Jump to content

RobiBue

Membera
  • Content Count

    243
  • Joined

  • Last visited

Posts posted by RobiBue


  1. SpamCop automatically does that (well, with the email address)

    see one of my submissions: https://www.spamcop.net/sc?id=z6578044857zc86d7fb1db68d76d82418caac89c33fbz

    Delivered-To: x
    Received: from fundamental.avisayon.com (fundamental.avisayon.com. [188.213.212.42])
            by mx.google.com with ESMTP id q67si3118259wme.53.2019.10.03.17.05.23
            for <x>;
    To: <x>
    To: <x>

    my email address entries are obscured as you can see in the link itself, and the names, well, I get spam emails addressed to different people that it doesn't bother me if they have RobiBue, MaryScott, or the Pope of Rome in the name ;)


  2. 25 minutes ago, dr_bobbs said:

    I don't understand why there must be body text. So, all a spammer has to do is put the spam message entirely in the subject line, with no body text, and then SpamCop is unable to process his spam? I get this message whenever I submit spam from a spammer who has recognized this way to be unreportable to SpamCop. When all spammers have figured this out, and put all their spam messages into the subject line with no body text, then SpamCop will become completely useless? So SpamCop is really so easy for spammers to get around? Am I missing something here?

    Question: before you submit the spam without body, are you able to write

    <empty line>
    spam completely encompassed in subject line

    with <empty line> actually being an empty line and not the words and angled brackets ;) ?


  3. if thunderbird takes after firefox then, unless habul gets worked on, the tool will be useless since xul is being removed permanently.

    sorry to be the bearer of bad news :( 

    BTW, I think I remember legolas... wasn't he also an abuse admin like afterburner and nyarlahotep?


  4. looking up the abuse.net db on mschosting .com shows the aforementioned list...

    https://www.abuse.net/lookup.phtml?domain=mschosting.com

    hostmaster and postmaster addresses are AFAIR quite old (10+ years) and often not used anymore... therefore the bounces.

    The tmcops address could be an old entry as well and it was never updated...

    There is also another possibility that all the addresses DO exist, but they have been either neglected or forgotten and the mailbox filled up and overflowed... ergo another bounce...

    Officially, APNIC lists noc-abuse for the mentioned IP address as the abuse address

    https://dnslytics.com/whois-lookup/110.4.46.157


  5. 4 hours ago, shirayuki said:

    whois 47.110.125.50 returns search-apnic-not-arin#apnic.net@devnull.spamcop.net

    https://www.spamcop.net/sc?action=rcache;ip=47.110.125.50

    Use whois.apnic.net instead of whois.arin.net as the mail address "search-apnic-not-arin" says.

     

    yeah, spamcop has a few issues with APNIC when looking up the addresses in ARIN. Unfortunately they are more than just a few 😞

     


  6. On 8/5/2019 at 11:06 PM, Steve said:

    Not sure exactly what you mean

     

    Steve

    On a certain date, sendgrid probably asked SC not to send spam reports. On that date, or soon after, somebody manually devnulled the sendgrid abuse address. That date would be interesting to know, as well as the reason the address was devnulled. That's what Petzl means with

    On 8/5/2019 at 8:17 PM, petzl said:

    Would like to know when (date) occurred as this is often a legacy issue which may or may-not apply today?
    Some are from last millennium!

    perhaps someone with backstage access could shed some light, or clear up these murky waters 😉

     


  7. 18 hours ago, Lking said:

    Just realized I may be confused.  petzl are you talking about the SCBL or blocking login to the forum?

    The design of the SCBL has been long established. IP addresses come and go from the list depending on established rules based on reports and emails to spam traps. Domain name are not part of the calculation.  I don't think that will ever change

    On the forum blocking blocks of IPs or domains becomes capricious. Looking at the logs and email addresses of spammers first we should block gmail, outlook etc.based on the number of spam posted by those confirmed email addresses.

     

    16 hours ago, petzl said:

    That's it.
    The solution is here I think
    https://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level
    Latest forum flood
    https://www.myfitnesspharm.cXm/total-life-maxx/
    104.31.94.46  Cloudflare
    https://www.fitnesscarezone.cXm/superketo/
    198.54.125.251
    DNS1.NAMECHEAPHOSTING.COM

    https://fitcareketo.cXm/krygen-xl-male-enhancement/
    198.54.126.12 
    DNS1.NAMECHEAPHOSTING.COM
     

    I’m there with Lking. Until these people post their junk, there is not knowing if they are going to spam or not.

    Besides, adding changes to the forum software would only work if the company that designed the system would implement the changes. (As was mentioned in my thread by Lking)


  8. 17 hours ago, Lking said:

    Several thoughts.  You had marked 4 of the 12 spam I cleaned up just now. In the morning (when you read this) one member, sometimes two, will mark the spam before I delete it even when I sleep in.

    Another way to look at it is

    • On "Thursday"  10 members visited the forum
    • 6 show 1 post and have 1 warning point (i.e. been band for spamming)
    • 2 have joined and not posted yet.
    • That leaves 2 members in good standing ( + me)

    If I read this correctly:

    1. 10 members visited the forum; that is everybody that logged in/signed up(registered) (but not guests) to read and/or post (including me)
    2. 6 of the 10 have all been now banned for spamming and received a warning point (for posterity)
    3. this leaves 4 (including me and you) and 2 of them have not posted yet
    • so who posted the other 6 spams?

    I am a bit confused...

    And according to what you say, there aren’t enough people around to mark the spam...

    bummer!


  9. Oh dear, I think I created a monster 😉

    I haven't been active recently. just been popping in occasionally (lately)...

    Anyway, back to the discussion:

    I do believe that the login in created by carbon entities who are promised a certain amount for every successful post

    On 8/26/2019 at 10:02 PM, Lking said:

    I was guessing. IF my experience today is indicative I just suggested that a human passes the  capcha then a bot takes over (using the same PC/IP) and creates several accounts to later post the spam.

    I think there are several approaches in use.  1) A bot, does it all opens account, replies to the challenge email, and post spam.  (15min - hr between join and spam). 2) cheap labor does step 1 & 2, bot post spam.  3) Some poor sap does it all.  I think a signs of human are changing the photo, posting 'interest', 'about me', sex, location, etc.  But most spam accounts don't do anything except post one spam.

    approach 1) I think it's too complicated, as there are too many diverse systems floating around.

    approach 2) more likely, but still with the differences in the systems somewhat complicated to have bots do it right. although sometimes the resulting spam posts do seem incoherent at best.

    approach 3) is IMNSHO the most likely scenario. I think what they do is do some bookkeeping to receive their money, and that is what takes them so long in-between, and they probably have different forum systems open and jump from one to the other. Then, at the end, they copy and paste the spam into all the open forum posts they have in their batch.

     

    So let's say it's carbon entities and not silicon based bots.

    Side question: why isn't the advertised "By harnessing the combined knowledge of thousands of Invision Communities, our spam Defense can assess the potential threat of each new user and stop them before they can cause any problems. It's instant and free with all plans." not working?

    My original thought on marking them as spam by peers, hiding the post in default view after a certain amount of reports, would still be the most feasible option -- if the original developer could/would implement it, that is.


  10. Apologies, but I do see a problem with that. I mean, this is a spam fighting forum, and if someone posts a question about a spam and the words include something that would be filtered, then the OP would have to wait until the admin frees it to the forum...


  11. On 8/10/2019 at 4:49 AM, Lking said:

    "And now for the rest of the story"   It seems that near the end of the workday Thursday a contractor working between Durango and Silverton, CO, USA was digging and cut the fiber cable.  It truly was an "oh sh**" moment because they just filled in the hole and went home..  As a result it took telo a while to find the break.  And yes the one and only fiber cable coming into town stops here.  No loop, no redundancy, no second path. ~~ A stub end right here.   It took 5yr of everyone yelling to get the fiber.  This county seat was the last county in Colorado to get something that "looked" like the internet.  Before it was a multi-link microwave shot over 2 mountain passes which carried all the phone service/what ever out of town. 

    Because of the mining industry that use to be here, electrical power, on the other hand, came in from both the north and south.  No power for the mines, then we are talking real money.  With the mines closed, there is probably enough extra power here to make our own dilithium crystals.

    WOW! wouldn't it have been easier for them to set up BPL? at least as redundancy?
    Internet: the final frontier. These are the enterprises of Telo. Its continuing mission: to communicate in strange new ways, to seek out new fiberoptic breaks and new dug-out holes, to boldly go where no internet has gone before. starship-enterprise-png-7.png

    Besides, who needs the fiberoptics if you have Dilithium crystals. Just transmit and receive with subspace amplifiers...

    Live long and prosper ok-emoji-png-finger-8.png  nyuk nyuk nyuk 🙂

     


  12. On 8/3/2019 at 2:35 PM, MIG said:

    Greetings all👋!  I hope everyone's well and you've all been behaving!?

    Would anyone care to cast their 👀s over this bit of scum pleeze?

    Issue is, apparently "no links found", 'cept, I can find 8 - 4 are enclosed in brackets (), not sure about them, 4 are standard, from my objs, they're the ones that've confuzzed moi,  why didn't SC "detect"?

    Yes Master, I know urls are secondary to source, but, but, but.....

    https://www.spamcop.net/sc?id=z6563176953zf21fc4b02078997bd0dcfb215b0fa333z

    VT tells me urls resolve to 184.154.92.54 = netops@singlehop.com, source = 184.154.92.51 = singlehop.net

    Anyone care to share their wisdom please?

    I remain, a grateful G🦗H🙏

     

     

    I don't know why the links don't appear in the report. I see them both, in the text/plain part, as well as in the text/html part

    of course, I also don't know why you'd be getting spam in German... unless the spammer thinks you're in Austria 🤣

    but yes, netops at singlehop dot net would be the place to send the link reports to.

    3 of them are links, and one is an image...


  13. 4 hours ago, gnarlymarley said:

    interesting, I have wondered if the spammers had a hidden account that was only created to verify that they the emails the forum sends out has their spam.  Though, I would lean more toward an account they created about two years ago for that.

    well, it is very possible, that those 2 are legit, just found SC, and decided to sign up in the forum.


  14. 10 minutes ago, Lking said:

    Those are post I was in the process of hiding .  The user's post count does not update when I hide their post, but there is nothing for you to see.

    Robi we are ships in the night.

    gotcha!

    we need a pb_CapeCanaveral.jpg;) 


  15. 13 hours ago, Lking said:

    I too have noted this variant.  There is also a large number of spams by members that have registered days or more before posting.  For example today (last night) there were 8 new members ~ all spammers.  But there were 23 spam posted.

    You can mouse over the member icon and see date/time joined and date of last post.  For a spammer likely their only post.

    today, as of 11AM CDT:

    17 new members (listed under All Activity) (well, one from yesterday, but almost midnight)
    12 of them posted 1 spam each
    2 of them didn't post anything
    3 had a post, but it didn't exist (Content Count: 1 post -- but nothing found)

    28 new spams
    14 of them from listed new members
    the other 14 from unlisted members but all created within 1 hour of the post (almost as if they deleted their own user themselves after posting...)

    and while I was busy during 1 hour while this post is sitting here, cleanup has started and is just about finished ;) ( I need to rephrase this somehow... my post was sitting idle in the editor while I was busy doing other things. When I got back 1 hour later, I noticed that cleanup was being done.)


  16. 19 hours ago, Lking said:

    It has always been the feeling of the powers-that-be that one of the important audiences for this forum are those struggling with the side effects of having a spammer use their email, IP, infect there system or just be in their neighborhood.  In part this concern is due to the impact of an effective SCBL;  If emailers Alice & Bob temporally share an ISP/IP then Bob's email get blocked because of Alice's spam.

    The question then becomes how do "we" help Bob?  How do those impacted contact the forum if any automatic blocking is used?  If there post is delayed (until approved by someone) i'm guessing they just look for help elsewhere. I know I do.

    As stated we block reuse of usernames and email.  Blocking IPs would also lock all users of gmail, about 1/5 the users of CenturyLink in Denver, etc and that person who shares an IP with a spammer.  Now I have not done an in depth analysis but a quick look at 4 or 5 pages of 25 banned users (sorted by IP) did not reveal a clusters.

    Completely agree, IP blocking is not an option.

    19 hours ago, Lking said:

    Beefing up the front end to keep out the bots seems to be the only acceptable solution, IMHO.  Holding the first post it seems would discourage first posters that have been "blocked by SC" or are trying to deal with spam incoming to their system, both a primary audience.  Blocking IP's or blocks of IP's has the same affect. (yes there have been lagit posters from Russia and India)

    and don't forget china ;)

    19 hours ago, Lking said:

    Hiding post after n-number of reports 1) would require adding a feature to an off-the-shelf product (check the bottom of the screen) 2) There is also the reality that by the time I get to spam with my first cup, generally the spam has only been reported by @RobiBue.  Sometimes one other.  After those posted while I sleep, there are seldom any reports before I get to them.  and 3) That type of process would open the forum to another type of attack that needs to be programmed to stop.  (Only reports from certain group(s) of users can block.  What about reports by other users?...)

    It is a pain.  I have to work at keeping tract of threads that need attention with all the clutter.  There was a time when @Wazoo had full access to the forum software and db. He tweaked the SW with regularity, which resulted in a system that was generally undocumented and not maintainable after he left the seen.  That resulted in the migration to an ISP maintained package and unfortunately all the bad links in old threads.

    There are pros and cons to all changes.  There is an issue but a solution where the pros win out is needed.

    1. true, didn't realize that until you pointed it out
    2. Didn't know there were so few uf us. (if I'm on the tablet I don't report because I have to go into the post to report it. with the pc it's easier using the mouse hover)
    3. yeah, again needed that to be pointed out, but it would require several people to report the post to be hid, and as I mentioned, it wouldn't be unreachable, only marked as hidden, but anybody wanting to read it could still access it.

    wrt PITA; I know, that's why the ideas being thrown around. Now an undocumented, unmaintainable/chaotic, up the wazoo system is not exactly what I had in mind... (sorry, pun intended)

    hopefully, with input of good ideas and weeding out the bad, a winning system could be proposed for third party implementation :)

     


  17. 5 hours ago, Lking said:

    To create an account the email must be validated stolen emails shouldn't work. Anecdotally, there is a pattern to the emails used to create accounts here. Using the forum tools sorting emails of course groups mailboxes not address domains.

    The most of the emails today are gmail and outlook. This looks to be true historically with lots of protonmail.com,  mail.com, and yandex.com  The email(s) used with the one IP use twice to post were mail.com and faithmail.org.

    Blocking email domains doesn't seem useful.  A casual review highlights gmail and outlook but also protonmail, yandex and mail.    

    Hmmm... now here comes a thought... I know, still dangerous 😉

    What if... there is/could be a way to check how old an email account is (when it was created) ... Serious Callers Only (yeah, been reading Iain Banks lately 😉) won't use throwaway (recently created) emails to sign up and post in SC (at least I don't think so) unless they are spammers...

    Of course, if I had my own mx/mail server, I would be using emails, new or old, but mostly with @mydomain.tld (historically that used to be done in usenet/newsgroups to ensure that scavenged addresses could be pinpointed to a certain usenet base (at least that's how I remember it from way back when 🙂 )

    Aaaanyway, so spammer creates emails galore on gmail/outlook/protonmail/yandex/whatever and tries to sign up in forum. Forum says your email is too new, you need approval from admin to post new posts. I know, you mentioned before about legitimate users that want to post, but their email addresses (on the aforementioned big email houses) are usually long established. So the email address age would prevent this spammer from posting right away, and his address could be placed on the ban list for future attempts...
    Now, OTOH, spammer uses own @mydomain.tld addresses. Even if the address was new, he would be allowed to spam as before, but now, the domain could be blocked, and  to buy domain names could turn out to be costly for this kind of spam shop... and then he would drop the domains and someone else, legit picks them up and has them already blocked here, so somewhat a timed block could be set in place, coinciding when the domain name expires ;)

    Was busy today and didn't have time to report early ;) but I did read your comments and explanations and agree that IP blocking wouldn't be productive.

    Now of course, the whole discussion is more or less moot point, since favicon.icoinvision would have to implement all this and I have no idea how willing they are to make changes at this level... and if (as I mentioned) there could be a way to check big email house creation date of addresses...

    also, since SC forum deals with valid spam, a forum spamkiller would unfortunately throw too many false positives...


  18. 5 hours ago, gnarlymarley said:

    I don't like the forum spam because as soon as it is posted, gmail has all forum emails marked with spam reputation.  At this point, I personally would prefer to thwart the spammers similar to bl.spamcop.net if possible.

    Well, I don’t know about the forum spams being marked as spam in gmail since I only read them in SC. (Anyway, if you receive them as emails, then you should be able — as I do with other email forums — to mark them as never send to spam, and just delete the ones that are “offensive”, as forum emails come from the forum and not from the person sending them...)

    5 hours ago, gnarlymarley said:

    Ah, so maybe something automated.  If this were possible, I am all for automating any part of it so to limit human mistakes..

    Ah, but automated mistakes are also bad. That’s the reason SC uses human decision to ultimately report the processed spam... 

    ... of course this would be “semi-automated”, as the automation process would start as soon as 3 or 4 humans decided to mark the post as “spam” (only possible in SC online forums)

    6 hours ago, gnarlymarley said:

    Seems like maybe some of the admins might be burning the candle at both ends at times.  I have seen more than one person make mistakes when it comes to cleaning up the spam in the forums.  Anything that might help out would be a plus.

    The Latin phrase for that is “errare humanum est” (to err is human), and I have informed the admin “in situ” of a few odd misdirected posts (fat fingering and lack of caffeine are usually the reasons 🤫)

    6 hours ago, gnarlymarley said:

    I am tempted to suggest that something similar to the SpamCop BL, where enough bad report and a user cannot post or sign up with a new account for 48 hours.

    Well, as Lking already explained:

    On 7/18/2019 at 12:37 PM, Lking said:

    Currently:

    • I review each new post to this forum.
    • Hide the spam
    • Restrict the poster from posting - Indefinitely
    • Send a warning email

    […]

    Currently there are some 4,450 member accounts ban from posting. Banning vs deleting an account prevents spammers from reusing an email address or user name. 

    I figure, since the “spam-poster” needs an email account to sign in, these people have tons of throwaway addresses, since they can only use them once. (I am curious on how many addresses use the same domain, and thus prevent them, depending on the domain they use, to even create a SC account. Of course, if they use throwaway gmail, yahoo, hotmail, et.al. accounts, that wouldn’t be feasible...)


  19. Well, my idea wasn't to thwart the spammers... (ok, in a way it is 😛)
    Instead, it would be meant to keep the forums "readable" after 3 or 4 users have reported the posts.
    They'd still be there if one really desires to read them, but they'd be hidden until they get handled by an admin.

    personally, they don't bother me (much), but I see the occasional OP who mentions the garbage in the forums (fora, fori, forii, whatever) and /me thinks/ (dangerous thing BTW) that there could be something that could be done besides one or two admins cleaning up garbage left by some 💩jackasses...

    Usually we don't get much. It seems that today, though, is a different matter... some "recruiter" must have promised a lot of 💵 to some poor souls...

    That's actually my idea behind it. Have as few spamposts as possible visible to users, and I think that could accomplish it (I'm sure there are some of us users that report those spams, and if it's just 3 or 4 per post it would do the trick...)

    Just my thought... and then Lking could even enjoy his carb-sugar-caffeine drink in a more leisurely manner ;)


  20. If I query ARIN, I am told it’s a RIPE address...

    and the abuse email address given, ending in “.ru” does not help my confidence in its trustworthiness...

    I apologize to all honest Russians, but living here in the Americas leaves me with little trust in Russian owned web addresses.

    In God I trust, but not in Товарищ владимир и собрат дональд


  21. I just had a brainfart (pardon my French)...

    Sooo, we have these pesky little 💩 that think that the readers of these forums are interested in their spew 🤮

    Well, here is my proposal to alleviate the problem:

    1. Reported posts receive a mark/counter (see below: 1 reported...)
    2. Posts that are less than 24 hours old and reported more than 3 times get hidden (can be unhid[sic] by the user if he/she so desires)
    3. A user with a post reported 4 times would be prevented from posting in the forum (reading is ok, and pm an admin to ask for unblocking)
    4. Eventually a forum  admin can do some garbage collection (GC) the way they usually do it ;)

    this would be the forum view with all topics displayed (the two marked "4 reported" would be hidden by default)

    1781011158_Screenshot_2019-07-18HowtouseInstructionsTutorials(1).png.a4063d1c18dccd63199fd44dfe3a9d47.png

    This would be the "Unread" topics view (hey, no spam ;) but only if 4 reported them beforehand) 
    in Content Types, the user could choose to see the spam (unless the forum admin already done the GC)

    1304148149_Screenshot_2019-07-18UnreadContent-SpamCopDiscussion.thumb.png.3ed126b4f74f9d6b575533835926a526.png

     

    Suggestions or ideas (or the other way around) are always welcome.

     

     


  22. Now that's a new one to me!

    https://www.spamcop.net/sc?id=z6558965774z4e9bfbe926ede8ccf1c336a6fb42d396z

    I wasn't thinking much about it when I sent the report, but today I received the following reply from NordVPN abuse desk:

    Quote

    Thank you for informing us about possible violation of laws related to activities of one of our services' users. We take serious matter of the illegal actions and/ or crimes committed by abusively using our services.
    NordVPN is a VPN service provider and offers shared IP addresses to its users.
    Unfortunately, in this specific case we are not able to assist as it’s impossible for us to locate which user on the server is actually responsible for the violation, since we do not log user's activity or IP address.
    Therefore we can not identify the user on the basis of this inquiry notice.
    More about our Privacy policy (https://nordvpn.com/privacy-policy/).
    Please don't hesitate to let us know should we be able to assist with something else.

    well, internet privacy vs internet privacy.

    ain't that swell...

×