Jump to content

All Activity

This stream auto-updates     

  1. Today
  2. Yesterday
  3. Wish spamcop pointyheads would get a working Captcha this is ridiculous!
  4. For what you're doing right now, that is all you can fined out about the "visitor"
  5. petzl

    ISP has indicated spam will cease

    Anyone can disable SpamCop Block List including spammers by simply going there! Once done SpamCop will not report and give the "ISP has indicated spam will cease" message you then have to report from the email source where it arrived.
  6. I like that better, nothing is missed, and concise. Any other information or arrays which might be useful to dump when trying to gather information about a slew of unwanted connections? I'm not a PHP expert. I'm thinking for now I'll just write a simple log file with CSV type records of "try-again" attempts which I probably won't look at until the system is experiencing some kind of problem.
  7. Ah ha. I found out why I do not have any 163.com spam. Apparently they are being blocked at my border. They are either not using a proper HELO, or are apparently spoofing the 163.com domain. It would appear that whomever is trying this is not inline with the SPF 163.com policy. Probably means that it is not 163.com that is spamming, but some other scammer who is abusing it. In any case, it seems to be blocking any of the stuff from reaching my inbox. 2016-12-07 03:33:34 H=(XL-20141217AHYY) [119.141.25.44] F=<ydhknr[at]x.net> rejected RCPT <jijing667[at]163.com>: HELO should be Fully Qualified Domain Name. Please contact your ISP. 2016-12-07 03:33:35 H=(XL-20141217AHYY) [119.141.25.44] F=<ydhknr[at]x.net> rejected RCPT <jijing667[at]163.com>: HELO should be Fully Qualified Domain Name. Please contact your ISP. .... 2018-10-16 08:13:39 H=(163.com) [58.248.4.136] F=<top_textile[at]163.com> rejected RCPT <x[at]x.com>: SPF check failed. 2018-10-16 08:13:39 H=(163.com) [58.248.4.136] F=<top_textile[at]163.com> rejected RCPT <x[at]x.net>: SPF check failed.
  8. If you just do <?php foreach($_SERVER as $key => $value) { echo "$key => $value<BR>"; } ?> Then you will get any values in the $_SERVER array that you may not know the name of, for example
  9. Last week
  10. So far, the Sesame Street approach has blocked all spam type contacts. This scri_pt shows me some of what can be collected if spam escalates (possible next steps): <?php $indicesServer = array('PHP_SELF', 'argv', 'argc', 'GATEWAY_INTERFACE', 'SERVER_ADDR', 'SERVER_NAME', 'SERVER_SOFTWARE', 'SERVER_PROTOCOL', 'REQUEST_METHOD', 'REQUEST_TIME', 'REQUEST_TIME_FLOAT', 'QUERY_STRING', 'DOCUMENT_ROOT', 'HTTP_ACCEPT', 'HTTP_ACCEPT_CHARSET', 'HTTP_ACCEPT_ENCODING', 'HTTP_ACCEPT_LANGUAGE', 'HTTP_CONNECTION', 'HTTP_HOST', 'HTTP_REFERER', 'HTTP_USER_AGENT', 'HTTPS', 'REMOTE_ADDR', 'REMOTE_HOST', 'REMOTE_PORT', 'REMOTE_USER', 'REDIRECT_REMOTE_USER', 'SCRIPT_FILENAME', 'SERVER_ADMIN', 'SERVER_PORT', 'SERVER_SIGNATURE', 'PATH_TRANSLATED', 'SCRIPT_NAME', 'REQUEST_URI', 'PHP_AUTH_DIGEST', 'PHP_AUTH_USER', 'PHP_AUTH_PW', 'AUTH_TYPE', 'PATH_INFO', 'ORIG_PATH_INFO') ; echo '<table cellpadding="10">' ; foreach ($indicesServer as $arg) { if (isset($_SERVER[$arg])) { echo '<tr><td>'.$arg.'</td><td>' . $_SERVER[$arg] . '</td></tr>' ; } else { echo '<tr><td>'.$arg.'</td><td>-</td></tr>' ; } } echo '</table>' ; /* That will give you the result of each variable like (if the file is server_indices.php at th e root and Apache Web directory is in E:\web) : PHP_SELF /server_indices.php argv - argc - GATEWAY_INTERFACE CGI/1.1 SERVER_ADDR 127.0.0.1 SERVER_NAME localhost SERVER_SOFTWARE Apache/2.2.22 (Win64) PHP/5.3.13 SERVER_PROTOCOL HTTP/1.1 REQUEST_METHOD GET REQUEST_TIME 1361542579 REQUEST_TIME_FLOAT - QUERY_STRING DOCUMENT_ROOT E:/web/ HTTP_ACCEPT text/html,application/xhtml+xml,application/xml;q=0.9,* / *;q=0.8 HTTP_ACCEPT_CHARSET ISO-8859-1,utf-8;q=0.7,*;q=0.3 HTTP_ACCEPT_ENCODING gzip,deflate,sdch HTTP_ACCEPT_LANGUAGE fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4 HTTP_CONNECTION keep-alive HTTP_HOST localhost HTTP_REFERER http://localhost/ HTTP_USER_AGENT Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko ) Chrome/24.0.1312.57 Safari/537.17 HTTPS - REMOTE_ADDR 127.0.0.1 REMOTE_HOST - REMOTE_PORT 65037 REMOTE_USER - REDIRECT_REMOTE_USER - SCRIPT_FILENAME E:/web/server_indices.php SERVER_ADMIN myemail@personal.us SERVER_PORT 80 SERVER_SIGNATURE PATH_TRANSLATED - SCRIPT_NAME /server_indices.php REQUEST_URI /server_indices.php PHP_AUTH_DIGEST - PHP_AUTH_USER - PHP_AUTH_PW - AUTH_TYPE - PATH_INFO - ORIG_PATH_INFO - */ ?>
  11. gnarlymarley

    ISP has indicated spam will cease

    Reports will start going back to the administrator after some time if it keeps happening from that specific IP. I think the delay is either six or four hours. Like Lking had mentioned, it is something that was put into place to allow the administrators time to hunt down and correct the problem so they are not continuously spending time on new reports. Now if it is something glaringly still a problem, the deputies can reset that variable so that the report can go through again, but they will want to see the tracking URL. From what I have seen in the past, most administrators are able to get it all fixed within about a half hour, if not an hour.
  12. Lking

    ISP has indicated spam will cease

    A Tracking URL would help. It has been quite a while sense I have seen this. As I remember if spam continue to come from a given IP, after the ISP has been given an opportunity to correct the problem, SpamCop will again accept spam and add the IP to the SCBL.
  13. MyNameHere

    Spamcop doesn't parse the spam links

    Hmmm... in most cases, the first Received line is just the first line, right? Thanks!
  14. MyNameHere

    Spamcop doesn't parse the spam links

    Hmmm... in most cases, the first Received line is just the first line, right? That does seem to work. Interesting. Thanks!
  15. Many times when reported a spam is rejected by the reason of "ISP has indicated spam will cease... " Because it continues receiving spam from IPS where have indicated as "will cease". Will Spamcop change this action?? no sense if still receiving spam.
  16. A bot looks at the html not the screen so it 'sees' what style or CSS would hide. Hope the question approach works for you.
  17. Couldn't get "display:none" to work as "Forms" kept filling out the blank, even when hidden. So went with a "Sesame Street" question, which doesn't get filled in by "Forms", and that works. Thanks Lking.
  18. I suspect that something similar to what others have reported for Gmail is happening. The workaround I generally use is similar to the Gmail workaround, commenting out the first Received line encountered as you scroll down the message source.
  19. Timely, I'm looking at this in between other time sensitive tasks.
  20. Another quick add to the form would be a site unique simple question or a Sesame Street type question (things that are not Google-able) for example: Which one doesn't belong? Orange, Grape, Apple? With a set of 3 or 4 random questions, with different answers it slows down the bots. It is also quick to implement and change the questions. It is all an arms race.
  21. MyNameHere

    Spamcop doesn't parse the spam links

    Okay, so the proper procedure for Hotmail and other Micro$oft accounts is to uncheck the report about the sending address and just report any spamvertised links? Or would it be better to flood Micro$oft with as many spam reports as possible? Maybe with a note saying what the problem is? Also, since this seems to be a universal problem, wouldn't it be a good idea to add it to the MailHosts and Reporting forums' pinned info? (I didn't see it on either one, but I didn't look carefully, either, he said sheepishly.)
  22. Lking, thank you for your insight into how SpamCop will process the message. petzl, You're right, I'll investigate Captcha next. The "invisible field" and "Invisible reCAPTCHA" options are looking especially attractive (no Google dependency for the first, no human interaction for either). Thanks. With this information I have two choices: Install Capcha. Since I'd rather not lose clients, I'll try to install a Captcha mechanism. Remove the Contact form from my site. I think in the last decade I've only had one actual client use my contact form, mostly because he said he could remember my site, but not my email address. I considered how to modify my contact page to collect and report additional information, like IP information, but then I'd also have to figure out how to tie this into SpamCop's RBL system. I think there are only 2 realistic choices, though I may add code to record connecting IP information as this might be a simple change. Maybe at a later date I can figure out how to tie this IP information into iptables for blocking. I can't let this distract me for too long, so option #2 is still on the table. Thanks guys!
  23. I would like to propose a change in SpamCop's handling of cloudflare links. 1. when looking up the whois for the domain, or test the link, do not use the full path, only use the domain name, as a visitor trigger trap causes more spam to be sent as soon as the report is performed. I munged for that purpose every link in my "cloudflare" spams: https://www.spamcop.net/sc?id=z6493410150za18869ba12b686fd60a88c35e34dc44ez https://www.spamcop.net/sc?id=z6493410187zb583dc5e2b40660c7a81ed43e718e3aaz https://www.spamcop.net/sc?id=z6493340629z49245d803153055044b14f0dc24f00a3z https://www.spamcop.net/sc?id=z6493340613z69f628f405e36a4d6fbdf4e2014ffe58z and so on and so forth. it would be grand if SpamCop could do this automagically.
  24. lately, I have to manually alter every cloudflare spammer link. I noticed a few weeks ago, that whenever I reporte cloudflare spam (I call it cloudflare spam because the links are hosted by cloudflare, and the spammer spoofs an inactive IP range -- currently CCAMATIL ( 167.103.249.nnn ) -- and seems to be getting away with it) a few seconds later, fresh spam from, you guessed it, cloudflare fills my inbox. So, whenever SpamCop analyzes the links (just touches them), the spam gets triggered. Now I munge the ID number and alter it verbally as: e.g. http://airlinedo.com/?--ID-number-5-(munged) where the 5 in this example is the last of 13 digits https://www.spamcop.net/sc?id=z6493410150za18869ba12b686fd60a88c35e34dc44ez or http://checkshownontv.com/?--ID-number-8-(munged) in this case it's 8 ... https://www.spamcop.net/sc?id=z6493410187zb583dc5e2b40660c7a81ed43e718e3aaz it would be nice if SC could refrain from using the full path so that the visitor trap doesn't get triggered And yeah, the originating IP address is also a problem as there is no real owner for the range, even though indirectly it belongs to the Australian branch (Amatil) of Coca-Cola. APNIC told me that someone is spoofing those IP ranges.
  25. you need to install a "Captcha" it is a bot filling out your form https://www.whoishostingthis.com/resources/captcha/
  26. The short answer is no. The email you are receiving from the Contact form on your website/domain will appear to come from your system NOT from the mailert.ru, in your example above. You can see this by looking at the header of the received email, depending on the email application you are using. For example in thunderbird, when looking at the email if you press <crtl> U you will see how the email was delivered. If you follow the path from the top down you should see that the IP address is the same as your domain or you host. In reality these are emails you are sending to yourself.
  27. Problem: I'm starting to get 3-5 spam contacts/day through my Contact Form, and this appears to be escalating quickly. So far I've been careful not to report these to SpamCop. But what if I did? Would SpamCop process these in a sane way, or if not (best case) ignore the report, or (worst case) block my own domain? Here is an example of what I see: ==================================== Return-Path: <www-data@myDomain.net> X-Original-To: me@myDomain.net Delivered-To: me@myDomain.net Received: by myMachine.home (Postfix, from userid 33) id D004D226BC5; Mon, 15 Oct 2018 12:03:16 -0700 (PDT) To: me@myDomain.net Subject: Contact from myDomain.net X-PHP-Originating-scri_pt: 1000:contact.php From: "Kozaimgox" <andry.zaims@mailert.ru> Reply-To: "Kozaimgox" <andry.zaims@mailert.ru> X-Mailer: chfeedback.php 2.15.0 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Message-Id: <20181015190316.D004D226BC5@pluto.home> Date: Mon, 15 Oct 2018 12:03:16 -0700 (PDT) This message was sent from: http://www.myDomain.net/contact.html ------------------------------------------------------------ Name of sender: Kozaimgox Email of sender: andry.zaims@mailert.ru ------------------------- COMMENTS ------------------------- Оформить онлайн займ в наше время не составляет трудностей. Оформить ссуду возможно в любое время, главное – иметь доступ к сети. Необходимо сказать, что, если вы желаете получить займ, вам нужно внимательно выбирать сервис, где вы будете оформлять займ. Советуем обращать интерес при выборе компании на разные факторы. На mega-zaimer.ru достаточно много личностей получают займы. Сервис, который может предоставить срочный виртуальный займ – найти не так уж и просто. Достаточно много служб заставляют посетителей предоставлять разные документы, которые могут быть полезны кредитору в том случае, если заемщик пропадет. Однако, на сайте доступны самые лучшие МФО. Они предоставляют онлайн займы без проверок и без отказа. Именно по этой причине они безумно ценятся, а сервис их предлагает. Некоторые МФО выдают виртуальные займы на карту. Вы можете сделать выбор, на какую карту вы желаете взять ссуду. Большинство сервисов предоставляют ссуды на дебитные карты. Некоторые фирмы предоставляют деньги даже на online кошельки. Некоторые из сервисов, которые представлены на mega-zaimer.ru предоставляют шанс взять первый кредит бесплатно. Сейчас подобрать сервис, который предоставляет шанс выбирать релевантные предложения очень тяжело. Последнее время достаточно много фирм, которые предоставляют финансовые услуги, начали предоставлять кредиты на короткий срок. Некоторые из таких сервисов считаются не надежными. Именно для того, чтобы потребители могли брать деньги без проблем вне зависимости от положения, вы можете оформить кредит на карту виртуально без отказа в любое время дня. Сервис пользуется спросом в связи с тем, что он регулярно проводит анализ компаний и специалисты следят за всеми изменениями на рынке. Именно это позволяет создать объективный рейтинг всех сервисов и верных кредиторов. На ресурсе подготовлен список новых МФО 2018 года, где доступны самые крутые МФО. Большинство из компаний предоставляют срочный займ на карту без проверки кредитной истории, что является большим преимуществом в наше время. На <a href=https://mega-zaimer.ru/srochiy-zaimu/>https://mega-zaimer.ru/srochiy-zaimu/</a> вы можете найти компанию, которая будет удобна именно вам. Сайт очень простой и будет интересным для всех пользователей. Необходимо выделить, что на сайте вы выберете МФО по следующим параметрам: сумма займа, срок ссуды, регион, метод получения денег. Большинство людей предпочитают брать виртуальные займы на карту, чтобы распоряжаться финансами. Сейчас любой заемщик может взять займ и ему 100% одобрят его займ. Ведь сервис собрал самых надежных кредиторов, которые являются настоящими профессионалами. Сотрудники сервиса постоянно отслеживают всю информацию по поводу работы МФО. Возможность получить кредит есть даже у тех, у кого ужасная кредитная история. Сервис будет полезным и по той причине, что он предлагает компании, которые предоставляют займы ночью. Не так много МФО выдают займы в ночное время суток. Сегодня выбрать компанию, которая предоставит займ мгновенно без отказов и проверок на кредитку круглосуточно, да еще и ночью – практически невозможно. Но, сервис предлагает каталок МФО, которые могут быть полезны вам. На финансовом портале mega-zaimer.ru клиенты имеют возможность взять займ на карту вне зависимости от направления средств. Вам не нужно будет информировать, как в банковское учреждение, куда будут идти финансы. За вашими транзакциями также не будут следить. Во всех МФО заявки обрабатываются очень быстро. Также стоит отметить, что для постоянных кредиторов функционируют специальные предложения. Сервис также оснащен service desk, которая предоставит ответы на все ваши вопросы при первой же необходимости. ------------------------------------------------------------
  28. Lking

    Convert from PUNbb 1.4.4

    This is a forum related to fighting spam. I would suggest you find a forum related to your applications. A WPForo forum may be helpful. Thread moved to a more appropriate forum.
  1. Load more activity
×