Jump to content

petzl

Memberp
  • Content Count

    2,323
  • Joined

  • Last visited

Posts posted by petzl


  1. 1 hour ago, forrie said:

    Yeah, I can see that point (LKing).

    I'd be Ok with a CLI tool that I can just run that will go out and authenticate to my IMAP accounts, process the spam (after I visually weeded it out).  

     

    You have to try to get better than the Bot SpamCop
    For windows free "Whois"
    IP abuse only
    Both IP and Registrar even better to send report to both IP abuse and Registrar


  2. 7 hours ago, mrpHil said:

    works for me?
    54.245.58.76 : abuseXamazonawsXcom
    amazon "abuse" refuse to take SpamCop abuse reports and don't seem to act on reports sent to them
    Gmail always have them sorted to their spam folder,
    Easy from their web mail to "open original" they tell you the source
    SPF:    NEUTRAL with IP  35.161.175.37
    Just Select Forward to abuseXamazonawsXcom (have it in your Gmail address book)
    copy & paste "IP  35.161.175.37" into body of forwarded message push enter
    copy original to clipboard  then paste into body then click send

    Report spam as phishing then delete


  3. 9 hours ago, gnarlymarley said:

    I believe gmail has fallen to the spammers level.  If they are paid enough, they will probably continue to have the domain unblocked.

    Amazon go through "free account/web page" trails and are useless if not pro-spammer with dealing with abuse,
    If enough amazon spam get reported as phishing, which it is. the blocking of amazonaws domain is automatic but takes a lot,
    This would be serious for Amazon whose main business is on-line shopping.


  4. 59 minutes ago, Sisyphus said:

    I received this email:

    ===

    This message serves as confirmation that you are now successfully registered in our support center.

    Registered Email: <some numbers>@reports.spamcop.net
    Password: <some letters and numbers>

    You can visit the Support Desk at any time by going to https://yoursupportdesk.net/

    Please do let us know if you have any questions.

    Regards,


    SupportDesk


    Support Center: https://yoursupportdesk.net/index.php?

    ===

    Is there any reason to think this isn't spam?

    Louis

    Seems like a vague reply to a SpamCop submission/report you made?
    Just ignore it


  5. 3 hours ago, 5280 Guy said:

    I have also started copying the "abuse" addresses and sending the spam (with headers) to those addresses, so that reports aren't only going to notes.

    amazon abuse desk seem to me to be in on the spammer
    Go to the bogus unsubscribe and you will be asked to put email address in there put those that are amazon connected.
    If gmail report them as "phishing" as I do. Gmail get enough phishing reports they will block amazon domains entirely, hopefully put them out of business

     


  6. 1 hour ago, emanmb said:

    the tracking URL.  Why would I do that?  Can you run me thru the process?

    BEFORE you submit spam, after you parse at top of page there always is
    SpamCop v 5.0.0 © 2019 Cisco Systems, Inc. All rights reserved.
    Here is your TRACKING URL - it may be saved for future reference:

    https://www.spamcop.net/sc?id=z6572437903zd60f155c1fe49e83c6c1c3a6bf21da31z

    I don't get much spam so this is a few days old. click the link and you can see it.


  7. 13 hours ago, emanmb said:

    That's what's so odd is this one was not the challenge email but a purchase confirmation with an order # .  The first one that arrived was asking for verification.

    "They" seem to have your name, which is a worry.
    Make sure you are running a virus/malware program like windows defender
    Often it's one of your contacts that don't do this, meaning  your information is stolen from them
    Learn how to copy and past a "Tracking URL", Found top of page BEFORE you submit spam.


  8. 2 hours ago, shirayuki said:

    whois 47.110.125.50 returns search-apnic-not-arin#apnic.net@devnull.spamcop.net

    https://www.spamcop.net/sc?action=rcache;ip=47.110.125.50

    Use whois.apnic.net instead of whois.arin.net as the mail address "search-apnic-not-arin" says.

     

    Chinese spam abuse address is ipas [AT] cnnic [DOT] cn not that I have ever any success in reporting their abuse
    Usually Webmailer or email server


  9. 7 hours ago, nhraj700 said:

    Looks like you have to have Google G Suite which is intended for Admin's running an email group for Companies, Schools and other groups. About all I can do is block addresses which go to spam folder.

    On another note I have been able to have about a dozen domains suspended, however the spammers quickly react by creating/using other ones.

    I  have a suspicion that Namecheap are behind the SpamCop forum spam flood also
    Namecheap seem to be run by "Igor Efimenko" from the Ukraine 
     


  10. 1 hour ago, gnarlymarley said:

    I can cut and paste from wordpad almost faster than running a scri_pt anymore these days.  A few months ago, we had some duplicates where the email subject (or the post's title) where one started with "http" and the other started with " http".  So if a bot is posting it, would the bot randomly add a space in the title?  (Either at the beginning or the middle.)

    I think the quickest one I saw a few months ago was between three and four minutes.  If I was going to automate any part of this (via a bot), the sign up portion would be what I would automate.  Most of the providers have imap or pop and the fetchmail command can output the email directly to a scri_pt.  I expect that if I were to do this, the posts would show around the first 10 seconds of every minute.  (It could be they do a randomized sleep, but cron starts at the top of the minute.)

    The log-in IP is not a Bot'; 
    Namecheap runs 1000's of Bot's from their domains, all with different IP's.
    Domain blocklisting is now the most effective way of stopping forum spam.
    https://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level

    latest flood
    https://topwellnessblog.cXm/fungus-eliminator/
    185.61.152.24  abuseXnamecheap.cXm


  11. 1 hour ago, RobiBue said:

     

    I’m there with Lking. Until these people post their junk, there is not knowing if they are going to spam or not.

    Besides, adding changes to the forum software would only work if the company that designed the system would implement the changes. (As was mentioned in my thread by Lking)

    Well were referring to Forum spam
    I believe domains can be blocked from Forums by IP maybe domain (more effective) 
    The villains running Namecheap seem to be Ukrainian of origin
    The IP's to block if domain cannot be, are range
    98.54.112.0/20 or "198.54.112.0 - 198.54.127.255"
    But beyond my pay-grade
    Thought phpBB could block domains using a Wildcard?


  12. 46 minutes ago, Lking said:

    blocking login to the forum?

    That's it.
    The solution is here I think
    https://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level
    Latest forum flood
    https://www.myfitnesspharm.cXm/total-life-maxx/
    104.31.94.46  Cloudflare
    https://www.fitnesscarezone.cXm/superketo/
    198.54.125.251
    DNS1.NAMECHEAPHOSTING.COM

    https://fitcareketo.cXm/krygen-xl-male-enhancement/
    198.54.126.12 
    DNS1.NAMECHEAPHOSTING.COM
     


  13. 9 minutes ago, Lking said:

    No I do not see a why to adjust ReCapure  As for a block of IP that would be a philological change above my pay grade.

    In that light looking back at logs for the month of August, if we are going to blocks of IPs then we should block gmail and outlook. Which of course we can't.

    Domain namecheap IMO need blocking, if not your pay grade whose?
    https://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level
    You get the IP of the post, the only IP's I get are from the URL


  14. 6 hours ago, Lking said:

    FYI While setting up a new phpBB I noticed that if enabled the SpamCop Block list to filter user's IP.  spamhuas is also used.

    The option cautions about "slowdowns" and false positives.  Not sure how admin will know about false positives.

    "janicemcneill1" pushing fake drugs soon after?
    Can you increase ReCapture to 0.9 I believe is maximum?
    But then this may not be a direct SpamBot?
    https://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level
    Seems to be blackhat "namecheap" spam which operate spambots from their domains
    Can you block Namecheap domains? 198.54.112.0/20 or "198.54.112.0 - 198.54.127.255"
    https://talosintelligence.com/reputation_center/lookup?search=198.54.115.238#whois


  15. 3 hours ago, th_th said:

    Hello,

    Recently I noticed that some reports cannot be confirmed, e.g.

    https://www.spamcop.net/sc?id=z6567456368z13f03b38aff8b20f8a2e727d53eb5f46z

    https://www.spamcop.net/sc?id=z6568715148zb6ead9ff27b3ec6194b3c3248e23124cz

    These links produce a "Gateway Timeout" message for me.

    Thanks for your advices.

    parsing is working? Check text not word-wrapped, spam size (truncate) etc
    https://www.spamcop.net/sc?id=z6568509516zb4a50db9ae358c68e84b99b98c9d710bz

    Truncate large spam like I did here  SpamCop sometimes hangs on big spam just truncate after/below headers
    https://www.spamcop.net/sc?id=z6563917550zbe79e3f2c89f87c8b1048a3ab624b7e3z;action=display


  16. 3 minutes ago, Lking said:

    Well not working the way we expect.  (Surely did not block/slow down any spammers this morning!)

    On the other hand when I checked earlier, I checked the box and got a series of 4 or 5 'find the traffic lights, car, bicycles'   Now it checks the box for me. So I tried changing my IP (moved VPN from Texas to Chicago).  Still didn't ask.  Cookies maybe?? It did seem to take a second to say I was OK - could be slow network or system was reading a cookie

    At any rate, It is not significantly blocking spammers.  If my anecdotal test is true, a human gets passed the first one, and the bot can do the rest.

    My bank has three fields, two need different passwords?
    Maybe a solution, I read though you believe they are manually entered not by Bot?  

×