I found a pretty weird forum

[Dreams_Of_Cheese]

but it is Mr Mans turn to cook the dinner and I was here only for 1 day

[Ad Bot]

[Rigel]

this is getting creepier by the hour.

[Eden]

this is getting creepier by the hour.

Well, since the hour just changed 12 minutes ago, how about some names and a restaraunt?

[The Killer Cop #311]

more forumer names

[Rigel]

a thief bleeding out??

guys we might've stumbled onto a website more criminal than we thought. Someone found this website linked in the secret message of the first one, so keep looking for other websites in case this one gets shut down.

[Eden]

Just did some research on the people that were mentioned by no-name in my earlier post.

"Baigent Richard Leigh"
Googling this name brought up two people: Michael Baigent and Richard Leigh (obviously). These two apparently wrote The Holy Blood and the Holy Grail together in 1982. This book popularised the idea that the true object of the quest for the Holy Grail was to find secret descendants of Jesus and Mary Magdalene. Interestingly, Baigent was a Freemason, and was the editor of what seems to be a Freemasonry magazine titled Freemasonry Today in the early 2000s. Baigent died of a brain hemmorhage on June 17, 2013 at age 65.
Richard Leigh has less info about him on the internet, and he doesn't seem to have been a Freemason like Baigent was. Leigh died on November 21, 2007, at age 64.

"Madame Frances Erskine Inglis"
This woman seems to have been a writer born in Edinburgh in 1804. She lived in Mexico for a time and became famous for writing about her travels in Mexico from the perspective of a Western woman. In 1876, she was conferred the title of Marquise by King of Spain Alfonso XII. She died in 1882, in Madrid, Spain.
 
"Trbsee Restaurant"
Nothing relevant to the name of this restaurant showed up on the internet. I also got autocorrected by Google to 'Trübsee,' a mountain lake in central Switzerland, near the town of Engelberg. Restaurants near there include Restaurant Alpstübli, Restaurant Untertrübsee, and the Sporting Park Engelberg.

[Adrenaline]

This is the spookiest site I've ever seen.
pizza in the morning, pizza in the evening, pizza at suppertime
when pizza is on a bagel, you can eat pizza anytime

[The Killer Cop #311]

Someone on the nosleepOOC IRC answered some things.

I'm posting the chatlog, have a wall of text. I'm TheDarkLord. Ignore most of the other messages.

[ChanServ]
[#NosleepOOC] Welcome. Rules: 1. Keep conversation appropriate. 2. No spamming/scrolling. 3. We don’t like idlers, so talk! :)
manen_lyset
Goes from HUGE RAYS OF SUNLIGHT to storm-like clouds.
TheDarkLord
Heyo.
manen_lyset
Howdy
And then back to sunlight. I don't know what to make of it.
TheDarkLord
So, do you mind if I share something really odd I found (well, someone on a forum I went onto found)?
AMC
Sure
TheDarkLord
So, there's been a string of forums randomly appearing and disappearing on random sites.
And if you visit the site's regular page.
XylonEx
Hey Voldemort, you missed the last Death Eater meeting. Bellatrix did her ping-pong ball trick again.
TheDarkLord
It's the ordinary site it always was.
AMC
What sites
TheDarkLord
This is the forum, try not to download any attachments, they look sketchy: http://urngp.ru/log/index.php
Also, try highlighting some of the posts. There's hidden text.
XylonEx
I don't click .ru links.
and I suggest no one else does.
TheDarkLord
It's safe.
AMC
Why
TheDarkLord
I can tell because my antivirus hasn't picked up anything yet.
AMC
What's .ru
TheDarkLord
Just a russian website file extension.
manen_lyset
Maybe YOU'RE a virus trying to fool us, Darky.
TheDarkLord
Good argument.
But that's not what I'm doing.
But let me say something:
XylonEx
running a scan now
TheDarkLord
It's hidden on the site.
The actual site is just for some...plumbing?
Pipes?
I'm not sure.
manen_lyset
What is "It"?
TheDarkLord
http://urngp.ru/
The forum.
manen_lyset
Oh
TheDarkLord
It's not accessible through any form of the regular page.
Before it was on a site called persephonebooks.co.uk
manen_lyset
So some plumbers want a secret forum to discuss pipe sizes. What's wrong about that?
TheDarkLord
However it's gone now.
Like I said before, it's not that way
It appears to be bots posting random viruses/fake crack attachments, hence why I said "don't download the attachments"
If you do, though, at least do it on a VM.
cmd102
yeah.. not clicking that
I'm ridiculously paranoid about viruses.. not even taking a risk.
TheDarkLord
Trust me, if I didn't have a antivirus, I probably wouldn't go near it.
manen_lyset
I'm on a Mac right now, so I should be good, but I don't see the point in investigating.
XylonEx
norton, kapersky, and scanurl came back negative, but I checked it in VM and it was kinda sketchy
manen_lyset
So what's so weird about the forum? Why bring it up?
TheDarkLord
It has these hidden messages throughout posts.
Example:
"Like you. Find all threads started by jwor86 salt and freshly ground black pepper, then fold the foil together to get to the Beginner?s Guide to US Tax Multi-page thread 1 2 Design custom, mobile friendly, emails and newsletters using progressive enhancement. by JeannieW Go to last post Find all posts groaned by catFiona FS in ZurichBoard games, puzzles and demolition experts can ignite the most of the childrens book markets in Switzerland, Germany and the 2,300."
It seems like random gibberish, but some of these just kinda make me nervous.
Like the last part where it mentions demolition experts can ignite most childrens book markets.
XylonEx
probably SEO spam filler
TheDarkLord
SEO spam filler?
XylonEx
Search Engine Optimization spam.
Search terms injected into a page to boost search ratings.
TheDarkLord
Huh.
The weird thing is I don't get how it's moving from site to site
XylonEx
basically, they include random strings of text so search engines will rate the page relevant to search results
there is an entire underground market for SEO spam
TheDarkLord
There is?
SirAyme
It's hardly underground
manen_lyset
Huh, some of them go from french to english to french.
TheDarkLord
What, is it like basic Tor or something?
XylonEx
simple javascript redirection embeded via XSS on vulnerable sites.
TheDarkLord
http://forum.blockland.us/index.php?topic=280422
Here's the topic we're discussing it at.
XylonEx
You got to one site, but the link contains code that pulls up the forum in an iframe or div box
TheDarkLord
It does?
XylonEx
yep
TheDarkLord
Interesting...
manen_lyset
Hmmm
→ jenhaswords has joined
@JMFargo
Hi Jen, Dark, anyone I may have missed!
→ Jessa has joined
TheDarkLord
The strange thing is though
ⓘ ChanServ set mode +o Jessa
gonzobot
​ :'( 🎂
AMC
What up Jenhaswords
manen_lyset
Howdy!
@JMFargo
Jess, hey!
TheDarkLord
Heyo
jenhaswords
Hi everyone!!!
@Jessa
Heya!
AMC
Sup Jessa
manen_lyset
Is it your birthday and you'll cry if you want to?
XylonEx
FBI.gov used to be vulnerable to XSS. I used to send people to fbi.gov links that said in big bold letters, "Your IP has been logged as attempted to access child research."
@Jessa
No, Manen. That's supposed to be me crying into a cake at the gym.
XylonEx
so many butthurt newbs.
TheDarkLord
Wow haha
Anyways, as I was saying
manen_lyset
Oh. I was pretty close, though.
TheDarkLord
It's copying the names of people from the forum we're on
Literally exact duplicates of the names, and we don't know how they're retrieving them
XylonEx
Sounds like typical russian spammer tactics.
@Jessa
^^,
jenhaswords
Butthurt? What do y'all do to the newbs??
TheDarkLord
Nor why they're using our forums pecifically
cmd102
plot twist: it's xylonex doing it
XylonEx
I wouldn't worry abotu it.
manen_lyset
xD cmd.
XylonEx
sssh!
cmd102
we stuff things up their butts, Jen
without lube
jenhaswords
sadistic....without lube. I like it here
cmd102
thus making their butts hurt
XylonEx
A simple webcrawler could be modified to scrape the forum and add the data to the SQL tables holding the forum on the the copied site.
AMC
Pssr blood is the best lube
TheDarkLord
Wouldn't that require admin access though?
XylonEx
nope
TheDarkLord
Huh.
Well then.
XylonEx
just a basic user account to log in with, or a stolen session ID
@JMFargo
If you can see it, bots/viruses can see it.

In short, this is more than likely some dumb bots pulling search engines at random, and we're simply finding it as a coincidence with some posts.
There appears to be no mystery here, gang.

[SteveJenkins]

-snip-

Unless its already been explained somewhere else in this thread, why are they using our forum names?

still spook

[The Killer Cop #311]

Unless its already been explained somewhere else in this thread, why are they using our forum names?

still spook

Check the chat some more.
A web crawler more than likely scanned the SQL database for our usernames and then returned them over there.
Don't know why, but it doesn't matter that much.

[Honno]

Check the chat some more.
A web crawler more than likely scanned the SQL database for our usernames and then returned them over there.
Don't know why, but it doesn't matter that much.

lol... how would you think a web crawler would have access to this forums database? they simply crawled the forum itself, looking for certain pages with relevant usernames to add to its list.

[The Killer Cop #311]

Mixed it up. I meant it scanned the site then added the name to the OTHER forum's SQL tables. Sorry about that.

[Honno]

Mixed it up. I meant it scanned the site then added the name to the OTHER forum's SQL tables. Sorry about that.

haha its fine. But usually speaking, a spam web crawler probably has a template of main forum software, such as Simple Machines, PhpBB, myBB, etc.

With that in place, it just looks for certain pages that could hold all public member information, or even grab the usernames from "who's online" type of pages.

this would also require human work to make everything work properly.

[Redo]

In short, this is more than likely some dumb bots pulling search engines at random, and we're simply finding it as a coincidence with some posts.
There appears to be no mystery here, gang.

I thought we had established that already.

this would also require human work to make everything work properly.

You underestimate the intense dedication and cleverness of Russian net spammers.

[The Killer Cop #311]

This was on a co.uk domain a while ago.
We're not even sure if they are Russian, they probably just went onto that site.