Jump to content

being crushed by yahoo and a few others -- advice?

chexmix

By chexmix
in SpamCop Reporting Help

Recommended Posts

chexmix Member

chexmix

Posted
Posted

Hi -

For some months now I have been getting hammered by thousands of porn spams that originate from one of the yahoo 'bullet' servers, which apparently mention websites hosted by, chiefly, the following four domains:

vsnl.co.in

ovh.net

gblx.net

(these three appear as a group on individual emails)

and also

dot.tk

I have been dutifully reporting these, but they keep coming and coming and coming. And I have never heard a peep out of yahoo (though I gather that's not unexpected). Is there anything I can do to take this to the next level?

Thanks,

GB

Link to comment
Share on other sites
lisati Advanced Member

lisati

Posted
Posted

Welcome to the list of people frustrated with the way Yahoo handles spam. For a long time one of my dreams has been that they tighten up on their enforcement of their own spam policies. It can get frustrating bringing spam to their attention, only to be fobbed off with a generic response that assumes you're using their webmail and advises you to click on a "report spam" button that you don't have.

One thing I have done on my email server is to be a lot stricter with mail arriving via Yahoo. What isn't rejected outright is subject to closer scrutiny. I made this decision after noticing an increase of spam arriving via Yahoo that in many cases had fake Yahoo email accounts as the purported sender address. I usually report any rubbish that makes it past the filters and checks that I have in place.

In short, don't give up on reporting spam that seems to involve Yahoo - or from anyone else, for that matter.

Link to comment
Share on other sites
chexmix Member

chexmix

Posted
  • Author
Posted

Hi, GB,

...You can also report the spamvertized web sites to Knujon (also see SpamCop Forum topic "Knujon Wants All spam") and/ or Complainterator.

Great! I just signed up for a KnuJon account. :^)

In short, don't give up on reporting spam that seems to involve Yahoo - or from anyone else, for that matter.

Thanks for the response. I am nowhere near giving up -- I'm too mad -- but was starting to wonder if I could hone the response in any way. I've got some good things to follow up on now.

Link to comment
Share on other sites
petzl Been There

petzl

Posted
Posted

Hi -

For some months now I have been getting hammered by thousands of porn spams that originate from one of the yahoo 'bullet' servers, which apparently mention websites hosted by, chiefly, the following four domains:

vsnl.co.in

ovh.net

gblx.net

I'm getting these! About 10 a day to my hotmail email.

In actual fact it is child porn spam (always stamp it as Child porn in comments. Always Yahoo posting it)

http://childabuseunit.com/information/term...erminology.html

(under 18 or made to look under 18 is the legal definition of child porn)

ovh.net are rogue and don't do much

188.165.205.63 is the souce IP

Sometimes dot.tk are used as a relay (93.170.52.21 Netherlands)

don't know why SpamCop sends to vsnl.co.in or gblx.net when

abuse[at]ovh.net, noc[at]ovh.net are the correct addresses?

Have chased this spammer out of Holland, Germany, but seems to of found a safe haven in France (Although the report Child Porn people in France have reported the site to the French Police? After which OVH moved it's headquarters to London, but now back to France after I reported site to UK?

Found a site of OVH that is for reporting offensive sites (in french use Google Chrome to translate)

http://www.ovh.com/fr/support/documents_le...nu_illicite.cgi

Link to comment
Share on other sites
chexmix Member

chexmix

Posted
  • Author
Posted

OK, I've had some interesting developments here ... I think (I never know when the next flood of pr0n spams is going to prove me wrong).

I signed up for a Knujon account and began forwarding the still-pouring spams to a coldrain email address. Not long after this, the websites included in the spam emails not-so-subtly morphed: in Pine, at least, I'd see the "advertised" pr0n link, but no longer as hypertext, but in brackets, like this:

[stuff.more-stuff.countrycode]

This text appeared, anyway, to DISAPPEAR when I showed the headers of the email. And when I submitted one of these to SpamCop I now only had the option to sent to the [at]yahoo.com address (plus the Coldrain address). My interpretation of this (which may be lightyears off -- I'm new at this) is that the spammer(s) had somehow figured out a way to effectively "hide" the URL so it couldn't be traced back (to dot.tk or whatever the hosting site was).

So I ran nslookup on one of these bracketed URLs, then another. I ran 'whois' on the resulting numeric IPs, and found they were all essentially the _same_ IP, and that they were under the control of yet another company: leaseweb.com.

I also noticed around the same time that a few spams with the links intact showed up, and SpamCop seems to have traced these to leaseweb.com as well ... but I found that reporting to leaseweb is disabled (don't know why).

At that point, I began double submitting the spams, once to leaseweb, including info about the site being advertised and once to SpamCop (and from there to Yahoo and Knujon).

I haven't heard back from leaseweb, and for now the spams have ceased. I'd like to think I've become a sufficient PITA that they have pried me off their godforsaken list(s) ... but I'm not holding my breath. I'm sure they'll be back.

Link to comment
Share on other sites
petzl Been There

petzl

Posted
Posted

e of these bracketed URLs, then another. I ran 'whois' on the resulting numeric IPs, and found they were all essentially the _same_ IP, and that they were under the control of yet another company: leaseweb.com.

I also noticed around the same time that a few spams with the links intact showed up, and SpamCop seems to have traced these to leaseweb.com as well ... but I found that reporting to leaseweb is disabled (don't know why).

At that point, I began double submitting the spams, once to leaseweb, including info about the site being advertised and once to SpamCop (and from there to Yahoo and Knujon).

I haven't heard back from leaseweb, and for now the spams have ceased. I'd like to think I've become a sufficient PITA that they have pried me off their godforsaken list(s) ... but I'm not holding my breath. I'm sure they'll be back.

Leaseweb have disabled SpamCop reports so I went to their Website and reported it for what it is Child Porn (they wouldn't accept my spamcop email address either so used my junk email at gmail).

Doubt if ovn.net or dot.tk have done much.

Back to report it officially good to have the evidence on SpamCop to show that they are not responding to criminal reports

Link to comment
Share on other sites
petzl Been There

petzl

Posted
Posted

...You probably already know this but for others who may not: see also suggestion for authorities to whom to report in SpamCop Forum topic Where to report kiddie porn?

The site I try is

http://www.tinhat.com/children/report_pornography.html

Some success. Depends who you get? Not always the brightest crayons in the pack but they have refered my complaints to police in France and Germany

Don't take long for this Child porn spammer to come back

I could show the site for legal definition but it's a bit explicit

Basically the riot act for Child porn is

Models under 18 or made to look under 18

Link to comment
Share on other sites
chexmix Member

chexmix

Posted
  • Author
Posted

Got a few more today. The links, which appear to be in HTML but are still not picked up by the SpamCop filters/engines, are back to .tk. I am forwarding these directly to abuse[at]dot.tk.

I would relish seeing this a-hole dragged off to prison, whoever he is.

Link to comment
Share on other sites
chexmix Member

chexmix

Posted
  • Author
Posted

Got a few more today. The links, which appear to be in HTML but are still not picked up by the SpamCop filters/engines, are back to .tk. I am forwarding these directly to abuse[at]dot.tk.

I would relish seeing this a-hole dragged off to prison, whoever he is.

I'm now copying Interpol on my reports. I'm too pissed off to drop this.

Link to comment
Share on other sites
chexmix Member

chexmix

Posted
  • Author
Posted

I'm now copying Interpol on my reports. I'm too pissed off to drop this.

UPDATE: for what it is worth, dot.tk has taken the offending site down.

I'll claim a temporary victory, I think. I imagine I wasn't the only one reporting these foul things.

Link to comment
Share on other sites
Farelf What Life?

Farelf

Posted
Posted

Well done. Every bit helps, not only in taking down sites but in building evidence for (eventual) criminal charges if and when they risk re-establishment elsewhere. Keeps the hosts up to the mark also, they are increasingly being held accountable for client illegal activity, the days of immunity as a carrier are limited or already gone if it can be shown they ignored complaints and evidence.

Link to comment
Share on other sites
chexmix Member

chexmix

Posted
  • Author
Posted

Still active URL'S!

IP 62.212.85.74

and

IP 93.170.52.21

Child Porn still sent via Yahoo email

Use this freeware program Farelf pointed me to to get IP Country info

http://www.nirsoft.net/utils/ipnetinfo.html

62.212.85.74 resolves to leaseweb.com in the Netherlands. When I view it with a text browser, it is blank,

93.170.52.21 is one of the ones I reported to dot.tk -- when I attempt to go there with a text browser, I get a 404 - not found.

I think they've been taken care of at this time ...

Link to comment
Share on other sites
petzl Been There

petzl

Posted
Posted

62.212.85.74 resolves to leaseweb.com in the Netherlands. When I view it with a text browser, it is blank,

93.170.52.21 is one of the ones I reported to dot.tk -- when I attempt to go there with a text browser, I get a 404 - not found.

I think they've been taken care of at this time ...

93.170.52.21 ( dot.tk) URL redirects to 62.212.85.74 -sorry my oops

Both sites are up

Leaseweb are complete an utter rogue idiots they just give your details to child porn spammer probably email address as well (made the complaint via their website). The sites still running

quote

Thanks for your mail to abuse[at]leaseweb.com. We have processed your mail and contacted our customer with a request to review your complaint and take appropriate action.

Link to comment
Share on other sites
chexmix Member

chexmix

Posted
  • Author
Posted

93.170.52.21 ( dot.tk) URL redirects to 62.212.85.74 -sorry my oops

Both sites are up

Leaseweb are complete an utter rogue idiots they just give your details to child porn spammer probably email address as well (made the complaint via their website). The sites still running

quote

Thanks for your mail to abuse[at]leaseweb.com. We have processed your mail and contacted our customer with a request to review your complaint and take appropriate action.

I see that. Sigh. I am attempting to contact Interpol but their inbox appears to be full.

I just sent an email to info[at]stopitnow.nl, asking them if they have a direct reporting address. I will start contacting them, since they are Netherlands-based and so is Leasweb.

Link to comment
Share on other sites
petzl Been There

petzl

Posted
Posted

I see that. Sigh. I am attempting to contact Interpol but their inbox appears to be full.

I just sent an email to info[at]stopitnow.nl, asking them if they have a direct reporting address. I will start contacting them, since they are Netherlands-based and so is Leasweb.

A few hours earlier I reported it via

http://www.inhope.org/gns/home.aspx

Netherlands child porn reporting site

The web pages though do alternate but all look very young

The way I reckon is Leaseweb may find themselves institutionalizing child porn

I sent the evidence (response) that they do know. Might make them a bit less smartass

Link to comment
Share on other sites
chexmix Member

chexmix

Posted
  • Author
Posted

A few hours earlier I reported it via

http://www.inhope.org/gns/home.aspx

Netherlands child porn reporting site

The web pages though do alternate but all look very young

The way I reckon is Leaseweb may find themselves institutionalizing child porn

I sent the evidence (response) that they do know. Might make them a bit less smartass

I hope it works. I am still getting a few of these spams, but for some reason I had a bout of paranoia this morning & I am going to lay low for a bit.

I don't want trying to do the right thing to backfire on me. :(

Link to comment
Share on other sites
lisati Advanced Member

lisati

Posted
Posted

I don't do Windows. I'm a Linux/OpenBSD guy.

Ubuntu here.

When I used Windows more regularly, I threw together a couple of my own cleaning programs, but unfortunately (a) they don't work too well with newer versions of Windows, and (B) the source code got lost or misplaced, making it harder to update. On the rare occasion I fire up Windows at home these days, occasionally opening up the %temp% folder and manually cleaning out the clutter goes some way to helping things run smoothly.

Link to comment
Share on other sites
chexmix Member

chexmix

Posted
  • Author
Posted

Well our spammer is a busy one! And it doesn't look like leaseweb is prone to doing anything.

I'll just have to keep reporting, I guess ... unless someone else has some good ideas.

Thanks for all the help so far. I feel like I'm learning ...

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...