勘違いちゃんの次は真性spamerの登場

 うーぬ、面倒くさい。しもブロの全ユーザ宛にspamメッセージを送信する馬鹿が登場した。昨日の夜からその対応にてんやわんやです。

 で、色々ログを見てたんだけど、こんな感じの流れだったみたい。全部曝したレ。

1. GoogleでSNSで検索した結果からご来訪

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:15:06:07 +0900] "GET / HTTP/1.1" 302 - "http://www.google.com/search?num=50&hl=ja&lr=lang_ja&safe=off&oe=Shift_JIS&q=sns&start=100&sa=N" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)"

2. 早速、新規登録! でも、時間がある程度経ってるね、人力でやってるんだろうね

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:15:13:23 +0900] "GET /?m=pc&a=page_o_public_invite HTTP/1.1" 200 3852 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)"

3. キャプチャも余裕ーでクリアー

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:15:13:24 +0900] "GET /cap.php?rand=60682470 HTTP/1.1" 200 4359 "http://sns.shimobro.com/?m=pc&a=page_o_public_invite" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:15:14:52 +0900] "POST / HTTP/1.1" 302 - "http://sns.shimobro.com/?m=pc&a=page_o_public_invite" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:15:14:53 +0900] "GET /?m=pc&a=page_o_public_invite_end HTTP/1.1" 200 2994 "http://sns.shimobro.com/?m=pc&a=page_o_public_invite" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)"

4. Yahoo!メールで認証おつけ。ついでなので、メルアドさらし、hardmintsmanner@yahoo.co.jp

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:14:36 +0900] "GET /?m=pc&a=page_o_ri&sid=eeaf3e90206a94214570d54d0b51806c HTTP/1.1" 200 15138 "http://jp.mg3.mail.yahoo.co.jp/ym/bouncer?hkrBouncer=1&url=http%3A//sns.shimobro.com/%3Fm%3Dpc%26a%3Dpage_o_ri%26sid%3Deeaf3e90206a94214570d54d0b51806c" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)"

5. 登録完了

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:15:14 +0900] "GET /?m=pc&a=page_o_regist_end&c_member_id=439 HTTP/1.1" 200 2996 "http://sns.shimobro.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)"

6. 活動開始、メンバー検索

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:17:40 +0900] "GET /?m=pc&a=page_h_search HTTP/1.1" 200 11368 "http://sns.shimobro.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:18:30 +0900] "GET /?m=pc&a=page_h_search_result&nickname=&birth_year=&birth_month=&birth_day=&profile%5Bsex%5D=0&profile%5Bblood_type%5D=0&profile%5Bpre_addr_pref%5D=0&profile%5Bold_addr_pref%5D=0&profile%5Bself_intro%5D= HTTP/1.1" 200 19430 "http://sns.shimobro.com/?m=pc&a=page_h_search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)"

7. まずはリスト収拾だぜ!

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:18:45 +0900] "GET /?m=pc&a=page_h_search_result&page=2& HTTP/1.1" 200 19551 "http://sns.shimobro.com/?m=pc&a=page_h_search_result&nickname=&birth_year=&birth_month=&birth_day=&profile%5Bsex%5D=0&profile%5Bblood_type%5D=0&profile%5Bpre_addr_pref%5D=0&profile%5Bold_addr_pref%5D=0&profile%5Bself_intro%5D=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:18:47 +0900] "GET /?m=pc&a=page_h_search_result&page=3& HTTP/1.1" 200 20133 "http://sns.shimobro.com/?m=pc&a=page_h_search_result&page=2&" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:18:49 +0900] "GET /?m=pc&a=page_h_search_result&page=4& HTTP/1.1" 200 19234 "http://sns.shimobro.com/?m=pc&a=page_h_search_result&page=3&" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:18:51 +0900] "GET /?m=pc&a=page_h_search_result&page=5& HTTP/1.1" 200 19798 "http://sns.shimobro.com/?m=pc&a=page_h_search_result&page=4&" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:18:52 +0900] "GET /?m=pc&a=page_h_search_result&page=6& HTTP/1.1" 200 19281 "http://sns.shimobro.com/?m=pc&a=page_h_search_result&page=5&" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:18:54 +0900] "GET /?m=pc&a=page_h_search_result&page=7& HTTP/1.1" 200 19468 "http://sns.shimobro.com/?m=pc&a=page_h_search_result&page=6&" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:18:56 +0900] "GET /?m=pc&a=page_h_search_result&page=8& HTTP/1.1" 200 19378 "http://sns.shimobro.com/?m=pc&a=page_h_search_result&page=7&" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:18:58 +0900] "GET /?m=pc&a=page_h_search_result&page=9& HTTP/1.1" 200 20503 "http://sns.shimobro.com/?m=pc&a=page_h_search_result&page=8&" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:19:00 +0900] "GET /?m=pc&a=page_h_search_result&page=10& HTTP/1.1" 200 19457 "http://sns.shimobro.com/?m=pc&a=page_h_search_result&page=9&" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:19:01 +0900] "GET /?m=pc&a=page_h_search_result&page=11& HTTP/1.1" 200 19643 "http://sns.shimobro.com/?m=pc&a=page_h_search_result&page=10&" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:19:03 +0900] "GET /?m=pc&a=page_h_search_result&page=12& HTTP/1.1" 200 19832 "http://sns.shimobro.com/?m=pc&a=page_h_search_result&page=11&" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:19:05 +0900] "GET /?m=pc&a=page_h_search_result&page=13& HTTP/1.1" 200 19379 "http://sns.shimobro.com/?m=pc&a=page_h_search_result&page=12&" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:19:06 +0900] "GET /?m=pc&a=page_h_search_result&page=14& HTTP/1.1" 200 20337 "http://sns.shimobro.com/?m=pc&a=page_h_search_result&page=13&" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:19:08 +0900] "GET /?m=pc&a=page_h_search_result&page=15& HTTP/1.1" 200 19623 "http://sns.shimobro.com/?m=pc&a=page_h_search_result&page=14&" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:19:10 +0900] "GET /?m=pc&a=page_h_search_result&page=16& HTTP/1.1" 200 19777 "http://sns.shimobro.com/?m=pc&a=page_h_search_result&page=15&" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:19:12 +0900] "GET /?m=pc&a=page_h_search_result&page=17& HTTP/1.1" 200 18796 "http://sns.shimobro.com/?m=pc&a=page_h_search_result&page=16&" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:19:13 +0900] "GET /?m=pc&a=page_h_search_result&page=18& HTTP/1.1" 200 20146 "http://sns.shimobro.com/?m=pc&a=page_h_search_result&page=17&" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:19:15 +0900] "GET /?m=pc&a=page_h_search_result&page=19& HTTP/1.1" 200 20019 "http://sns.shimobro.com/?m=pc&a=page_h_search_result&page=18&" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:19:17 +0900] "GET /?m=pc&a=page_h_search_result&page=20& HTTP/1.1" 200 19968 "http://sns.shimobro.com/?m=pc&a=page_h_search_result&page=19&" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:19:19 +0900] "GET /?m=pc&a=page_h_search_result&page=21& HTTP/1.1" 200 12656 "http://sns.shimobro.com/?m=pc&a=page_h_search_result&page=20&" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

8. 収拾完了、手始めに、なぜか自分の一つ前のIDの人に来訪

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:25:40 +0900] "GET /?m=pc&a=page_f_home&target_c_member_id=xxxx HTTP/1.1" 200 8299 "http://sns.shimobro.com/?m=pc&a=page_h_search_result&nickname=&birth_year=&birth_month=&birth_day=&profile%5Bsex%5D=0&profile%5Bblood_type%5D=0&profile%5Bpre_addr_pref%5D=0&profile%5Bold_addr_pref%5D=0&profile%5Bself_intro%5D=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)"

9. スパムメッセージ送信!

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:25:43 +0900] "GET /?m=pc&a=page_f_message_send&target_c_member_id=438 HTTP/1.1" 200 7740 "http://sns.shimobro.com/?m=pc&a=page_f_home&target_c_member_id=438" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:26:07 +0900] "GET / HTTP/1.1" 200 20385 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

10. ここからはたぶんスクリプトでスパム送信! 1→10→100→101→102って進んでるアタリがダメプログラマっぽい、まぁ、目的は達成できてるんだろうけど、、、

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:26:11 +0900] "GET /?m=pc&a=page_f_message_send&target_c_member_id=xxxx HTTP/1.1" 200 7723 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:26:12 +0900] "POST / HTTP/1.1" 200 7975 "http://sns.shimobro.com/?m=pc&a=page_f_message_send&target_c_member_id=xxxx" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:26:12 +0900] "GET /?m=pc&a=page_f_message_send&target_c_member_id=xxxx HTTP/1.1" 200 7742 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:26:14 +0900] "POST / HTTP/1.1" 200 7994 "http://sns.shimobro.com/?m=pc&a=page_f_message_send&target_c_member_id=xxxx" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:26:14 +0900] "GET /?m=pc&a=page_f_message_send&target_c_member_id=xxxx HTTP/1.1" 200 7752 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:26:16 +0900] "POST / HTTP/1.1" 200 8004 "http://sns.shimobro.com/?m=pc&a=page_f_message_send&target_c_member_id=xxxx" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:26:16 +0900] "GET /?m=pc&a=page_f_message_send&target_c_member_id=xxxx HTTP/1.1" 200 7749 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:26:18 +0900] "POST / HTTP/1.1" 200 8001 "http://sns.shimobro.com/?m=pc&a=page_f_message_send&target_c_member_id=xxxx" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:26:18 +0900] "GET /?m=pc&a=page_f_message_send&target_c_member_id=xxxx HTTP/1.1" 200 7744 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:26:20 +0900] "POST / HTTP/1.1" 200 7996 "http://sns.shimobro.com/?m=pc&a=page_f_message_send&target_c_member_id=xxxx" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

11. おまえ、自分にも送ってるやんけ

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:49:49 +0900] "GET /?m=pc&a=page_f_message_send&target_c_member_id=439 HTTP/1.1" 200 5642 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:21:49:51 +0900] "GET /?m=pc&a=page_f_message_send&target_c_member_id=44 HTTP/1.1" 200 7742 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

12. ミッションコンプリート

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:22:00:51 +0900] "GET / HTTP/1.1" 200 20413 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

217.63.44.61.ap.yournet.ne.jp - - [20/Jan/2009:22:00:54 +0900] "GET /?m=pc&a=page_h_reply_message&msg=1 HTTP/1.1" 200 5765 "http://sns.shimobro.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"

と言った流れですね。正直、もっと効率よくいけるはずだと思うんだけど、、、って、スパマーの添削をしてどうするんじゃい!(笑)

 これがメジャーな行為なのかどうか全くわからないんだけど、やってることは単純だね。そして、それを防ぐ仕組みがOpenPNEには実装されていない。まー、そもそも公開でSNSをやってるからにはいつ起きてもおかしくないんだけど、実際にやられると腹立つわぁー。

 で、とりあえずの対応だけどプロバイダには通報しておきました。プロバイダ、準備万端(笑)! いわゆる、迷惑メールとかじゃないから対応してくれないと思うけど。現行法下では、迷惑メールはNGなんだけど、単に迷惑メッセージをSNS内で送っても取り締まれないんだよねー。あー、ウチの会社が告発すればいいんだけど、馬鹿馬鹿しいしなぁ。後ほど、警視庁に相談予定。

 というわけで、OpenPNEに実装するのか、IDSみたいな奴で実装するかわからないけど、なんか対策を考えていく。ああ、招待制にしとけばいいんだけどね。