• Content count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About TerryNZ

  • Rank

Contact Methods

  • ICQ
  1. Heritage International University is covered in detail at the EU spam Wiki http://www.spamtrackers.eu/wiki/index.php?...onal_University It is a Diploma Mill scam attributed to Alton Scott aka Alton Scott Poe, thought to be residing in Montreal.
  2. Over the past week I pasted about 4,000. I have an automated page paster, which should gain their attention. Not that they haven't been made painstakingly aware of the problem, and how to remedy it. Other flags for Google are in all of the Site Advisor pages for the redirect sites, http://www.siteadvisor.com/sites/tromoem.com (Illegal software piracy) http://www.siteadvisor.com/sites/discusswoman.com (Fake Canadian Pharmacy) http://www.siteadvisor.com/sites/theoutworlds.com (Herbal Express fraud) etc etc Also, there are the Castlecops SIRT alerts sent to Google http://www.castlecops.com/t217904-SIRT_142...an_Pharmac.html http://www.castlecops.com/t217705-SIRT_140...e_Software.html > BLOGSPOT ACTION REQUIRED > 1. remove all existing violations (see the list of 12,460 sites appended at spamtrackers.eu) > 2. remove the loop-hole that facilitates this crime and then there are the huge list of abused blogspot sites at http://spamtrackers.eu/wiki/index.php?title=Blogspot Why are they allowing these criminals to abuse their service llke this? Google has some work to do to repair a tarnished reputation.
  3. I do not know if you can paste in 3000 urls. It may be easier to paste just the one link listing the 3000 urls http://rss.uribl.com/hosters/blogspot_com.html And then, for Yahoo's Geocities http://rss.uribl.com/hosters/geocities_com.html Perhaps Google should do a Google lookup on +blogspot +redirection +abuse
  4. Complainterator is a tool which has proven highly successful in the wholesale removal of tens of thousands of spammed websites. Like Spamcop when used with standard rather than "quick" reporting, it allows the user to select whether or not to forward the generated complaint for the spammed site. The difference is that Complainterator addresses the complaint not to the ISP who owns the IP address on which the spammed site is hosted; instead, it addresses the complaint to the Registrar for the hosting site. Rationale - When a spammed site is illegal, the registrar has accepted a contract to register its name from a criminal. Once a complaint is lodged, the registrar has to decide whether to uphold that contract with the criminal. or whether it is better to terminate the contract and avoid the possibility of legal proceedings for aiding and abetting a crime. Most legitimate registrars make the right decision. Complainterator is also effective in combating countermeasures that criminals have taken against Spamcop. We are seeing the emergence of spammed hosts running on fast-flux botnets of up to 20 host IPs at a time. These host IPs refresh every few minutes to another range of 20 hosts. That's because Spamcop has been so successful in complaining to the ISPs who owned the hosting IP addresses that they had to do something about it. Of course, there is no way that Spamcop can keep up with the fast-flux botnet hosting described here. Because Complainterator goes further up the "food chain" and complains to the registrar, this countermeasure gets foiled. Of course, the bad guys have realized this, too. So they create hundreds of "throw-away" host names, hoping to get ahead of Complainterator, in the same way as they have with Spamcop. So Complainerator examines the name servers that the spammers have created to resolve their hundreds of host names. Complainterator refers to detailed instructions teaching the registrars how to effectively suspend the spammers' name servers, thus removing hundreds of spammed host sites in one move. Powerful stuff! So, if you are frustrated at the thought of spammers getting the better of your Spamcop reporting, try out Complainterator. It runs on a Windows platform and supports multiple browsers and mailers. Read more about it and download it from http://complainterator.com It is at version 20.1 as at October 27th, 2007. And it is free.
  5. The distribution site for this successful spam site removal tool has come under a DDOS attack by the spamming criminals. This attack coincides with others on Spamhaus.org, uribl.com, surbl.org and spamassassin. Complainterator V14 can still be downloaded from the European spam Wiki and download site http://www.spamtrackers.eu/downloads The EU spam wiki has comprehensive information on the most frequent spammers, and details the fraud inherent in their spammed web sites. http://spamtrackers.eu/wiki Documentation on Complainterator is also in the Wiki.
  6. The reply from HK police is a standard template, one of two. You got the one for a single complaint. Template two is a reply for multiple complaints, and it differs in that it lists the dates the complaints were received, and the total number. Eventually you may receive a follow-up email stating what action was take, if any.
  7. The problem with SpamCop not being able to resolve many of Alex Polyakov's spammed sites (eg My Canadian Pharmacy) is well known, documented, and accepted by Ironport. To see how and why it happens, check out the EU spam Wikipedia entry for Alex Polyakov at http://www.spamtrackers.eu/wiki/index.php?...od_of_operation The process of hijacking other people's machines is covered at http://www.spamtrackers.eu/wiki/index.php?...e=Hijacked_host Historical note. The Ironport IP block was first discovered during a forensic analysis of one of the machines he hijacked back in May 2006, so the problem has been outstanding for a year now. http://snowcrash.ca/blawg/2006/05/investig...romised_li.html
  8. I missed no valid points. I explained the initial blocklist problem and provided all the evidence that it is prudent to provide. You challenged the evidence. I explained why it was imprudent to proffer more. I do not consider that you are in the "need to know" category, so I provided more detail privately. When I provided that evidence in private, you accused me of using criminal methods to gain it, and therefore refused to accept it. For someone who openly refuses to accept what I offer because it lacks visible proof, I am astounded that you assume that I have used criminal methods to gain evidence, without any proof of your accusation. An apology and full retraction might have gone some way to mitigate your irrational actions. But I am left with no option to dismiss you for what you have shown yourself up to be. "There is none so blind as he who will not see"
  9. The above example demonstrating its veracity for DNSSTUFF.COM should be sufficient to show that if it fits in one case, it probably fits in another. As pointed out earlier, there is nothing to gain by parading the actual evidence in total, other than to satisfy your curiosity. Satisfying your curiosity and parading information that Ironport may have preferred to keep confidential was not necessary. When I did provide further proof in private messages, you told me that you did not want to discuss it, that you seemed to know the real reason (response time exceeded 1/3 of a second, with no proof that that was an issue) and then went on to suggest that I must have come by the information through criminal means, therefore you could not pay any attention to it. I do not take kindly to accusations of criminal activity, especially when the evidence was voluntarily provided by a victim whose system had been compromised. Our team in not in the business of supplying intelligence to the crime syndicates. You might want to see that information. But we are neither concerned about your curiosity nor your credibility, nor your credulousness. Case closed.
  10. That's OK. Your skepticism in the face of overwhelming evidence created some amusement with my team. You could have done some more homework. The techniques used by this prolific spammer are well documented, both at the http://spamtrackers.eu/wiki (Alex Polyakov .. Hijacked Hosts etc) and at http://pharmalert.zoomshare.com which describes the server hijacking operation to its victims. Nobody has to believe everything they read. Proof that Alex Polyakov blocks the IP range for DNSSTUFF.COM http://www.dnsstuff.com/tools/traversal.ch....net&type=A Note the four name servers all appear to time out. Now observe how you can use the same nameservers from your own (unblocked) IP address, and how you can load the spammed fake pharmacy site at http://loparolwet.net - unless you are coming in from an Ironport IP of course. Or FDA, or DEA, or DOJ, or Visa . . .
  11. Three examples of live "Polyakov" sites where SC could not perform the IP address lookup because of the block on the Ironport IP address range in his name server IPTable deny list http://www.spamcop.net/sc?id=z1286194521za...f78bfa48f92e46z http://www.spamcop.net/sc?id=z1287128262zc...3bea2fb391f7e7z http://www.spamcop.net/sc?id=z1287883950z4...328725294a2c66z
  12. I would appreciate feedback on whether the problem is resolved. The latest version has the fix for both Internet Explorer, where it was repeatable, and for Firefox, where it occurred (ie was reported) on about 1 in 50 systems
  13. The fixed version is ready for download from the Tools forum at http://thecarpcstore.com/phpbb2/viewtopic.php?t=702
  14. Thanks for the detailed problem description. I was able to duplicate it, and found exactly the same result as you describe. It opened the Favorites pull-down, and subsequent keystrokes were directed there. I will examine the cause right away.