Jump to content

RobiBue

Membera
  • Content Count

    193
  • Joined

  • Last visited

Community Reputation

0 Neutral

About RobiBue

  • Rank
    Advanced Member

Recent Profile Visitors

775 profile views
  1. RobiBue

    forum spam handling

    I just had a brainfart (pardon my French)... Sooo, we have these pesky little ๐Ÿ’ฉ that think that the readers of these forums are interested in their spew ๐Ÿคฎ Well, here is my proposal to alleviate the problem: Reported posts receive a mark/counter (see below: 1 reported...) Posts that are less than 24 hours old and reported more than 3 times get hidden (can be unhid[sic] by the user if he/she so desires) A user with a post reported 4 times would be prevented from posting in the forum (reading is ok, and pm an admin to ask for unblocking) Eventually a forum admin can do some garbage collection (GC) the way they usually do it this would be the forum view with all topics displayed (the two marked "4 reported" would be hidden by default) This would be the "Unread" topics view (hey, no spam but only if 4 reported them beforehand) in Content Types, the user could choose to see the spam (unless the forum admin already done the GC) Suggestions or ideas (or the other way around) are always welcome.
  2. RobiBue

    spam via VPN

    Now that's a new one to me! https://www.spamcop.net/sc?id=z6558965774z4e9bfbe926ede8ccf1c336a6fb42d396z I wasn't thinking much about it when I sent the report, but today I received the following reply from NordVPN abuse desk: well, internet privacy vs internet privacy. ain't that swell...
  3. RobiBue

    The problem against spam users.

    Around 20 years ago, I used to send my wife occasional emails that would look like she sent them to me, just to make sure that she understood that anybody could send an email with spoofed/fake names. So the From: line in the headers is only valid for โ€œtrustedโ€ emails. (And then, only if you trust them ) As Lking states, the Received: line in the headers is the one that gets you closest to the original sender. Many times, though, a computer is hacked and some malware is installed, sending the spam from that computer without the knowledge of the real user. Sending spam reports to the ISP of said user is necessary to alert the ISP that the user is either a spammer or has compromised hardware. It is also possible that a company has their own mail server which is open and can be used as a proxy. For the latter, it is also important to have their ISP inform them that they are running an open proxy allowing spammers to abuse their system. HTH
  4. RobiBue

    Report Ends With "Parsing Header:"

    /me/ stands corrected. Thank you ๐Ÿ˜Š. wasnโ€™t aware that the headers could share importance with a DB file structure (mbox in this case)
  5. RobiBue

    Report Ends With "Parsing Header:"

    atchooly.... is there a reason why the first From line doesn't have a colon ":" From bounce@menshealth.com Mon Jul 8 01:35:59 2019 Return-Path: <bounce@menshealth.com> X-Original-To: x Delivered-To: x in my book, that would be a reason for failure...
  6. and so the G๐Ÿฆ—H advances further to becoming a master ๐Ÿ™ @gabrielt Glad you found the problem, and with it, also fixed an internal handoff problem with your qmail setup (malformed received line). (wish some big companies: -- with outlook and hotmail -- would fix theirs.... )
  7. Unfortunately, that is not something we "mere mortal users" can solve unless we report manually and not through spamcop. This issue has to be resolved through fixing spamcop's whois lookup with the registries, and following the correct protocol, which apparently ARIN changed a while back. RIPE also seems to have made some changes, but it's affecting spamcop only marginally. Sadly many ARIN redirections to APNIC end up devnulled because cisco/talos seems to have only a minimal desire to keep spamcop up to date (at least so it seems to me personally) What happens now, is, that someone asks in this forum to fix the reporting address (which may or may not happen), and if this reporting address gets manually changed, it is then prone to end up being the wrong address when the registrant changes the info in the whois DB.
  8. yeah, rule #3, but don't forget Russel's Corollary...
  9. I fathom that somehow they were tipped off to remove certain spam-traps from their database, yours included, but not the other addresses. Just my thought...
  10. RobiBue

    abuse: nobody{AT}example.com

    That one is a bit murky, but looking at its upstream 216.72.0.0/16, it belongs to Equant Inc. (who in turn, back in 2006 was rebranded into Orange along with Wanadoo.) That said: "Comments: For abuse, spam or security issues, Please contact SIRT [at] EQUANT.COM", and "OrgAbuseEmail: sirt [at] orange-ftgroup.com" would be the address I'd use. The link is a "spamcop command" link that could expire, so the ARIN link is 3-fold: https://whois.arin.net/rest/net/NET-216-72-0-0-1 which gives the SIRT [at] EQUANT.COM address, and the link below for the " Related organization's POC records. " (the second "See also" as the first one is absolutely useless, and the third isn't much worth for us) https://whois.arin.net/rest/org/EQUANT-1/pocs where in turn you can find "Abuse: SOC20-ARIN (SOC20-ARIN)" which links to https://whois.arin.net/rest/poc/SOC20-ARIN.html which gives the sirt [at] orange-ftgroup.com address. (and maybe also attach the other two non- IPG-ARIN addresses as well ๐Ÿ˜‰ Then, I would also add the address found in https://www.ripe.net/membership/indices/data/ie.equant.html, although since there is no last updated date, there is no security that this email is still valid (but worth a try) HTH
  11. no, it is not an error, as this network entry really didn't provide an abuse address. Heck, they really didn't provide an address at all: https://whois.nic.ad.jp/cgi-bin/whois_gw?codecheck-sjis=Japan+Network+Infromation+Center&amp;lang=%2Fe&amp;key=202.238.198.169&amp;submit=query&amp;type=&amp;rule= [ JPNIC database provides information regarding IP address and ASN. Its use ] [ is restricted to network administration purposes. For further information, ] [ use 'whois -h whois.nic.ad.jp help'. To only display English output, ] [ add '/e' at the end of command, e.g. 'whois -h whois.nic.ad.jp xxx/e'. ] Network Information: a. [Network Number] 202.238.198.0/24 b. [Network Name] IIJNET g. [Organization] IIJ Internet m. [Administrative Contact] JP00010080 n. [Technical Contact] JP00010080 p. [Nameserver] dns0.iij.ad.jp p. [Nameserver] dns1.iij.ad.jp [Assigned Date] 2018/06/25 [Return Date] [Last Update] 2018/06/25 17:35:04(JST) Less Specific Info. ---------- Internet Initiative Japan Inc. [Allocation] 202.238.192.0/18 More Specific Info. ---------- No match!! looking up the JP00010080 AS number (well, JP number, as it isn't really an AS number) I get: [ JPNIC database provides information regarding IP address and ASN. Its use ] [ is restricted to network administration purposes. For further information, ] [ use 'whois -h whois.nic.ad.jp help'. To only display English output, ] [ add '/e' at the end of command, e.g. 'whois -h whois.nic.ad.jp xxx/e'. ] Group Contact Information: [Group Handle] JP00010080 [Group Name] IP Address Contact [E-Mail] nic-sec@iij.ad.jp [Organization] Internet Initiative Japan Inc. [Division] [TEL] 03-5205-6500 [FAX] [Last Update] 2014/07/22 12:02:04(JST) apply@iij.ad.jp So nic-sec[at]iij.ad.jp would be the address to complain to, and I personally would add a comment to hostmaster[at]nic.ad.jp letting them know that the above entry has no abuse address listed and is spamming
  12. 1/2 way agree wit Petzl ๐Ÿ˜‰ fake bounce: no, it's a real bounce spammer has you as return address: yes. That's why you're receiving the bounce ๐Ÿ˜ž The address that the spammer sent the spam to, is invalid (either never existed or got removed from usage) and since your address was the return address (From:) ... another reason to hate spammers... but no point in submitting that one, as the owner is legit... they just replied to you to let you know that "your" mail couldn't be delivered... that's another reason why spamcop goes after the Received: headers and not the From: email addresses ๐Ÿ˜‰
  13. Oh those times ๐Ÿ‘ด๐Ÿผ I think Iโ€™m showing my age ๐Ÿ˜—๐ŸŽถ But to our microVAX I had direct terminal access
  14. I prefer https://youtu.be/RlsiiWlt35s (Surely you understand I don&#39;t like to be called Muriel ๐Ÿคจ๐Ÿคซ) ๐Ÿ™ƒ๐Ÿค—๐Ÿคฃ
  15. RobiBue

    Abbreviations/acronyms

    I learn it from a book ๐Ÿ™ƒ๐Ÿค—๐Ÿคฃ
×