# What happens when your outsourced Twitter bot goes nuts or gets hacked



## drmike (Feb 22, 2016)

So I am taking more to Twitter lately.   I dislike Twitter, and intend on trying to do something more with it just cause so much data ends up there.


Was looking at the list of Tweets on my daily toilet role and Colorado (allegedly) based VPB Hosting went off the rails today.  This is the problem with aggressive and often outsourced and automated campaigns.


Something broke and now crazy Tweets are going out and quite a few:


source: https://twitter.com/VPBHosting


VPB Servers ‏@VPBHosting 4m4 minutes ago
#JenniferLawrence nude photos http://linkis.com/www.instagram.com/JenniferLawrence/... snipped … via @instagram

VPB Servers ‏@VPBHosting 39m39 minutes ago
Gain 8391 Real Fo//owers https://cards.twitter.com/cards/000000018ce549secl/000000... snipped … @

2:13 PM - 22 Feb 2016 · Details

VPB Servers ‏@VPBHosting 5h5 hours ago
Gain 8668 Real Fo//owers https://cards.twitter.com/cards/000000018ce549secl/ snipped … @

9:34 AM - 22 Feb 2016 · Details

VPB Servers ‏@VPBHosting 6h6 hours ago
#JenniferLawrence nude photos http://linkis.com/www.instagram.com/JenniferLawrence/145616125 snipped … via @instagram
0 retweets 0 likes




Whole big mess pile of that crap today 


Careful out there dealing with automated 3rd party services and tools for fake maintaining your social.  Guys need to keep credentials on lock down and eyes on the output or ugly stuff like this happens.  I fully suspect some of the Tweets push to payloaded pages with infection elements.


----------



## HBAndrei (Feb 22, 2016)

Heh! I actually have a VPS from these folks (not for production)


Although they constantly spam WHT and they're banned there, basically they're quite sketchy... so I'm not really surprised their twitter got hijacked... oh well.


----------



## VpsAG (Feb 22, 2016)

Never trust 3rd party with your online reputation.


----------



## DomainBop (Feb 22, 2016)

> Colorado (allegedly) based VPB Hosting



 Incorporation agent is in Colorado but the +86 phone number on their WHOIS reflects where their company's office is really located. VPB.com is their English language site.  Company also runs the Chinese language site GChao.com and is incorporated in Colorado as GChao LLC.  The US shell GChao LLC (and the Hong Kong shell company Guochao Group Limited)  is owned by the parent company Henan Gchao Electronic Commerce Co Ltd of Zhengzhou, Henan province, China. .  Multiple banned accounts on VPSB,  WHT, LET (_ perhaps @jarland can give us a tally of the total number...must be dozens of bans by now_) .  Biggest bunch of shilling comment spammers currently operating in the hosting industry (and the forum comment spammers are company employees operating directly from the company offices not outsourced help). (VPSB missed one of their spammers http://www.stopforumspam.com/ipcheck/104.243.129.2 )


----------



## HalfEatenPie (Feb 22, 2016)

They've been spamming a ton of forums.  They're banned here on vpsB and I know @jarland's having a fun time dealing with them back on LEB/LET.


----------



## drmike (Feb 22, 2016)

DomainBop said:


> Incorporation agent is in Colorado but the +86 phone number on their WHOIS reflects where their company's office is really located. VPB.com is their English language site.  Company also runs the Chinese language site GChao.com and is incorporated in Colorado as GChao LLC.  The US shell GChao LLC (and the Hong Kong shell company Guochao Group Limited)  is owned by the parent company Henan Gchao Electronic Commerce Co Ltd of Zhengzhou, Henan province, China. .  Multiple banned accounts on VPSB,  WHT, LET (_ perhaps @jarland can give us a tally of the total number...must be dozens of bans by now_) .  Biggest bunch of shilling comment spammers currently operating in the hosting industry (and the forum comment spammers are company employees operating directly from the company offices not outsourced help). (VPSB missed one of their spammers http://www.stopforumspam.com/ipcheck/104.243.129.2 )



Quite the info and find.  Mucho gracias amigo!


Paging doctor @jarland , how many accounts and how bad have this group been?


----------



## GM2015 (Feb 23, 2016)

drmike said:


> Quite the info and find.  Mucho gracias amigo!
> 
> 
> Paging doctor @jarland , how many accounts and how bad have this group been?



Quite a lot. I've flagged at least 3 to 5 of their accounts on lowendtalk over a few months.


They were actually entertaining, admitting spamming and apologizing for it. Then getting banned again, and joining up a few days later.


----------



## GM2015 (Feb 23, 2016)

drmike said:


> I fully suspect some of the Tweets push to payloaded pages with infection elements.



It's more like they've bought a twitter bot and got crap settings. Just look at how many people they are following. Most people don't bother to massively follow others in that amount.


They really deserve what they've got anyway.


If you care, flag them for botting. Hopefully, twitter will take down their account. It's against their TOS. Twitter also took down the Debian's founder's twitter a/c after he died.


Also, forgot to mention that BingAds also used a bot last time I was active on twitter. You could see them massively following any people who had some marketing theme or background on their profile. It was quite obvious what they were doing on your activity stream on twitterdeck.


----------



## drmike (Feb 23, 2016)

GM2015 said:


> Quite a lot. I've flagged at least 3 to 5 of their accounts on lowendtalk over a few months.
> 
> 
> They were actually entertaining, admitting spamming and apologizing for it. Then getting banned again, and joining up a few days later.



Can you toss me any link over there that still remains with content? Time for me to get some eyes on these fools.


----------



## GM2015 (Feb 23, 2016)

drmike said:


> Can you toss me any link over there that still remains with content? Time for me to get some eyes on these fools.



https://www.lowendtalk.com/discussion/comment/1389836/#Comment_1389836


https://www.lowendtalk.com/discussion/comment/1389854/#Comment_1389854


https://www.lowendtalk.com/discussion/comment/1363538/#Comment_1363538


https://www.lowendtalk.com/discussion/70070/phoenixnap-welcomes-electric-mirror-and-glowhost


Some links where vpb.com appears in google index from lowendtalk:


https://www.google.ro/search?q=site%3Alowendtalk.com+%22vpb.com%22&btnG=C%C4%83uta%C8%9Bi&oe=utf-8&gws_rd=cr


This is entertaining, someone ssh bruteforcing with gchao username. Warning, large html size:


https://gist.github.com/thsutton/4536735


Archive is still indexing this:


http://archive.is/7bCdn


edit:


Best part is some time ago they had active BSA ads on lowendtalk while they kept spamming and getting banned on the forum at the same time. Colocrossing couldn't give a shit.


----------



## drmike (Feb 23, 2016)

GM2015 said:


> https://www.lowendtalk.com/discussion/co....
> 
> 
> SNIP IT!



Hahaha, I haven't laughed so hard in a while.  This gchao / vpb  guy is a crap factory   Much appreciated.


----------



## jarland (Feb 23, 2016)

drmike said:


> Quite the info and find.  Mucho gracias amigo!
> 
> 
> Paging doctor @jarland , how many accounts and how bad have this group been?



It's no less than 30 at this point. They'll build up accounts for months and then rotate through them for a big blast, or so it seems. Accounts sitting around for a long time and suddenly here they go.


----------



## drmike (Feb 23, 2016)

jarland said:


> It's no less than 30 at this point. They'll build up accounts for months and then rotate through them for a big blast, or so it seems. Accounts sitting around for a long time and suddenly here they go.



No sympathy for these clowns.  Enroll me in the needed army to combat their stupidity.


----------



## HBAndrei (Feb 23, 2016)

jarland said:


> It's no less than 30 at this point. They'll build up accounts for months and then rotate through them for a big blast, or so it seems. Accounts sitting around for a long time and suddenly here they go.



Makes you think... if they had dedicated at least 2% of that time to manage their own damn twitter account, this thread may have never even existed.


----------

