Jump to content

RobiBue

Membera
  • Content Count

    229
  • Joined

  • Last visited

Everything posted by RobiBue

  1. went one up on my previous (2 month old) post looking at it's /18 range: https://whois.nic.ad.jp/cgi-bin/whois_gw?key=202.238.192.0/18 SC itself still returns " No reporting addresses found for 202.238.198.169, using devnull for tracking. "
  2. RobiBue

    No links, but wait, there is!

    I don't know why the links don't appear in the report. I see them both, in the text/plain part, as well as in the text/html part of course, I also don't know why you'd be getting spam in German... unless the spammer thinks you're in Austria 🤣 but yes, netops at singlehop dot net would be the place to send the link reports to. 3 of them are links, and one is an image...
  3. RobiBue

    forum spam handling

    well, it is very possible, that those 2 are legit, just found SC, and decided to sign up in the forum.
  4. RobiBue

    forum spam handling

    gotcha! we need a
  5. RobiBue

    forum spam handling

    today, as of 11AM CDT: 17 new members (listed under All Activity) (well, one from yesterday, but almost midnight) 12 of them posted 1 spam each 2 of them didn't post anything 3 had a post, but it didn't exist (Content Count: 1 post -- but nothing found) 28 new spams 14 of them from listed new members the other 14 from unlisted members but all created within 1 hour of the post (almost as if they deleted their own user themselves after posting...) and while I was busy during 1 hour while this post is sitting here, cleanup has started and is just about finished ( I need to rephrase this somehow... my post was sitting idle in the editor while I was busy doing other things. When I got back 1 hour later, I noticed that cleanup was being done.)
  6. RobiBue

    forum spam handling

    Completely agree, IP blocking is not an option. and don't forget china true, didn't realize that until you pointed it out Didn't know there were so few uf us. (if I'm on the tablet I don't report because I have to go into the post to report it. with the pc it's easier using the mouse hover) yeah, again needed that to be pointed out, but it would require several people to report the post to be hid, and as I mentioned, it wouldn't be unreachable, only marked as hidden, but anybody wanting to read it could still access it. wrt PITA; I know, that's why the ideas being thrown around. Now an undocumented, unmaintainable/chaotic, up the wazoo system is not exactly what I had in mind... (sorry, pun intended) hopefully, with input of good ideas and weeding out the bad, a winning system could be proposed for third party implementation
  7. RobiBue

    forum spam handling

    Hmmm... now here comes a thought... I know, still dangerous 😉 What if... there is/could be a way to check how old an email account is (when it was created) ... Serious Callers Only (yeah, been reading Iain Banks lately 😉) won't use throwaway (recently created) emails to sign up and post in SC (at least I don't think so) unless they are spammers... Of course, if I had my own mx/mail server, I would be using emails, new or old, but mostly with @mydomain.tld (historically that used to be done in usenet/newsgroups to ensure that scavenged addresses could be pinpointed to a certain usenet base (at least that's how I remember it from way back when 🙂 ) Aaaanyway, so spammer creates emails galore on gmail/outlook/protonmail/yandex/whatever and tries to sign up in forum. Forum says your email is too new, you need approval from admin to post new posts. I know, you mentioned before about legitimate users that want to post, but their email addresses (on the aforementioned big email houses) are usually long established. So the email address age would prevent this spammer from posting right away, and his address could be placed on the ban list for future attempts... Now, OTOH, spammer uses own @mydomain.tld addresses. Even if the address was new, he would be allowed to spam as before, but now, the domain could be blocked, and to buy domain names could turn out to be costly for this kind of spam shop... and then he would drop the domains and someone else, legit picks them up and has them already blocked here, so somewhat a timed block could be set in place, coinciding when the domain name expires Was busy today and didn't have time to report early but I did read your comments and explanations and agree that IP blocking wouldn't be productive. Now of course, the whole discussion is more or less moot point, since invision would have to implement all this and I have no idea how willing they are to make changes at this level... and if (as I mentioned) there could be a way to check big email house creation date of addresses... also, since SC forum deals with valid spam, a forum spamkiller would unfortunately throw too many false positives...
  8. RobiBue

    forum spam handling

    Well, I don’t know about the forum spams being marked as spam in gmail since I only read them in SC. (Anyway, if you receive them as emails, then you should be able — as I do with other email forums — to mark them as never send to spam, and just delete the ones that are “offensive”, as forum emails come from the forum and not from the person sending them...) Ah, but automated mistakes are also bad. That’s the reason SC uses human decision to ultimately report the processed spam... ... of course this would be “semi-automated”, as the automation process would start as soon as 3 or 4 humans decided to mark the post as “spam” (only possible in SC online forums) The Latin phrase for that is “errare humanum est” (to err is human), and I have informed the admin “in situ” of a few odd misdirected posts (fat fingering and lack of caffeine are usually the reasons 🤫) Well, as Lking already explained: I figure, since the “spam-poster” needs an email account to sign in, these people have tons of throwaway addresses, since they can only use them once. (I am curious on how many addresses use the same domain, and thus prevent them, depending on the domain they use, to even create a SC account. Of course, if they use throwaway gmail, yahoo, hotmail, et.al. accounts, that wouldn’t be feasible...)
  9. RobiBue

    forum spam handling

    Well, my idea wasn't to thwart the spammers... (ok, in a way it is 😛) Instead, it would be meant to keep the forums "readable" after 3 or 4 users have reported the posts. They'd still be there if one really desires to read them, but they'd be hidden until they get handled by an admin. personally, they don't bother me (much), but I see the occasional OP who mentions the garbage in the forums (fora, fori, forii, whatever) and /me thinks/ (dangerous thing BTW) that there could be something that could be done besides one or two admins cleaning up garbage left by some 💩es... Usually we don't get much. It seems that today, though, is a different matter... some "recruiter" must have promised a lot of 💵 to some poor souls... That's actually my idea behind it. Have as few spamposts as possible visible to users, and I think that could accomplish it (I'm sure there are some of us users that report those spams, and if it's just 3 or 4 per post it would do the trick...) Just my thought... and then Lking could even enjoy his carb-sugar-caffeine drink in a more leisurely manner
  10. RobiBue

    no reporting for IP 109.94.2.125

    If I query ARIN, I am told it’s a RIPE address... and the abuse email address given, ending in “.ru” does not help my confidence in its trustworthiness... I apologize to all honest Russians, but living here in the Americas leaves me with little trust in Russian owned web addresses. In God I trust, but not in Товарищ владимир и собрат дональд
  11. RobiBue

    spam via VPN

    Now that's a new one to me! https://www.spamcop.net/sc?id=z6558965774z4e9bfbe926ede8ccf1c336a6fb42d396z I wasn't thinking much about it when I sent the report, but today I received the following reply from NordVPN abuse desk: well, internet privacy vs internet privacy. ain't that swell...
  12. RobiBue

    The problem against spam users.

    Around 20 years ago, I used to send my wife occasional emails that would look like she sent them to me, just to make sure that she understood that anybody could send an email with spoofed/fake names. So the From: line in the headers is only valid for “trusted” emails. (And then, only if you trust them ) As Lking states, the Received: line in the headers is the one that gets you closest to the original sender. Many times, though, a computer is hacked and some malware is installed, sending the spam from that computer without the knowledge of the real user. Sending spam reports to the ISP of said user is necessary to alert the ISP that the user is either a spammer or has compromised hardware. It is also possible that a company has their own mail server which is open and can be used as a proxy. For the latter, it is also important to have their ISP inform them that they are running an open proxy allowing spammers to abuse their system. HTH
  13. RobiBue

    Report Ends With "Parsing Header:"

    /me/ stands corrected. Thank you 😊. wasn’t aware that the headers could share importance with a DB file structure (mbox in this case)
  14. RobiBue

    Report Ends With "Parsing Header:"

    atchooly.... is there a reason why the first From line doesn't have a colon ":" From bounce@menshealth.com Mon Jul 8 01:35:59 2019 Return-Path: <bounce@menshealth.com> X-Original-To: x Delivered-To: x in my book, that would be a reason for failure...
  15. and so the G🦗H advances further to becoming a master 🙏 @gabrielt Glad you found the problem, and with it, also fixed an internal handoff problem with your qmail setup (malformed received line). (wish some big companies: -- with outlook and hotmail -- would fix theirs.... )
  16. Unfortunately, that is not something we "mere mortal users" can solve unless we report manually and not through spamcop. This issue has to be resolved through fixing spamcop's whois lookup with the registries, and following the correct protocol, which apparently ARIN changed a while back. RIPE also seems to have made some changes, but it's affecting spamcop only marginally. Sadly many ARIN redirections to APNIC end up devnulled because cisco/talos seems to have only a minimal desire to keep spamcop up to date (at least so it seems to me personally) What happens now, is, that someone asks in this forum to fix the reporting address (which may or may not happen), and if this reporting address gets manually changed, it is then prone to end up being the wrong address when the registrant changes the info in the whois DB.
  17. yeah, rule #3, but don't forget Russel's Corollary...
  18. I fathom that somehow they were tipped off to remove certain spam-traps from their database, yours included, but not the other addresses. Just my thought...
  19. RobiBue

    abuse: nobody{AT}example.com

    That one is a bit murky, but looking at its upstream 216.72.0.0/16, it belongs to Equant Inc. (who in turn, back in 2006 was rebranded into Orange along with Wanadoo.) That said: "Comments: For abuse, spam or security issues, Please contact SIRT [at] EQUANT.COM", and "OrgAbuseEmail: sirt [at] orange-ftgroup.com" would be the address I'd use. The link is a "spamcop command" link that could expire, so the ARIN link is 3-fold: https://whois.arin.net/rest/net/NET-216-72-0-0-1 which gives the SIRT [at] EQUANT.COM address, and the link below for the " Related organization's POC records. " (the second "See also" as the first one is absolutely useless, and the third isn't much worth for us) https://whois.arin.net/rest/org/EQUANT-1/pocs where in turn you can find "Abuse: SOC20-ARIN (SOC20-ARIN)" which links to https://whois.arin.net/rest/poc/SOC20-ARIN.html which gives the sirt [at] orange-ftgroup.com address. (and maybe also attach the other two non- IPG-ARIN addresses as well 😉 Then, I would also add the address found in https://www.ripe.net/membership/indices/data/ie.equant.html, although since there is no last updated date, there is no security that this email is still valid (but worth a try) HTH
  20. I would like to propose a change in SpamCop's handling of cloudflare links. 1. when looking up the whois for the domain, or test the link, do not use the full path, only use the domain name, as a visitor trigger trap causes more spam to be sent as soon as the report is performed. I munged for that purpose every link in my "cloudflare" spams: https://www.spamcop.net/sc?id=z6493410150za18869ba12b686fd60a88c35e34dc44ez https://www.spamcop.net/sc?id=z6493410187zb583dc5e2b40660c7a81ed43e718e3aaz https://www.spamcop.net/sc?id=z6493340629z49245d803153055044b14f0dc24f00a3z https://www.spamcop.net/sc?id=z6493340613z69f628f405e36a4d6fbdf4e2014ffe58z and so on and so forth. it would be grand if SpamCop could do this automagically.
  21. no, it is not an error, as this network entry really didn't provide an abuse address. Heck, they really didn't provide an address at all: https://whois.nic.ad.jp/cgi-bin/whois_gw?codecheck-sjis=Japan+Network+Infromation+Center&amp;lang=%2Fe&amp;key=202.238.198.169&amp;submit=query&amp;type=&amp;rule= [ JPNIC database provides information regarding IP address and ASN. Its use ] [ is restricted to network administration purposes. For further information, ] [ use 'whois -h whois.nic.ad.jp help'. To only display English output, ] [ add '/e' at the end of command, e.g. 'whois -h whois.nic.ad.jp xxx/e'. ] Network Information: a. [Network Number] 202.238.198.0/24 b. [Network Name] IIJNET g. [Organization] IIJ Internet m. [Administrative Contact] JP00010080 n. [Technical Contact] JP00010080 p. [Nameserver] dns0.iij.ad.jp p. [Nameserver] dns1.iij.ad.jp [Assigned Date] 2018/06/25 [Return Date] [Last Update] 2018/06/25 17:35:04(JST) Less Specific Info. ---------- Internet Initiative Japan Inc. [Allocation] 202.238.192.0/18 More Specific Info. ---------- No match!! looking up the JP00010080 AS number (well, JP number, as it isn't really an AS number) I get: [ JPNIC database provides information regarding IP address and ASN. Its use ] [ is restricted to network administration purposes. For further information, ] [ use 'whois -h whois.nic.ad.jp help'. To only display English output, ] [ add '/e' at the end of command, e.g. 'whois -h whois.nic.ad.jp xxx/e'. ] Group Contact Information: [Group Handle] JP00010080 [Group Name] IP Address Contact [E-Mail] nic-sec@iij.ad.jp [Organization] Internet Initiative Japan Inc. [Division] [TEL] 03-5205-6500 [FAX] [Last Update] 2014/07/22 12:02:04(JST) apply@iij.ad.jp So nic-sec[at]iij.ad.jp would be the address to complain to, and I personally would add a comment to hostmaster[at]nic.ad.jp letting them know that the above entry has no abuse address listed and is spamming
  22. 1/2 way agree wit Petzl 😉 fake bounce: no, it's a real bounce spammer has you as return address: yes. That's why you're receiving the bounce 😞 The address that the spammer sent the spam to, is invalid (either never existed or got removed from usage) and since your address was the return address (From:) ... another reason to hate spammers... but no point in submitting that one, as the owner is legit... they just replied to you to let you know that "your" mail couldn't be delivered... that's another reason why spamcop goes after the Received: headers and not the From: email addresses 😉
  23. Oh those times 👴🏼 I think I’m showing my age 😗🎶 But to our microVAX I had direct terminal access
  24. I prefer https://youtu.be/RlsiiWlt35s (Surely you understand I don&#39;t like to be called Muriel 🤨🤫) 🙃🤗🤣
  25. RobiBue

    Abbreviations/acronyms

    I learn it from a book 🙃🤗🤣
×