• Content count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About ufo-joe

  • Rank

Contact Methods

  • ICQ
  1. I have been swamped with spam purporting to come from linked-in (in fact, it doesn't). I found an article at: http://blogs.cisco.com/security/comments/c...in_spam_attack/ Which identified the spam as an attempt to infect PCs with the Zeus virus. the article also says: Nasty.... Joe
  2. http://farm5.static.flickr.com/4129/501188...b21ba65_b_d.jpg I found this amusing entry in my Thunderbird activity log. The entry is genuine, but there was no such activity (or it would still be in progress!). Joe [edit] Converted img to link. We've always discouraged image posting, presuming this still holds.
  3. If you want a good laugh, take a look at the garish, pointless, money begging web site at: http://crushspamhaus.com/ Whoever set it up sounds just like the idiot who wants to burn the Koran! Not the best advertisement for American morality. (Having said that, I think if the material attributed to Spamhaus is genuine, it displays a disrespect to the USA generally). Joe
  4. Once in a while I get a spam message which makes me laugh because of the poor English, this is one such: It took me 3 reads to actually understand what it intended to convey. My first reading made me think of a hugely over-sized suppository applicator. My second reading made me think of a large male nurse from Poland. If all spam was so funny, I probably wouldn't mind!
  5. ...and today, 60 but no corresponding increase on the spamcop stats. Maybe I am just unlucky.... Joe
  6. Sorry about that, I thought it was a publicly available URL. Unfortunately, due to the form layout, I can't scrape it and paste it here. Joe
  7. The following link is to a record of what activity was detected on my web site, including address harvesting and spamming: http://www.projecthoneypot.org/list_of_ips....32500&by=9 Joe
  8. Some pretty interesting statistics and background to spam operations are available at: http://www.projecthoneypot.org/1_billionth...ssage_stats.php If you aren't already working with Project Honeypot, I would suggest that you do - it's yet another weapon in our arsenal, and has resulted in successful prosecutions of spammers. Joe
  9. Make that 37 and there's still 7 minutes to go before I stpop the clock :angry:
  10. I don't know about anyone else, but my spam was averaging about 15/day (following blocking) at the time of my last post. Over the last couple of weeks, it crept up to 24/day-ish, but I was still happy as my previous rate before the apparent drop-off was about 30/day. Today I got 35.... I think you can put the cork back on that dandelion wine. Joe
  11. This is speculation only, but perhaps the process has been changed, and priority is given to receipt of reports over sending out reports to ISPs, or additional checking is taking place prior to sending of messages to ISPs causing a lag. Either of these could depend on the workload of the sending/receiving processes. Strangely, my own experience reflects Spamcop's statistics, ie a decreasing trend. My own spam received is skewed, since I actively block traffic from APNIC registered blocks, South America, the Middle East, Africa, and the Former Soviet Union. Due to limited rule capacity on my mail server imposed by my service provider, I have to periodically edit the 130 rules, removing inactive blocks and inserting recently active blocks. Prior to the active blocking, my daily spam received was usually a little over 100/day. Following implementation of the rules, that dropped immediately to around 30/day, increasing to about 40/day over 12 months or so, but over the last 4 months or so it has gradually dropped to around 15/day. It looks to me as though there is a genuine fall-off in spam from my unfiltered sources (mainly Western Europe and North America). This doesn't appear to me to be the usual seasonal variation. Cheers, Joe
  12. Since I opened this thread, my server has been under what appears to be either a series of DoS attacks, or attempts to discover the active filters. If this is someone on this forum testing my filters, please desist, I have enough genuine hacking attempts to deal with without the logs filling up with 'tests'. If it was someone on here with benign intentions, please let me know via PM (no action will be taken). I will treat further attacks as hostile following this post. Cheers, Joe
  13. Not only is it not static, but spam traffic periodically disappears and reappears from some ranges. Another reason for occasionally removing ranges from the banned list (most eventually become active again, but not all). This is an interesting point - although the server has to validate every packet against the table, it doesn't have to process dropped traffic (portscans, brute-force password attacks, and SMTP, for instance), so there might actually be a reduction in load. It hasn't caused me any problems and I run an active forum, website, and mail list on the server. Cheersm Joe
  14. Hi Mythsmith, Europe is a particularly difficult area to write filters for. The adminstrative agency is RIPE, and for some reason, the address space allocated by RIPE is very fragmented, often being allocated in small chunks of addresses. The way I have been managing my filters involves obtaining the sending IP address from the Spamcop reporting output, then entering the address into 'whois' at http://www.domaintools.com. This provides the subnet mask in CDIR form. I thrn check addresses above and below the specified CDIR to see if I can reasonably expand the addresses covered - for instance, it may be an address range in poland that I have reported, but the adjacent addresses might make up a /17 range could be in Romania and Greece, in which case I enlarge the CDIR accordingly. This is because I don't expect traffic from those countries and I get significant amounts of spam from them as well. If you (or anyone else that wants a copy) send me your email address via PM, I will happily send you copies of my working spreadsheet which contains a lot of information along the lines you require. Cheers, Joe
  15. Hi David, Yes, I do, but that gets relatively little activity. I am active on half-a-dozen mail lists (including one administered by me), and it is mainly on addresses I use for those which I get clobbered. Cheers, Joe