What happens when your outsourced Twitter bot goes nuts or gets hacked

Discussion in 'The Pub (Off topic discussion)' started by drmike, Feb 22, 2016.

  1. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    So I am taking more to Twitter lately.   I dislike Twitter, and intend on trying to do something more with it just cause so much data ends up there.


    Was looking at the list of Tweets on my daily toilet role and Colorado (allegedly) based VPB Hosting went off the rails today.  This is the problem with aggressive and often outsourced and automated campaigns.


    Something broke and now crazy Tweets are going out and quite a few:


    source: https://twitter.com/VPBHosting


    VPB Servers ‏@VPBHosting 4m4 minutes ago
    #JenniferLawrence nude photos http://linkis.com/www.instagram.com/JenniferLawrence/... snipped … via @instagram

    VPB Servers ‏@VPBHosting 39m39 minutes ago
    Gain 8391 Real Fo//owers https://cards.twitter.com/cards/000000018ce549secl/000000... snipped … @

    2:13 PM - 22 Feb 2016 · Details

    VPB Servers ‏@VPBHosting 5h5 hours ago
    Gain 8668 Real Fo//owers https://cards.twitter.com/cards/000000018ce549secl/ snipped … @

    9:34 AM - 22 Feb 2016 · Details

    VPB Servers ‏@VPBHosting 6h6 hours ago
    #JenniferLawrence nude photos http://linkis.com/www.instagram.com/JenniferLawrence/145616125 snipped … via @instagram
    0 retweets 0 likes




    Whole big mess pile of that crap today :)


    Careful out there dealing with automated 3rd party services and tools for fake maintaining your social.  Guys need to keep credentials on lock down and eyes on the output or ugly stuff like this happens.  I fully suspect some of the Tweets push to payloaded pages with infection elements.
     
  2. HBAndrei

    HBAndrei Active Member Verified Provider

    160
    59
    May 1, 2014
    Heh! I actually have a VPS from these folks (not for production)


    Although they constantly spam WHT and they're banned there, basically they're quite sketchy... so I'm not really surprised their twitter got hijacked... oh well.
     
    Last edited by a moderator: Feb 22, 2016
  3. VpsAG

    VpsAG New Member

    14
    5
    Aug 20, 2015
    Never trust 3rd party with your online reputation.
     
    RLT and drmike like this.
  4. DomainBop

    DomainBop Dormant VPSB Pathogen

    2,260
    2,190
    Oct 11, 2013
     Incorporation agent is in Colorado but the +86 phone number on their WHOIS reflects where their company's office is really located. VPB.com is their English language site.  Company also runs the Chinese language site GChao.com and is incorporated in Colorado as GChao LLC.  The US shell GChao LLC (and the Hong Kong shell company Guochao Group Limited)  is owned by the parent company Henan Gchao Electronic Commerce Co Ltd of Zhengzhou, Henan province, China. .  Multiple banned accounts on VPSB,  WHT, LET ( perhaps @jarland can give us a tally of the total number...must be dozens of bans by now) .  Biggest bunch of shilling comment spammers currently operating in the hosting industry (and the forum comment spammers are company employees operating directly from the company offices not outsourced help). (VPSB missed one of their spammers http://www.stopforumspam.com/ipcheck/104.243.129.2 )
     
    Last edited by a moderator: Feb 22, 2016
    RLT and drmike like this.
  5. HalfEatenPie

    HalfEatenPie The Irrational One Retired Staff

    2,890
    1,386
    Mar 25, 2013
    HalfEatenPie
    They've been spamming a ton of forums.  They're banned here on vpsB and I know @jarland's having a fun time dealing with them back on LEB/LET.  
     
    Last edited by a moderator: Apr 30, 2017
  6. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    Quite the info and find.  Mucho gracias amigo!


    Paging doctor @jarland , how many accounts and how bad have this group been?
     
    Last edited by a moderator: Apr 30, 2017
  7. GM2015

    GM2015 New Member

    26
    11
    Jan 8, 2016
    Quite a lot. I've flagged at least 3 to 5 of their accounts on lowendtalk over a few months.


    They were actually entertaining, admitting spamming and apologizing for it. Then getting banned again, and joining up a few days later.
     
    Last edited by a moderator: Apr 30, 2017
    RLT likes this.
  8. GM2015

    GM2015 New Member

    26
    11
    Jan 8, 2016
    It's more like they've bought a twitter bot and got crap settings. Just look at how many people they are following. Most people don't bother to massively follow others in that amount.


    They really deserve what they've got anyway.


    If you care, flag them for botting. Hopefully, twitter will take down their account. It's against their TOS. Twitter also took down the Debian's founder's twitter a/c after he died.


    Also, forgot to mention that BingAds also used a bot last time I was active on twitter. You could see them massively following any people who had some marketing theme or background on their profile. It was quite obvious what they were doing on your activity stream on twitterdeck.
     
    Last edited by a moderator: Feb 23, 2016
  9. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    Can you toss me any link over there that still remains with content? Time for me to get some eyes on these fools. :)
     
  10. GM2015

    GM2015 New Member

    26
    11
    Jan 8, 2016
    https://www.lowendtalk.com/discussion/comment/1389836/#Comment_1389836


    https://www.lowendtalk.com/discussion/comment/1389854/#Comment_1389854


    https://www.lowendtalk.com/discussion/comment/1363538/#Comment_1363538


    https://www.lowendtalk.com/discussion/70070/phoenixnap-welcomes-electric-mirror-and-glowhost


    Some links where vpb.com appears in google index from lowendtalk:


    https://www.google.ro/search?q=site%3Alowendtalk.com+%22vpb.com%22&btnG=C%C4%83uta%C8%9Bi&oe=utf-8&gws_rd=cr


    This is entertaining, someone ssh bruteforcing with gchao username. Warning, large html size:


    https://gist.github.com/thsutton/4536735


    Archive is still indexing this:


    http://archive.is/7bCdn


    edit:


    Best part is some time ago they had active BSA ads on lowendtalk while they kept spamming and getting banned on the forum at the same time. Colocrossing couldn't give a shit.
     
    Last edited by a moderator: Feb 23, 2016
    RLT and drmike like this.
  11. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    Licensecart likes this.
  12. jarland

    jarland The ocean is digital

    873
    562
    Apr 4, 2013
    It's no less than 30 at this point. They'll build up accounts for months and then rotate through them for a big blast, or so it seems. Accounts sitting around for a long time and suddenly here they go.
     
    Last edited by a moderator: Apr 30, 2017
  13. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    No sympathy for these clowns.  Enroll me in the needed army to combat their stupidity.
     
    jarland likes this.
  14. HBAndrei

    HBAndrei Active Member Verified Provider

    160
    59
    May 1, 2014
    Makes you think... if they had dedicated at least 2% of that time to manage their own damn twitter account, this thread may have never even existed.
     
    jarland likes this.