Blog Spam: NewsGator Hacked ? (Bug in Spam Software)

Recently I'm getting reports on my site of spammy attempts to make GET/POST requests to the page called:

/ngs/siwin.aspx

All requests come from various IP addresses and various user-agents. All of them end with 404 - Page Not Found, since I really don't have such file. At first I thought that some spam software has bug in attempting to figure out the blog engine and post comment page url. Googling does not seem to help.

But recently after some investigation I realized that newsgator has such url structure and somehow is related to it. I'm subscribed to newsgator but don't use it too much...

So, I think: it is either a bug in newsgator or some doorway hacked and used by blog spammers.

Interesting, what people behind newsgator think about this.

P.S. : I think it is spam because these requests usually come in bulks (tens of them at once)...

Update: seems like some spam software checked for keywords in the content of the site to find out what blogging software is used in order to use the right protocol posting. Seems like newsgator subscribe button caused this - spam software mistakenly supposed that "subedit" blogging tool used (if I'm correct ?). And tries to post comments to the according comment page. As soon as I removed newsgator's subscribe button I stopped getting these error messages.

Related Posts:

• Antispam: WebaltBot = Dirty Spammer
• Thoughts on Comment Spam
• Human Comment Spammers (Distraught Visitors)
• Anti Trackback Spam Patch
• Anti Referral Spam Patch
• x2line Antispam Updates - Implementing nofollow
• Starting to Fight Comment Spammers. Initial Black List
• Dealing with Referral Spam
• Improvement to HIP CAPTCHA control for Blog Engines
• Fighting Comment Spam with CAPTCHA

Interesting. Can you send over to me (http://www.rassoc.com/gregr/weblog/contact.aspx) the referrers and user-agents you're seeing for those requests?

Greg: I've send it to you. Thanks