg:340963
 10:50 pm on Mar 10, 2005 (gmt 0)

I rememeber an article said USA is still the country creating more spams than any other country in the world.

walkman




msg:340964
 10:56 pm on Mar 10, 2005 (gmt 0)

"said USA is still the country creating more spams than any other country in the world"

Ban them

flyerguy




msg:340965
 11:40 pm on Mar 10, 2005 (gmt 0)

I for one can not understand how this site in China achieved any ranking at all.

For example, I thought it would a nice experiment to beef up my student finance sector website by using an .NET scraper script to mirror the contents of, well, every single college and university website in the US.

Worked great for a while, my promotion and navigation on top, U of wherever mirrored on for one, with all the content rewritten to come from my domain.

Nice little experiment. Well, it took about a week to get booted from Google completely.

After I removed this beast and emailed G support, they were cool enough to reinclude the site in the index and it's indexed fine now in it's clean state.

The point is, my site was terminated by an algo that says 'if X site has 10 million times to much content, appearing out of nowhere, it is likely a stupid goom with a scraper script', doing exactly what I was doing.

How could this 1bu site have grown so big and caused problems for so many people? Is Google now able to recognize whole site structures being mirrored?

bears5122




msg:340966
 12:11 am on Mar 11, 2005 (gmt 0)

I for one can not understand how this site in China achieved any ranking at all.

You must not be checking out the quality of Google's SERPs of late. :-)

Unfortunately, certain governments lack control over internet crimes, and in some instances encourage it. It is widely reported that countries like Nigeria turn a blind eye toward fraudulent orders.

It's sad that the web can't truly be world wide, but I don't blame webmasters who block out countries. It's always the few bad apples who ruin it for everyone else.

Some sites I run, I have banned traffic from China as well. They take up a large portion of my bandwidth, and I've never converted anything from over there. This isn't charity for many of us.

timchuma




msg:340967
 3:01 am on Mar 11, 2005 (gmt 0)

Just banning single IPs or ranges is like fighting the mythological Hyrda. The problem will reappear occur as soon as they change the IP address of the offending site.

Much like Hercules fighting the Lernean Hydra, you will have to come up with a better solution and may need to involve outside help.

Thanks.

StupidScript




msg:340968
 3:37 am on Mar 11, 2005 (gmt 0)

Actually, timchuma, the returns are almost immediate.

What you need to do is to closely monitor your logs and detect "bad" activity. You see an IP address, you check it's status against [arin.net....] It returns an APNIC + China IP block, you drop packets from that Class of addresses (look for XXX.XXX.XXX.XXX/X for the entire Class syntax).

It's pretty simple, and after a week or so, you notice a marked decrease in fraudulent/damaging activity.

If the IP address is within a block that you wish to continue cultivating, you ban the one IP and move on with your day. It's a good bet that that single system has been compromised, and if that one address wants to do business with you, well, they'll need to clean their system, first.

I realize, timchuma, that the feeling of futility is easy to come by, especially after reading up on hacking techniques and such, but please believe that your system(s) can be secured within the bounds of reasonableness. More than likely, your data is not an "easter egg", and not the primary goal of any attack, and, as such, you can initiate a decent level of security which will protect you from all but the most "break the window instead of pickng the lock"-type hacks.

PS: You can block the Class (or any IP range) using (at least) iptables, on a 'Nix system. There's a MS method indicated earlier in this thread.

PPS: APNIC maintains an aggressive(ish) anti-abuse system to which you can report "bad" activity, for those of you who wish to help the "ghetto" become a contributing memeber of society.

idoc




msg:340969
 3:58 am on Mar 11, 2005 (gmt 0)

"parallel internet for "bad" countries will be created."

I think you are close... I fear the Internet we have now will eventually be the bad one though. IPv6 is going to open alot of new room for addressing extranets for example. I forsee at some time in the future... paid extranets that use the free Internet as no more than a network cable becoming a premiuim service for those who find the free Internet to be spoiled. I remember when most folks didn't think pay TV would sell when you could get it for free... and now folks are paying for radio. I don't think the idea is such a stretch.

As for now, I have to say I have a number of class A's in the hosts.deny of my email and web servers. I didn't set out to be an Internet bigot or anything the like and IF I am now... at least I came by it honestly. ;)

ownerrim




msg:340970
 4:37 am on Mar 11, 2005 (gmt 0)

can anyone give me advice on how to block certain countries from accessing my sites? I managed to find the IP ranges for various countries this evening but it doesn't look as easy as it sounds. Countries don't have contiguous blocks of IPs it seems. Instead, each has a little bit of 195.#*$!...., a little of 215.xxx...., and so on and so on. It seems like it would take forever to isolate all the IP ranges that just china and india have. Any tips?

plumsauce




msg:340971
 6:50 am on Mar 11, 2005 (gmt 0)

NO ONE from let's say China benefits me, and no one from China benefits from my (one) site. On one hand I have nothing to gain, but I can lose my rankings over it because some Chinese site decides to copy my site. What should I do?

some things transcend pure commercialism

<snip - no longer made sense without the original quote which is now deleted>

besides, given the goods you sell, how will it look when a supplier from the region decides to look at your website before deciding on doing business with you? if the site in your profile is accurate, at least some of the goods you resell are manufactured in the region.

life is not fair. In a ideal world, when someone from Nigeria orders $4000 worth of electronics, does so legitimately. If 10 out 10 orders in the past year, have been fraudelent why shouldn't you block the country?

now this is starting to sound like the logic used by <snip> and like minded vigilantes of email blacklist school of thought. the real problem here is that your credit card processor isn't doing as well as they should in fraud scrubbing. or, they have no access to the international databases to do the job in the first place.

-----------------------

Finally, banning ip's is of absolutely no help as long as at least one cache of of your pages is available someplace else. For example, out of the google cache itself. How do you think that the decision is made on *which* pages to cache to begin with? It is not random.

It is trivial to get around an ip ban. Just setup a machine with a high speed connection for $25 a month using say AOL, scrape to an archive, burn it to a CD and ship it out. Is there anyone here prepared to ban AOL proxy addresses? Actually, the only way to avoid scraping entirely is to turn the server off. At which point you've won the battle. Guess who wins the war?

The root cause is that your favourite onshore search engine cannot seem to handle the duplication in any intelligent fashion. And *they* have no intention of banning the same ip ranges.

Instead, each has a little bit of 195.#*$!...., a little of 215.#*$!...., and so on and so on. It seems like it would take forever to isolate all the IP ranges that just china and india have.

that's because ARIN historically allocated lion's share of available ip space to domestic interests and gave out tiny little ranges to APNIC and RIPE. totally off topic, but a pet peeve of mine.

[edited by: trillianjedi at 3:26 pm (utc) on Mar. 11, 2005]

hobbnet




msg:340972
 7:05 am on Mar 11, 2005 (gmt 0)

stevegpan2 said:
I rememeber an article said USA is still the country creating more spams than any other country in the world.
We aren't discussing SPAM, are we?... totally irrelevant.
the_nerd




msg:340973
 8:03 am on Mar 11, 2005 (gmt 0)

So you are saying that I should not ban IP addresses that come from web hijackers because some peasant in China might need the info on my website?

No,pal. I'm simply saying that banning complete countries might be a somewhat tough measure. I remember 10 years ago you had to "give something back to the web" in order not to get flamed. (And I have the impression that 2 or 3 inhabitants of a very big and important nation devide the world into just 2 countries: 1. my loved and clean country, 2. all the other suckers out there) No offence meant, of course.

andsieg888




msg:340974
 8:24 am on Mar 11, 2005 (gmt 0)

If you look closely at one of the offending sites that was mentioned in an earlier thread:
[webmasterworld.com...]
there is actually a link (top left "about site") which explains how to prevent their site from 'filtering' your site. Not sure if it works but probably worth looking into.

I had one of our Chinese employees look around on the net and see what Chinese people were saying about this site and there were definitely some folks who thought it was a very good way ( =faster) to look at non-Chinese sites, although some felt it was a load of $%^&.

Just like Google's algo has unintended side effects on perfectly legitimate sites so does China's "nanny" algo have unintended side effects on western sites which are perfectly legitimate. So sometimes people go looking for better ways to view western sites.

As far as banning Chinese IP addresses from your site, if it was effecting my site, I probably would go ahead and try to do it, but just to play devil's advocate how would it look if some store in America said we don't permit Chinese nationals to enter our store because they never buy anything and only cause trouble. I don't think that would go over very well.

DennyChina




msg:340975
 10:52 am on Mar 11, 2005 (gmt 0)

I have repeating-order customer from Nigeria, each time 2-3K USD, he just pays T/T, so I do not send the goods, until the money arrives to my account (and yes, nobody can do a charge back on T/T :) I believe here is some people they know just credit card payments...

Hollywood




msg:340976
 9:06 pm on Mar 11, 2005 (gmt 0)

China needs to understand the growth of online commerce not abuse it's own rights and to take advantage of them.

It is a matter of use or abuse. In the USA we choose to use but many do abuse. But out of the gate China appears to be abusing far more than using.

Not good

Hollywood

creepychris




msg:340977
 10:42 pm on Mar 11, 2005 (gmt 0)

how would it look if some store in America said we don't permit Chinese nationals to enter our store because they never buy anything and only cause trouble. I don't think that would go over very well.

Interesting analogy. But OTOH legal rights, redress, and jurisdiction are a factor here. Using your analogy, if they cause trouble in my store, hopefully, I can find redress in the legal system here since all actions are occuring withing one jurisdiction. The problem with the analogy is that Chinese internet users can hide behind their country's jurisdiction (and lack of enforcement)and cause mayhem and I have no chance for redress. The nations have yet to iron out the problems of jurisdiction and the internet through enforceable int'l treaties yet.

They are banned, not because they are Chinese, but because my rights with regards to their use of my sites are not protected from the regioni they come from.

Personally, I have a lot of valuable traffic from China and I would never seek to ban the whole country. (And for those of you who ban all of APNIC, I'll smile quietly as I collect all those backlinks!).

walkman




msg:340978
 3:19 am on Mar 12, 2005 (gmt 0)

"...how would it look if some store in America said we don't permit Chinese nationals to enter our store because they never buy anything and only cause trouble. I don't think that would go over very well."

wrong analogy. Let me fix it for you: It is the Wild West, with no laws to stop the chinese people from robbing your store. Not all but most of the robbers are Chinese. You can't call the cops or do anything else but ban them from entering the store.
what would you do? Go out of business?

alleffort




msg:340979
 8:39 am on Mar 12, 2005 (gmt 0)

<snip>

andsieg888




msg:340980
 2:10 am on Mar 14, 2005 (gmt 0)

Creepychris and walkman good points, my analogy was somehwat intended for those who feel that just because they own a website they can do whatever they want with it.

Really I'm just hoping that we are not headed in a direction that the title of this thread suggests.

I actually live and work in china and know that there is a lot of good stuff going on out here. It would be a shame if because a few rotten apples the web were to become deeply divided.

flyerguy




msg:340981
 9:06 am on Mar 15, 2005 (gmt 0)

I've been pretty liberal about the issue until I checked my logs today.

How do I ban China with an IIS server? Is there a simple ASP string that will redirect 219.123.*.* (or whatever the IP set is?).

I don't have a team of programmers to set up more 'lets be global friends' measures and rely on my site for income, too bad for China, however my store has got nothing for them anyhow.

DennyChina




msg:340982
 4:59 pm on Apr 7, 2005 (gmt 0)

I love you guys banning whole Apnic, more I sale, thanks! love!

This 64 message thread spans 3 pages: < < 64 ( 1 [2] 3 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved