Jump to content

petzl

Memberp
  • Content Count

    2,342
  • Joined

  • Last visited

Posts posted by petzl


  1. 1 hour ago, emanmb said:

    the tracking URL.  Why would I do that?  Can you run me thru the process?

    BEFORE you submit spam, after you parse at top of page there always is
    SpamCop v 5.0.0 © 2019 Cisco Systems, Inc. All rights reserved.
    Here is your TRACKING URL - it may be saved for future reference:

    https://www.spamcop.net/sc?id=z6572437903zd60f155c1fe49e83c6c1c3a6bf21da31z

    I don't get much spam so this is a few days old. click the link and you can see it.


  2. 13 hours ago, emanmb said:

    That's what's so odd is this one was not the challenge email but a purchase confirmation with an order # .  The first one that arrived was asking for verification.

    "They" seem to have your name, which is a worry.
    Make sure you are running a virus/malware program like windows defender
    Often it's one of your contacts that don't do this, meaning  your information is stolen from them
    Learn how to copy and past a "Tracking URL", Found top of page BEFORE you submit spam.


  3. 2 hours ago, shirayuki said:

    whois 47.110.125.50 returns search-apnic-not-arin#apnic.net@devnull.spamcop.net

    https://www.spamcop.net/sc?action=rcache;ip=47.110.125.50

    Use whois.apnic.net instead of whois.arin.net as the mail address "search-apnic-not-arin" says.

     

    Chinese spam abuse address is ipas [AT] cnnic [DOT] cn not that I have ever any success in reporting their abuse
    Usually Webmailer or email server


  4. 7 hours ago, nhraj700 said:

    Looks like you have to have Google G Suite which is intended for Admin's running an email group for Companies, Schools and other groups. About all I can do is block addresses which go to spam folder.

    On another note I have been able to have about a dozen domains suspended, however the spammers quickly react by creating/using other ones.

    I  have a suspicion that Namecheap are behind the SpamCop forum spam flood also
    Namecheap seem to be run by "Igor Efimenko" from the Ukraine 
     


  5. 1 hour ago, gnarlymarley said:

    I can cut and paste from wordpad almost faster than running a scri_pt anymore these days.  A few months ago, we had some duplicates where the email subject (or the post's title) where one started with "http" and the other started with " http".  So if a bot is posting it, would the bot randomly add a space in the title?  (Either at the beginning or the middle.)

    I think the quickest one I saw a few months ago was between three and four minutes.  If I was going to automate any part of this (via a bot), the sign up portion would be what I would automate.  Most of the providers have imap or pop and the fetchmail command can output the email directly to a scri_pt.  I expect that if I were to do this, the posts would show around the first 10 seconds of every minute.  (It could be they do a randomized sleep, but cron starts at the top of the minute.)

    The log-in IP is not a Bot'; 
    Namecheap runs 1000's of Bot's from their domains, all with different IP's.
    Domain blocklisting is now the most effective way of stopping forum spam.
    https://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level

    latest flood
    https://topwellnessblog.cXm/fungus-eliminator/
    185.61.152.24  abuseXnamecheap.cXm


  6. 1 hour ago, RobiBue said:

     

    I’m there with Lking. Until these people post their junk, there is not knowing if they are going to spam or not.

    Besides, adding changes to the forum software would only work if the company that designed the system would implement the changes. (As was mentioned in my thread by Lking)

    Well were referring to Forum spam
    I believe domains can be blocked from Forums by IP maybe domain (more effective) 
    The villains running Namecheap seem to be Ukrainian of origin
    The IP's to block if domain cannot be, are range
    98.54.112.0/20 or "198.54.112.0 - 198.54.127.255"
    But beyond my pay-grade
    Thought phpBB could block domains using a Wildcard?


  7. 46 minutes ago, Lking said:

    blocking login to the forum?

    That's it.
    The solution is here I think
    https://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level
    Latest forum flood
    https://www.myfitnesspharm.cXm/total-life-maxx/
    104.31.94.46  Cloudflare
    https://www.fitnesscarezone.cXm/superketo/
    198.54.125.251
    DNS1.NAMECHEAPHOSTING.COM

    https://fitcareketo.cXm/krygen-xl-male-enhancement/
    198.54.126.12 
    DNS1.NAMECHEAPHOSTING.COM
     


  8. 9 minutes ago, Lking said:

    No I do not see a why to adjust ReCapure  As for a block of IP that would be a philological change above my pay grade.

    In that light looking back at logs for the month of August, if we are going to blocks of IPs then we should block gmail and outlook. Which of course we can't.

    Domain namecheap IMO need blocking, if not your pay grade whose?
    https://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level
    You get the IP of the post, the only IP's I get are from the URL


  9. 6 hours ago, Lking said:

    FYI While setting up a new phpBB I noticed that if enabled the SpamCop Block list to filter user's IP.  spamhuas is also used.

    The option cautions about "slowdowns" and false positives.  Not sure how admin will know about false positives.

    "janicemcneill1" pushing fake drugs soon after?
    Can you increase ReCapture to 0.9 I believe is maximum?
    But then this may not be a direct SpamBot?
    https://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level
    Seems to be blackhat "namecheap" spam which operate spambots from their domains
    Can you block Namecheap domains? 198.54.112.0/20 or "198.54.112.0 - 198.54.127.255"
    https://talosintelligence.com/reputation_center/lookup?search=198.54.115.238#whois


  10. 3 hours ago, th_th said:

    Hello,

    Recently I noticed that some reports cannot be confirmed, e.g.

    https://www.spamcop.net/sc?id=z6567456368z13f03b38aff8b20f8a2e727d53eb5f46z

    https://www.spamcop.net/sc?id=z6568715148zb6ead9ff27b3ec6194b3c3248e23124cz

    These links produce a "Gateway Timeout" message for me.

    Thanks for your advices.

    parsing is working? Check text not word-wrapped, spam size (truncate) etc
    https://www.spamcop.net/sc?id=z6568509516zb4a50db9ae358c68e84b99b98c9d710bz

    Truncate large spam like I did here  SpamCop sometimes hangs on big spam just truncate after/below headers
    https://www.spamcop.net/sc?id=z6563917550zbe79e3f2c89f87c8b1048a3ab624b7e3z;action=display


  11. 3 minutes ago, Lking said:

    Well not working the way we expect.  (Surely did not block/slow down any spammers this morning!)

    On the other hand when I checked earlier, I checked the box and got a series of 4 or 5 'find the traffic lights, car, bicycles'   Now it checks the box for me. So I tried changing my IP (moved VPN from Texas to Chicago).  Still didn't ask.  Cookies maybe?? It did seem to take a second to say I was OK - could be slow network or system was reading a cookie

    At any rate, It is not significantly blocking spammers.  If my anecdotal test is true, a human gets passed the first one, and the bot can do the rest.

    My bank has three fields, two need different passwords?
    Maybe a solution, I read though you believe they are manually entered not by Bot?  


  12. 9 hours ago, RobiBue said:

    Apologies, but I do see a problem with that. I mean, this is a spam fighting forum, and if someone posts a question about a spam and the words include something that would be filtered, then the OP would have to wait until the admin frees it to the forum...

    Just need to invoke a CAPCHA or what is 1+2 = or something similar
    Anyone who can't work this out is not going to be a full quid
    This forum is being destroyed by spammer static. Google can't search it efficiently and was a good anti-spam resource,


  13. 8 hours ago, nhraj700 said:

    NameCheap won't do anything until Spamhaus does.  Wished the average user could contact Spamhaus as whatever methods they use don't pick up on this attack.

    Is Dakota Green the spammer?

    https://whois.domaintools.com/redipping.com

    Seems to me Namecheap are "shining" on you
    Spamhaus does list domains surprised namecheap are not on it?
    Namecheap don't like negative publicity

    Quote

    Is Dakota Green the spammer?

    Bodgie, worthless , inferior; false. name address? probably email as well, try forward as attachment spammers spam to "green1.dakotaATgmail.com", if proven fake (bounces) you can try ICANN to deregister Namecheap for non-compliance.. Registrars are supposed to confirm accuracy? 
    All domain sites contact information has to be true and accurate.
    SpamCop was once deregistered when it changed its fax number and neglected to update this. Joker.com did not support spammers
    This was during the "spam wars" where $$new blocklist opportunists$$ attacked SpamCop because of it's success and were dobbed in by competitor/s ASAP fax number was noticed changed.
    Namecheap seems to have security issues this is a reply in comments from article about Namecheap.
    Credit Card info stolen (last purchase: Namecheap)My last purchase was a DNS certificate through NameCheap. 24 hours later: $1,000 of fraud coming through on that card. Anyone else here having any issues?


  14. 20 hours ago, nhraj700 said:

    67 229 173 51

    is out of action I checked, possible for servers to scan outgoing email?
    Also in Gmails webmail click spam for "report phishing" in options after opening email.
    Gmail will block from domains as opposed to blocking IP's
    if enough phishing hits

    just checked again, Thursday 22/08, it's back-up!
    http://67.229.173.51
    Registrar Abuse Contact Email:  mailto:abuse@namecheap.com
     


  15. 8 hours ago, nhraj700 said:
    On 8/20/2019 at 6:08 AM, petzl said:

    Also there is no need to use up SpamCop data just send as attachment from your email/Gmail account (mark as phishing) as attachment, much cheaper. for DDoS attack. put all addresses in the TO field. 

    You lost me on this one. Send to who, the Registrar, Host or Cert? And for DDOS attack? Is this what I am getting with a spambot. Or is that more of a server that's getting it not my home network?  What addresses are you putting in the TO field. Domain Addresses or Host IP's?

     look at a SpamCop report, it will list what IP address it came from and a "key word" to look for, I use Opera web browser and "Ctrl + F" put a search bar on top, put/paste this keyword into it and you should easily see the offending IP, more importantly the server name picking it up. KEYWORD to use in future searches. "win32whois" will give the abuse addresses to post to. include the US cert and who ever. ""
    Best to do this from your Gmail web page, after opening email, click options "3 vertical dots" (top right) then select "Show original" a new page/tab will open showing you the IP 
    "SPF:    PASS with IP 111.111.111.111 Learn more"
    under that it will give the domain name
    "DKIM:    'PASS' with domain emails.XXXXXXX Learn more"
    Depending on spam you "forward as attachment" to (Always in the "To" field)  abuse desks government agencies.
    this means you are telling recipients who is getting reports maybe raising your priority. 
    put these abuse contacts in your address book or on notepad to copy/paste later, "phishing-report at us-cert gov" sounds good but most if not all Gov agencies sit on their elbows because they can't find their ass's, but looks threatening to abuse desks and you may get lucky and them VERY unlucky
    Seems to me Namecheap are saying they are bring domains down,  don't forget to check though.
    http://67.229.79.114  is still up?

×