Jump to content

nhraj700

Members
  • Content Count

    28
  • Joined

  • Last visited

Community Reputation

0 Neutral

About nhraj700

  • Rank
    Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. There might only be a two hour window to allow an edit to the post from what I found in another posted question on this website. It now might require an admin to edit your post.
  2. I think he is asking you to replace your email address' in your original forum post above with the letter X. You have delyani [at] gmail [dot] com strewn all over in the source of the email that you copy an pasted in the post. I counted at least 10 references to your email. BOTS will scrape this forum looking for email addresses and you could end up receiving more spam . Edited: It's also recommended or a good practice to not dump the source headers and body of the spam email in your post on the forums. Most of the helpful folks on here just want to see the "tracking url" where they can see the source email in its entirety. Use Petzl's reply post as an example. He posted the Tracking URL.
  3. nhraj700

    Massive spam Attack - Looking For Input

    Looks like you have to have Google G Suite which is intended for Admin's running an email group for Companies, Schools and other groups. About all I can do is block addresses which go to spam folder. On another note I have been able to have about a dozen domains suspended, however the spammers quickly react by creating/using other ones.
  4. nhraj700

    Massive spam Attack - Looking For Input

    NameCheap won't do anything until Spamhaus does. Wished the average user could contact Spamhaus as whatever methods they use don't pick up on this attack. Is Dakota Green the spammer? https://whois.domaintools.com/redipping.com
  5. nhraj700

    Massive spam Attack - Looking For Input

    I just did an experiment. I just happened to send in a report to US Cert, Spamcop, US Phishing and Anti-phishing org and the report came back from Spamcop stating that... Routing details for 67 229 173 51[refresh/show] Cached whois for 67 229 173 51 : abuse vpls comUsing abuse net on abuse vpls comNo abuse net record for vpls comUsing best contacts abuse vpls com ISP has indicated spam will cease; ISP resolved this issue sometime after 8/19/2019, 5:25:56 PM -0700 Message is 1 hours old What's weird is how did I get a fresh spam if VPLS fixed it? Anyhow, so I sent that particular spamcop report link and the offending domain name (redipping com) and IP to NameCheap and again created another ticket. I said to them look, VPLS admits this is spam so why don't you take care of this registrant. Maybe they'll move on it without having this domain on a SpamHaus blocking list. Fun Times!!
  6. nhraj700

    Massive spam Attack - Looking For Input

    I was able to have NameCheap shutdown 4 of the domains. Small win I guess especially in looking at the article link you supplied. 4 shutdown of the 11K domains used to run spam bots on NameCheap. Damn not a very good winning percentage. The big problem is what you alluded to. They keep changing the IP's and so therefore avoiding any kind of blacklisting. NameCheap won't act on it unless Spamhaus has them listed. I guess I am the only person in the world reporting these guys. In looking at AbuseAT they are squeaky clean. I can't believe when looking up these domain names, domain IP's and hosting Ip's on the Talos Reputation page there appears to be no trouble for them. Too weird. Since 90% of the IP's identified by reporting to SpamCop are US based providers, I am also sending to phishing-report at us-cert gov. Not sure if I need others? In looking at the First List how do you know who to send to in other countries and are there any addresses to forward to? I don't see any abuse addresses only team contacts. Probably not looking in the right spot. You lost me on this one. Send to who, the Registrar, Host or Cert? And for DDOS attack? Is this what I am getting with a spambot. Or is that more of a server that's getting it not my home network? What addresses are you putting in the TO field. Domain Addresses or Host IP's? NameCheap actually looked at all my SpamCop reports and converted the IP's to Domain names. So they appear to be playing nice.
  7. nhraj700

    Massive spam Attack - Looking For Input

    Petzl, Thank you for your input and recommended WIN program. NameCheap has indicated to me that while they don't host the data for these domains and can't check the server logs for spam abuse from the 30 or so I sent them through Spamcop reports, they however have opened up a case with Spamhaus. Is that a good thing and have you seen positive results from that or is this a "pass the buck" kind of move? They told me to report directly to the hosts, but I am assuming that isn't working as Spamcop is doing that through the reporting process. Out of the 30 I sent, only 5 domains showed up on the Spamhaus DBL list and according to NameCheap, that's what prompted them to open a case.
  8. Hey all, Looking for some input on what "you" would do in addition to what I am already doing. I am at wit's end and considering giving up on this one. I seem to have landed on some spambot or persistent POS spammer's list on an email address that typically has had no spam sent to it or was successfully filtered by the provider. Unfortunately this ordeal has burned up all of my Spamcop fuel. I am reporting every spam email to Spamcop, UCE, ORA.FDA, ACMA, Phishing at US CERT, Phishing at Antiphishing org. This attack is repetitive in content and seems to be repetitive in sources. What bothers me is sometimes I get auto-response from Spamcop stating ISP has taken care of the address but what is weird is it is usually dated the day or two before and I am reporting within seconds of getting it. Is the spammer sending some sort of auto-response to Spamcop to trick it? Below is hopefully enough of a list of tracking url's that might give someone with better experience to ascertain what steps I might take and see a pattern. [Edited to add offenders at a glance] These seem to be the major offenders over and over. proxad[dot]net cv[dot]net nl[dot]leaseweb[dot]com pratiksunucum[dot]com primary[dot]net dedibox[dot]fronline[dot]net hostnit[dot]com quadranet[dot]com vpls[dot]comus[dot]leaseweb[dot]com leaseweb[dot]de multacom[dot]com velia[dot]net netmyne[dot]com stackip[dot]net he[dot]net netbudur[dot]com ikoula[dot]com dacentec[dot]com heg-us[dot]com colocrossing[dot]com psychz[dot]net aknietteteeva[dot]gmail[dot]com [End Edit] Thanks in advance. https://www.spamcop.net/sc?id=z6566520311z41fa0c960e85e844a30002d278ed6f9az https://www.spamcop.net/sc?id=z6566520312z6ce0103f34a127b8f20ded2333c8d06az https://www.spamcop.net/sc?id=z6566520313z8a760a7cd8dfb78366d954b0e4460973z https://www.spamcop.net/sc?id=z6566520314z66c0ec5b5300a4a5734ad34540c62f58z https://www.spamcop.net/sc?id=z6566520315zf3db2a8604dcf93f6007a32efad861b7z https://www.spamcop.net/sc?id=z6566520316zdbd95a02f7dfb85453517bbbe5c1e117z https://www.spamcop.net/sc?id=z6566520317z41c2e155668cb8b886f066a4874c6d00z https://www.spamcop.net/sc?id=z6566520318z253fb3c16c5537e73d18db3203070de1z https://www.spamcop.net/sc?id=z6566520319z1164ef6a60b17d090a142ccff880defaz https://www.spamcop.net/sc?id=z6566520320z18000c74cc774082bb65d03342691fe8z https://www.spamcop.net/sc?id=z6566520321z2e7fa652d590841ded710d39b824bd9az https://www.spamcop.net/sc?id=z6566520322zb0a2689b23f9d3c7384e782de1208e93z https://www.spamcop.net/sc?id=z6566520323z1c9c291593ff190f20a0b056f59a85faz https://www.spamcop.net/sc?id=z6566520324z8a09b1f06b53160183624992abb3110cz https://www.spamcop.net/sc?id=z6566520325z04094c2130063750649dd06968ce07ccz https://www.spamcop.net/sc?id=z6566520326z5b3541758582127ae705892424c27e9bz https://www.spamcop.net/sc?id=z6566520327zb78c4a1273c690a265e02f49d1426372z https://www.spamcop.net/sc?id=z6566520328z2bb0a9838d540a0df0ebd1b5a7fa5b39z https://www.spamcop.net/sc?id=z6566520329z6166255f0056dd0c0183cddcb85d5c08z https://www.spamcop.net/sc?id=z6566520330z977931b5a816ec376b8d9d8e3faee0b6z
  9. nhraj700

    Details of update to Spamcop 5.0 coming tomorrow?

    I was hoping too the IPv6 issue was addressed with this 5.0 update. I hardly get spam on Gmail, but Hotmail is another story.
  10. nhraj700

    munging cloudflare spammed links

    I would like to second this change request with respect to any full path of web links as they can be linked to the recipient.. I was recently hit by one of these bots from AWS a month ago and received hundreds of spam until I saw this post from RobiBue and stopped all SpamCop processing on them. Once I stopped reporting them to SpamCop, they stopped immediately. I received another one this morning and unfortunately I didn't catch the source and bot servers and now I have received 50 of them in on swoop. https://www.spamcop.net/sc?id=z6507110875zae91e5b4e32f5271d867a53e6361d3acz Too many to mung up for my liking. I simply sent them to all other anti-spam agencies and skipped SpamCop.
  11. nhraj700

    Is Google even paying attention to Spamcop?

    Why is Spamcop sending it to the wrong address? Is there a procedure for asking SpamCop to fix it? I am running into several of these from 209 domain addresses from Google also. Just curious how we can get this rectified.
  12. I just sent a complaint via that feedback function. Thanks for that tip. Tired of modifying headers.
  13. nhraj700

    KnujOn shutting down

    Posted in case anyone is interested. Received this email this morning. Dear Member, On 22 May 2018 Knujon.net will cease accepting forwarded samples and the server will be shut down. Coldrain-related servers will also cease forwarding samples as well. The site Knujon.com will remain active and continue to publish updates to reports as well as maintain documents as an archive repository. The KnujOn project, for several reasons, will be winding down and completing its work. As many may suspect we do not have the resources required to maintain this project. However, KnujOn has largely achieved what it set out to do. Fifteen years ago my father, Dr. Robert Bruen, and I started KnujOn principally as a research project. The project was intended to test and evaluate the overall Internet infrastructure as it pertains to consumer abuse and systemic subversion. We have collected enough information to draw fundamental conclusions. Our final findings will be published and our members will have access to detailed analysis. Our research started as a technical endeavor but quickly became political (political in the broad sense of different groups competing for control of resources and influence). The political situation evolved into a criminal one and eventually into a clear problem of corruption and abuse of public trust as well as power. While KnujOn has been able to fix a number of problems within the Internet architecture, the core issue is beyond our ability to address. We have neither the resources to deliver the solutions that are truly needed nor to deliver the kind of user experience KnujOn members deserve. With that being said, our work is in fact successful and you have a lot to be proud of. All of this will be fully documented in our final report. On the technical side you should start seeing your report refreshed. Our service provider, without prior notice, switched the operating system of our key publishing server. This small change caused all of our uploads to fail or be overwritten with blank data. We were not aware of this problem for some time and fixing it was difficult because there were no actual errors in our code. This has been corrected and all samples received before 22nd will be processed and analyzed. Statistics and other report publishing will begin again now that this problem with our hosting company has been identified. In this effort we continue to support you, but the collection and processing of additional samples beyond this are not required to support the conclusions we have already reached. I know you may have been frustrated by our lack of progress and response, trust that no one is more frustrated than I am. Everything we have done was for the public good and with the best intent. We thank everyone for their dedication and participation in this project and hope you will find our final report useful. -Garth at Knujon.com
  14. nhraj700

    KnujOn shutting down

    Just a heads up for anyone forwarding spam to KnujOn.com, they are shutting down their servers. I am posting what they posted on their servers recently as I was receiving error messages back from their mail server the last few days. One less effort in the fight. Dear KnujOn members, friends and visitors, This project will cease accepting samples from the public on 22 May 2018. The knujon.net will stop accepting email samples and the server will be shut down. The servers at coldrain.net will stop forwarding email. knujon.org will cease accepting new memberships and donations as of 8 March 2018. knujon.com will remain active to maintain historical information about the project but no sample data will be accepted. All currently held samples and all samples accepted up until 22 May 2018 will be processed. This research was started by Dr. Robert Bruen and Garth Bruen in 2003. After 15 years we have reached clear fundamental conclusions concerning the management of the Internet, findings which are neither pleasing nor surprising. We have taken this work as far as we can at this stage. A final comprehensive report of KnujOn findings will be published and maintained at knujon.com. We thank everyone for their dedication and participation in this project and hope you will join us when we start our next project which will be based on KnujOn findings. The details of this further research will be announced on knujon.com.
  15. nhraj700

    Spamcop cannot find source IP

    I received this same kind of message today and thanks to PETZL I have successfully submitted it. Thanks PETZL!!
×