AppEngine ID: appid: aking-741 posting Spam to your Website?
Are you receiving Website spam from the Google App Engine? Are you seeing the Application ID of appid: aking-741. Do you know how to lookup and report this application on the Google Code Groups AppEngine as a Spammer?
Google Applications Engine aka googleappengine which you can read about here.
I spent about 1.5 hours looking over the issue reports and didn't find anything about "How to use Google App Engine to spam Websites with Pharma Spam."
Not that the applications are intended to do this and the use policy clearly states no spam we seem to have found an application spamming websites using the Google IP Block 18.104.22.168 - 22.214.171.124.
I'm not sure if the full range is for the Apps engine but the specific IP address we found and hundreds of others found is 126.96.36.199.
The Spam comes in from the Google App Engine according to the Useragent field that appears can not be spoofed if coming from the appengine servers IP.
mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1) appengine-google; ( http://code.google.com/appengine; appid: aking-741)
Currently I am not a group follower of the App Engine.
This post eventually will be posted in the Google Group AppEngine to see if there is a way to report unwanted spam postings like the one we have been receiving.
It would be troubling to see all the programmers work fail because more and more websites block the appengines IP ranges. We can't afford to allow applications to be used to spam websites. It costs money and time to clean up spam.
The Best Method to prevent Application spam is to block the source which in the long run if the site doesn't use these applications can save time and money by reducing website spam.
If any Google AppEngine developers happen to read this feel free to post how webmasters can identify and report abuse. From the UserAgent the appid: aking-741 is the only identifying mark. Is this something that can be spoofed or is this supplied by the Google Application Engine Server?
Post to Googles AppEngine Group Below. (I wanted to make sure I posted a copy here as well.)
Hi all, I have a few questions about how to report and notify your group of a application abusing websites.
On the 28th and 29th I saw an interesting useragent and a Google IP address listed in my banned IP connections due to website abuse.
Abuse Report Date: 7/28/2011 1:49:31 PM PSTIP: 188.8.131.52 Net Block: 184.108.40.206 - 220.127.116.11
Spam type: Pharmaceutical Link Spam Posted
UserAgent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1) appengine-google; (+http://code.google.com/appengine; appid: aking-741)
This application clearly ran from a Google AppEngine server and if the useragent appid can not be modify it would appear this is the offender (aking-741)
Q1: Can the appid be modified to show anothers application ID? Q2: Can the AppEngine group create some type of abuse reporting API? Q3: If IP addresses used by the AppEngine are banned by individual website owners will this have any effect on legitimate apps? Q4: Are the IP addresses for the AppEngine used only for the appengine group or are these servers shared with other Google projects? The main reason I'm asking your group is because I'm seeing more of the IP addresses in the block above listed in blacklists online. If the Applications are specific and having the IP banned does not effect valid applications then all is good in the world. If not, AppEngine, we may have a problem. Thanks for your time.
From the follow-up with AppEngine Developers it appears the site has been removed. Great work on policing the AppEngine.
But the issue is the same and Spam did post to websites and it was the Pharmaceutical Spam and Online Pharmacy Spam.
I've offered to monitor appid: from the useragent tied with the network block I have seen. But it would once again force me to manually post the abuse which after this post will not happen. (Today over 300 abuse IPs and 8,000 evidence files. Manually posting would take hours if not days.)
I've suggestion that the authors or abuse contact be setup so we can query the information. The same method used in your own site abuse contact.
The more we can automate the faster things can happen. If the Google AppEngine Group new some of their IP addresses were being banned by some very popular websites and placed into blacklists I'm sure they would be upset. On top of that only Google can request the IP addresses be removed. (Or another trusted source)
It's easier to fix this issue than to deal with it later. Setup a automated query for abuse contact. Allow automated reports to be filed via API post or something we can program into any web code.
Final Google Groups Entry. I'll have appID setup module later this week for those using the XCtM v1.9.
UPDATE: 8/18/2011 last post to the AppEngine group.
I know I can't label a group by one person but the group was offered the chance to learn.
Google AppEngine Discussion (Sort of, seems not to be of interest. I thought Money was every App developers interest.)
It will be interesting to see if a few of them use my hints on monitoring their apps for abuse. The only reason I even posted to the Google AppEngine group is because I appraciate good applications and hate to see a good app be labeled just because of a few million spam postings it produced.
That and the crying about Bandwidth Quota's being reached. You would think they would learn. Guess not..
I'm not going to make it a habit posting the Appid's since I have an App for Dat. (get it?)
Contents: (Lets say the spammer is most likely paid more than the app is worth.)