Jump to content
Sign in to follow this  
goldeneye

Those Romanian bastards again!

Recommended Posts

Since about the end of March, I've been noticing spamming from Romania has picked up quite a bit and quite a few weren't caught on my ISP's spam filter, including 3 of the last 4 spams that weren't caught...

Here are all of them dating back from March 29:

http://www.spamcop.net/sc?id=z5306374619z5...6910d6c5467c72z

http://www.spamcop.net/sc?id=z5306374341ze...0040397544f84cz

http://www.spamcop.net/sc?id=z5302598049z5...a91720bba7731dz

http://www.spamcop.net/sc?id=z5292060929z0...35c5aad5fa319fz

http://www.spamcop.net/sc?id=z5291796617z5...341f81fcfa05e1z

In all five of these cases, the reports that are apparently sent to aren't to a postmaster or abuse address - I wonder if the spammers themselves in Romania are setting them up so that spamcop reports go to them and then they revenge spam using spamcop reports.

Romania is still one very lawless country that still hasn't gotten its act together when it comes to spam - it shouldn't even have been allowed to enter the EU in the first place.

Share this post


Link to post
Share on other sites

The reports had been going to the wrong place, which I fixed.

Unfortunately, the correct reporting address bounces our mail, so we didn't really get anywhere.

- Don D'Minion - SpamCop Admin -

- service[at]admin.spamcop.net -

Share this post


Link to post
Share on other sites

...Your spam does seem to be coming from machines in Romania but that doesn't necessarily mean that the spammers are Romanian and in any event does not by itself justify your attack on Romanians. If you are going to sling about words like "bastards" and "lawless," please offer more evidence than a few tracking URLs that show an abuse address with an ".ro" suffix. And please put it in a more appropriate forum, such as the "SpamCop Lounge." And indicate how Romania and Romanians differ from us Yanks, who are certainly far and away the most prolific sources of spam!

Share this post


Link to post
Share on other sites

Oh believe me, I've had to deal with snowshoe spams for several months from Romania back in 2009 or thereabouts and those spams had hyperlinks which traced to Romanian servers.

I think I've sent countless, probably over 100 abuse reports on those spams with absolutely zero reply and maybe in fact encouragement from the abuse desks who were probably in cahoots with the spammers (or spam gangs) themselves who could be Romanian, but more likely Russian. The language barrier doesn't help either.

They got flagged eventually by one of the BLs, but only after probably hundreds, if not thousands of reports on them.

This is what colors my thought about Romanians on the at least the dealing with the spam front - and the apparent correct address in which spam complaints go to which now bounces does not help either in my assessment.

Edited by goldeneye

Share this post


Link to post
Share on other sites

There is no specific country responsible for spam or hacks. I guess depends on the temporary system acquisitions of the C&Cs at any given time.

Share this post


Link to post
Share on other sites

There is no specific country responsible for spam or hacks. I guess depends on the temporary system acquisitions of the C&Cs at any given time.

The best way to attack spammers is attack their websites (make sure your defenses are set to high on Web Browser or you could become a zombie)

Good freeware Windows tool for this is IPNetInfo

http://www.nirsoft.net/utils/ipnetinfo.html

Just add the final link you are redirected to (be prepared to avert your eyes most are sick shockers)

Maybe someone can recommend a safe (text) browser that handles redirection?

Share this post


Link to post
Share on other sites

Maybe someone can recommend a safe (text) browser that handles redirection?

FF with some plugins to block cookies, js, redirections etc is enough.

The thing is you never know who you're attacking. The spam IP is likely a compromised system. The spamadvertized domain can be a portal pointing to another portal and in the end it could be some legit business who paid "somebody" for advertizing. Or they just try to compromise other systems in the process. Or they hope by having the victim's browser with js enabled to do something malicious towards another site. And many other combinations and in the attack process you may affect hosts or ISPs who have no idea at the time what's happening (although they should be more vigilant they aren't).

Share this post


Link to post
Share on other sites

I can tell you that as Romanian born, I could deal with spamflow from Romania in their own language. Back than it was easy to stop the flow as most of the traffic bottle-necked through one single institution (Academic) and I got very receptive ears working my way up-stream the spam flow. You just have to do your homework. I think they are as serious about spam as anyone else (I get more aggrigious spam from Ukraine and other former soviet republics hosted in China or from India). Back then they were telling me US was the worst when it came to spam and I could not deffend against that statement..

Edited by dra007

Share this post


Link to post
Share on other sites

I can tell you that as Romanian born, I could deal with spamflow from Romania in their own language. Back than it was easy to stop the flow as most of the traffic bottle-necked through one single institution (Academic) and I got very receptive ears working my way up-stream the spam flow. You just have to do your homework. I think they are as serious about spam as anyone else (I get more aggrigious spam from Ukraine and other former soviet republics hosted in China or from India). Back then they were telling me US was the worst when it came to spam and I could not deffend against that statement..

If one does not wish for mail try a countrywide block list

Mailwasher (Windows) allows you to add blocklists

settings/Origin of spam/ push "add" button

Call it Romania

in "Domain" box

ro.countries.nerd.dk

For Spamhaus the "Domian" is

sbl-xbl.spamhaus.org

All mail caught by Mailwasher will easily send the report to SpamCop

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×