amuck-landowner

What happens when your outsourced Twitter bot goes nuts or gets hacked

drmike

100% Tier-1 Gogent
So I am taking more to Twitter lately.   I dislike Twitter, and intend on trying to do something more with it just cause so much data ends up there.


Was looking at the list of Tweets on my daily toilet role and Colorado (allegedly) based VPB Hosting went off the rails today.  This is the problem with aggressive and often outsourced and automated campaigns.


Something broke and now crazy Tweets are going out and quite a few:


source: https://twitter.com/VPBHosting


VPB Servers ‏@VPBHosting 4m4 minutes ago
#JenniferLawrence nude photos http://linkis.com/www.instagram.com/JenniferLawrence/... snipped … via @instagram

VPB Servers ‏@VPBHosting 39m39 minutes ago
Gain 8391 Real Fo//owers https://cards.twitter.com/cards/000000018ce549secl/000000... snipped … @

2:13 PM - 22 Feb 2016 · Details

VPB Servers ‏@VPBHosting 5h5 hours ago
Gain 8668 Real Fo//owers https://cards.twitter.com/cards/000000018ce549secl/ snipped … @

9:34 AM - 22 Feb 2016 · Details

VPB Servers ‏@VPBHosting 6h6 hours ago
#JenniferLawrence nude photos http://linkis.com/www.instagram.com/JenniferLawrence/145616125 snipped … via @instagram
0 retweets 0 likes




Whole big mess pile of that crap today :)


Careful out there dealing with automated 3rd party services and tools for fake maintaining your social.  Guys need to keep credentials on lock down and eyes on the output or ugly stuff like this happens.  I fully suspect some of the Tweets push to payloaded pages with infection elements.
 

HBAndrei

Active Member
Verified Provider
Heh! I actually have a VPS from these folks (not for production)


Although they constantly spam WHT and they're banned there, basically they're quite sketchy... so I'm not really surprised their twitter got hijacked... oh well.
 
Last edited by a moderator:

DomainBop

Dormant VPSB Pathogen
Colorado (allegedly) based VPB Hosting

 Incorporation agent is in Colorado but the +86 phone number on their WHOIS reflects where their company's office is really located. VPB.com is their English language site.  Company also runs the Chinese language site GChao.com and is incorporated in Colorado as GChao LLC.  The US shell GChao LLC (and the Hong Kong shell company Guochao Group Limited)  is owned by the parent company Henan Gchao Electronic Commerce Co Ltd of Zhengzhou, Henan province, China. .  Multiple banned accounts on VPSB,  WHT, LET ( perhaps @jarland can give us a tally of the total number...must be dozens of bans by now) .  Biggest bunch of shilling comment spammers currently operating in the hosting industry (and the forum comment spammers are company employees operating directly from the company offices not outsourced help). (VPSB missed one of their spammers http://www.stopforumspam.com/ipcheck/104.243.129.2 )
 
Last edited by a moderator:

HalfEatenPie

The Irrational One
Retired Staff
They've been spamming a ton of forums.  They're banned here on vpsB and I know @jarland's having a fun time dealing with them back on LEB/LET.  
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
 Incorporation agent is in Colorado but the +86 phone number on their WHOIS reflects where their company's office is really located. VPB.com is their English language site.  Company also runs the Chinese language site GChao.com and is incorporated in Colorado as GChao LLC.  The US shell GChao LLC (and the Hong Kong shell company Guochao Group Limited)  is owned by the parent company Henan Gchao Electronic Commerce Co Ltd of Zhengzhou, Henan province, China. .  Multiple banned accounts on VPSB,  WHT, LET ( perhaps @jarland can give us a tally of the total number...must be dozens of bans by now) .  Biggest bunch of shilling comment spammers currently operating in the hosting industry (and the forum comment spammers are company employees operating directly from the company offices not outsourced help). (VPSB missed one of their spammers http://www.stopforumspam.com/ipcheck/104.243.129.2 )

Quite the info and find.  Mucho gracias amigo!


Paging doctor @jarland , how many accounts and how bad have this group been?
 
Last edited by a moderator:

GM2015

New Member
Quite the info and find.  Mucho gracias amigo!


Paging doctor @jarland , how many accounts and how bad have this group been?

Quite a lot. I've flagged at least 3 to 5 of their accounts on lowendtalk over a few months.


They were actually entertaining, admitting spamming and apologizing for it. Then getting banned again, and joining up a few days later.
 
Last edited by a moderator:
  • Like
Reactions: RLT

GM2015

New Member
  I fully suspect some of the Tweets push to payloaded pages with infection elements.

It's more like they've bought a twitter bot and got crap settings. Just look at how many people they are following. Most people don't bother to massively follow others in that amount.


They really deserve what they've got anyway.


If you care, flag them for botting. Hopefully, twitter will take down their account. It's against their TOS. Twitter also took down the Debian's founder's twitter a/c after he died.


Also, forgot to mention that BingAds also used a bot last time I was active on twitter. You could see them massively following any people who had some marketing theme or background on their profile. It was quite obvious what they were doing on your activity stream on twitterdeck.
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
Quite a lot. I've flagged at least 3 to 5 of their accounts on lowendtalk over a few months.


They were actually entertaining, admitting spamming and apologizing for it. Then getting banned again, and joining up a few days later.

Can you toss me any link over there that still remains with content? Time for me to get some eyes on these fools. :)
 

GM2015

New Member
Can you toss me any link over there that still remains with content? Time for me to get some eyes on these fools. :)

https://www.lowendtalk.com/discussion/comment/1389836/#Comment_1389836


https://www.lowendtalk.com/discussion/comment/1389854/#Comment_1389854


https://www.lowendtalk.com/discussion/comment/1363538/#Comment_1363538


https://www.lowendtalk.com/discussion/70070/phoenixnap-welcomes-electric-mirror-and-glowhost


Some links where vpb.com appears in google index from lowendtalk:


https://www.google.ro/search?q=site%3Alowendtalk.com+%22vpb.com%22&btnG=C%C4%83uta%C8%9Bi&oe=utf-8&gws_rd=cr


This is entertaining, someone ssh bruteforcing with gchao username. Warning, large html size:


https://gist.github.com/thsutton/4536735


Archive is still indexing this:


http://archive.is/7bCdn


edit:


Best part is some time ago they had active BSA ads on lowendtalk while they kept spamming and getting banned on the forum at the same time. Colocrossing couldn't give a shit.
 
Last edited by a moderator:

jarland

The ocean is digital
Quite the info and find.  Mucho gracias amigo!


Paging doctor @jarland , how many accounts and how bad have this group been?

It's no less than 30 at this point. They'll build up accounts for months and then rotate through them for a big blast, or so it seems. Accounts sitting around for a long time and suddenly here they go.
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
It's no less than 30 at this point. They'll build up accounts for months and then rotate through them for a big blast, or so it seems. Accounts sitting around for a long time and suddenly here they go.

No sympathy for these clowns.  Enroll me in the needed army to combat their stupidity.
 

HBAndrei

Active Member
Verified Provider
It's no less than 30 at this point. They'll build up accounts for months and then rotate through them for a big blast, or so it seems. Accounts sitting around for a long time and suddenly here they go.

Makes you think... if they had dedicated at least 2% of that time to manage their own damn twitter account, this thread may have never even existed.
 
Top
amuck-landowner