Shark Lady Tech

Technology, Internet, Gadgets and Geeks

Posts Tagged ‘china’

qq829.com: Malicious Scripts or Spam from China?

April 18th, 2010

Website managers from all over the world are reporting some weird referrers from qq829.com to their sites. If you are following your site stats on a daily basis, you might have come across some peculiar and unexplained traffic from China, from a link that looks like this:

http://qq829.com/web_stat.asp?dn=domainname.com

The domain itself, qq829.com, is Chinese and linked to http://new.cnzz.com – a known spammy domain. It’s hard to make sense of the site itself. Some information about the site can be found here.

At the moment, there aren’t certain answers as for what this link is, if it’s malicious or just Splog or spam. Currently, the most helpful source of information about this, is a discussion in Google Analytics Help.

You can also follow updates on the matter with a Google search, focused on the latest results.

The links are suspicious and a bit worrisome, because no one knows for sure if it’s a script attack, simple spam or a meaningless mistake on the Chinese side (unlikely). If you own a website, make sure your files haven’t been tampered with ( I’ve checked mine and they seem untouched) and that you have a strong FTP password and/or a strong admin password (if you have a CMS).

The best solution I have located thus far is to block the Chinese IPs through the .htaccess file. The IPs change with every hit, but you can also block whole batches of IP addresses from China if you don’t fear losing Chinese traffic.

If you wish to block traffic from cnzz.com and qq829.com, AurelloSoft suggests that you insert this code in your .htaccess file (COPY WITHOUT the dashes in the last line!):

SetEnvIfNoCase Referer "^qq829" TOBLOCK=1
SetEnvIfNoCase Referer "^cnzz" TOBLOCK=1

<FilesMatch "(.*)">
Order Allow,Deny
Allow from all
Deny from env=TOBLOCK
</FilesMatch>

—–

Update #1: There’s now a claim that qq829.com provides spammers with pre-written blogs. This re-enforces the assumption that the links are spam, but there hasn’t been any serious analysis of the site or the code.

Update #2: Thus far the best solution is blocking Chinese IP addresses via the .htaccess file. See instructions above.

15 comments »

Posted in Hacking and Security, Internet

Tags: china qq829 qq829.com scripts site stats spam suspicious traffic

Why Google REALLY Wants Out of China

January 20th, 2010

Oxblood Ruffin with some very strong words about the real reasons behind Google’s threat to leave China:

“Clearly, Google has thought this through. It knows that China will not un-censor the internet; not by a single pubic hair, nor a solitary mention of the Dalai Lama. So why would Google throw down the gauntlet?”

[ Read it here ]

No comments »

Posted in Censorship, Internet

Tags: Censorship china google opinion oxblodd ruffin

Google VS China – Who is Evil Here?

January 14th, 2010

At this point in time, you can’t take anything Google does face value. There are too many agendas and business interests, and since Google has long forsaken its “Do no Evil” motto, you might wanna hold the cheers for a while.

In a very detailed post, that has been quoted and referenced all over the net, Google announced that it considering shutting down its business in China. The reason? Seems that the Chinese government has hacked Google’s infrastructure, performed surveillance and stolen its intellectual property. More to the point – someone in the Chinese authorities has tried (and partially succeeded) to hack into Gmail accounts that belong to human rights activists, presumably to spy on them. According to Google, “Only two Gmail accounts appear to have been accessed, and that activity was limited to account information”.

As a response, Google are going to “review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all”.

So, in plain words – Google aren’t really yet shutting down its business in China, as some bloggers seem to think. It’s just considering the next step.

The question that we should be asking is: WHAT TOOK YOU SO LONG? Why does it take an attack on Google servers in order for Google to realize that censorship and disclosure of private information is a bad thing? Where was this sanctity before? Google has been cooperating with the Chinese government for years – where was the care for human rights for three years?

This looks less like a righteous move and more like a filthy little PR trick. While there’s not much to be said in favor of China and their barbaric behavior towards citizens, there are no compliments due here for Google, either. It’s doubtful that Google will cease operations in China. And if they do – there are probably other reasons for them to do that – definitely not the concern for human rights or privacy.