InBoxRevenge KS Forum

Ahh, forgot to subscribe to the topic I posted to.
Thank you for the welcome.



Yes, and i've found it's hard to tell if you are reporting to an isp or the spammer that initiated the spam run. - I've found that [email protected]/gmail.com is a notorious spammer on the Naunet registry. - you can use nomina.ru to search alternate records of domains on the .ru TLD and find over 2000 records.

Having said that, I think spamcop is a useful statistical tool, helps to understand where the spam is coming from/hosted from, and is complementary to knujon/coldrain


No, but I've found it useful to refer registrars/whois privacy provider and hosts to it for proof of spam problems
I'm definitely going to sign up to it.




Thanks,

I'm using knujon, robtex, nomina.ru ,serversiders, alexa/ page rank,textmechanic, pastebin, aboutus.org, whocallsme,legitscript, twitter and the ftc complaint wizard so far.

I've found the biggest barrier to taking down sites is whois privacy sites, but I've had some limited success following dan balsam's advice on notifiying whois proxies of their responsibilties, but domainproxy is now stating that they will only respond to a properly served subpoena with fees charged per hour for research into their clients.

My workflow is normally knujon, spamcop, robtex to find ip and other spam websites with same ip or nameservers, list these on aboutus.org website. under ip (ie aboutus.org/1.2.3.4 )

If I find a familar Ip address I'll start to search for .com domains that are nameservers or websites, using text mechanic to process info found on robtex for an ip. Once i've got a list of all the TLD (.com, .net,) that i can report using the wdprs, i'll use the bulkwhois on domain tools to check the status of the websites, feed the active ones into a alexa/google pagerank checker, and report the most popular ones and the nameservers as well (even if they are on hold, as they can still be active in this status).

That's generally my regular reporting activity, although I tend to not be this thorough all the time, mostly when I've found large surges or spikes of spam activity.



Thanks, I'll have to start using the WOT forums as well, quite a useful service.

I'm new. I despise spammers. I want to do all I can to help see their existence is relegated to living in kind of filth they help propogate

Here is a new spammer site from a Russian sleaze bucket

digitalyellowriver.com

He tries to mask it as digitalyellowriver.com.ua

He is the same arse that rotates pirate software loaded with worms, fake diplomas, pills that likely have rat poison in them, and phony dating sites. All he wants is to steal credit cards. Eliminating this vermin from the face of the earth is a worthy goal. Please feel free to join me

Welcome. Here is how you can handle problems like that.

A whois lookup shows:
Domain Name: DIGITALYELLOWRIVER.COM
Registrar: CENTER OF UKRAINIAN INTERNET NAMES
Whois Server: whois.ukrnames.com
Referral URL: http://www.ukrnames.com
Name Server: No nameserver
Status: clientHold
Updated Date: 02-aug-2011
Creation Date: 01-aug-2010
Its reputation is covered at http://www.mywot.com/en/scorecard/digit ... wriver.com
The registrar in the Ukraine has acted on complaints and suspended that one.

Next, a whois lookup on DIGITALYELLOWRIVER.COM.UA
domain: digitalyellowriver.com.ua
admin-c: FF206-UANIC
tech-c: FF207-UANIC
status: OK-UNTIL 20120822073531
dom-public: NO
nserver: ns1.dnsnew222.ru
nserver: ns2.dnsnew222.ru
nserver: ns3.dnsnew222.ru
mnt-by: UARR81-UANIC (ua.ukrnames)
remark:
created: 0-UANIC 20110822073531
changed: UARR81-UANIC 20110822073531
source: UANIC


% Administrative Contact:
% ======================
nic-handle: FF206-UANIC
remark: Whois privacy protection service
remark: http://hostmaster.ua/priv.html
e-mail: [email protected]
mnt-by: NONE
source: UANIC

% Technical Contact:
% =================
nic-handle: FF207-UANIC
remark: Whois privacy protection service
remark: http://hostmaster.ua/priv.html
e-mail: [email protected]
mnt-by: NONE
source: UANIC

Using the tool at complainterator.com, I generated the template and added a bit more:

Welcome, teknoman!

Hi. I've been a programmer (in fact I'm a full systems programmer) and IT professional for over 30 years. I've been haunting the internet since 1995 and online bulletin boards even earlier than that. Over the past 10 years I've been doing what I can, when I can, to combat spam and related activities.

Even though I'm usually more savvy than most I've been the victim of a joe-jobs. Most recently a mistyped URL-base, phishing scam looking to harvest new email addresses. I erred in providing my personal contact address for my business. Of course the usual suspects were involved, Directi and Privacy Protect. Well, I managed to find real registration somehow and when I checked the information it was fake. They had a U.S. based registrar. I reported it. The registrar simply said that did not host the site and could do nothing about it. This despite the fact that they had in their company policies about this very thing. And, yes, I provided evidence.

I also own, moderate, and program my own copy of this very software used here. I've developed new anti-spam measures for it for those who are interested. PM me. You have to have a legitimate phpBB3 site for me to provide the details.

I will also be willing to host this board if needed in the future. I have the space and the bandwidth.

Welcome!



Actually, Directi probably would have been better. They got a bad reputation because EST Domains was using their privacy protection, and they actually took over as registrar for EST Domains' domains when it lost its accreditation. They're pretty aggressive at weeding out domains that are detrimental to their own reputation now. We usually find they shut down abusive domains within hours after we report them.



I'm not the one involved in the hardware/software issues here, but I'm sure I'm not out of line saying that your offer is much appreciated. Our current host, Servint, has been wonderful, promptly responding to problems and backing us up during DDoS's, so we're good with hosting. But if you have special insight into how PHPBB3 works, and how it might be compromised, that is very helpful. We were hacked a few years ago, and as you may have noticed, we've shut off some of the basic features of the forum for safety (no uploadable avatars, for instance).

It sounds a bit odd out of context, but: Welcome aboard, Basketcase.



SiL

Another basket case would never seem out of place on this forum

Hi,

I'm new too.

I have an email address for a legit website I run. For three years it was spam free as I published it with 'Replace [and] with @' which seemed to work perfectly well.

Then someone asked me to join Linkdin and I used this email (I know... MISTAKE). Within 24 hours I was getting Pharmacy Express spam

The viagra garbage now exceeds the legitimate emails by 20:1 and is growing daily. As you will know the Pharmacy Express stuff is spoofed/aliased/disguised and whatever to get around any spam protection. Seems my only option is to abandon my email address. This is a major pain , as after three years use there are many people out there who might want to contact me on it.

This makes me... MAD.

So... rather than just roll over and take it - I'd like to do something, anything, to kick back at the spammers.

Welcome!

It's hard to know if the LinkedIn made a difference. Email harvesters are pretty persistent. I'm sure they find ways to hire impoverished people in developing nations to find your email address, the same way they use them to solve CAPTCHAs.

I notice my site, which has a contact form and does not display the email address, will get spammy comments in pairs, with the first one always blank and the second one nonsense. I assume the purpose is to first try to harvest an email address, and failing that, to confirm that the message doesn't bounce. They can then collect a list of active web site contact forms for spamming. The main actual comment spam I get is those slimy SEO spammers, and I just report their gmail accounts for abuse.

I'm new too...do I get an ice cream? (nod to the two boys in the Ally Bank commercial -- HAHA!)

Anyway, I hope to be productive if I can get my hands on the Complainterator.

I just had my first spamvertised website shut down today (TrustedSSurveys.com) which was being redirected from another website (WorkFor375.com).

From this experience, I learned some lessons about how to do a better job on this stuff. If you want to be more efficient, go after the end website that the spamvertised website links to because the spamvertised website may be a 'sacrificial' website not redirecting to the main website. TrustedSurveys.com in this case was the main website I was not successful in shutting down (so far anyway). Too bad I didn't get them taken down first - would have been a sweeter victory. It will probably be difficult now to prove the connection to the spam I got which advertised the WorkFor375.com URI.

Welcome.



Nice work.

Hi. I run an anti-spam blacklist at http://dnsbl.invaluement.com/

which is used by...

(1) One of the major anti-spam appliance vendors (not allowed to mention who)

(2) Cox Communications, which actually outright blocks spam based on our data, even when nothing else is suggestion that the sender is a spammer

(3) Others who use our data include Nortel Networks (Chris Lewis set that up when he was there), and Opera Software's ISP called FastMail. (...and hundreds of others...)

ALSO:

(4) For many years in the mid-to-late 2000s, I was very active as a
volunteer for SURBL (and still help them on occasion--I actually still
have authority to add/remove domains from SURBL "at will" and
instantly--only about 10 people in the entire world can do that!)

(5) While we don't use Spam Assassin as our main spam filtering
software, I've been very involved in their discussion forum over the years.

You can verify some of this by doing a search on the following:

"Rob McEwen" SURBL

"Rob McEwen" SpamAssassin

I found your forum as I was doing some research was intrigued by the quality of the content here.

Welcome!

Welcome!