Jump to content
Sign in to follow this  
Kojote

Geocities.uk - doesn't do anything about spam?

Recommended Posts

Been reporting a lot of spam I get that have links to DAMN GEOCITIES.UK !!!

I've been reporting the spam for months, and it keeps coming. The spam all looks very similar, same format, etc....So it is obviously coming from the same spam list, person, or group, that is spamming me. The only difference in the emails are different geocities links.

How can a spammer keep making a TON OF GEOCITIES websites, in so short of time? I don't think an automated robot program would work, because Geocities uses that "picture identification" to make an account. Human is the only one that can read the letters/numbers.

Share this post


Link to post
Share on other sites

SpamCop's Parser would send Reports of geocities.co.uk to yahoo[at]admin.spamcop.net, but recommends mail-abuse[at]yahoo-inc.com and postmaste[at]yahoo.com. I'd send Manual Reports of geocities.co.uk to geo-abuse[at]yahoo-inc.com. SpamCop's Parser says "geo-abuse[at]yahoo-inc.com does not wish to receive user-copied reports."

Share this post


Link to post
Share on other sites
How can a spammer keep making a TON OF GEOCITIES websites, in so short of time? I don't think an automated robot program would work, because Geocities uses that "picture identification" to make an account. Human is the only one that can read the letters/numbers.

I haven't used the Sam Spade "safe web browser" tool (linked to from the SpamCop FAQ - does anyone know for sure if he could safely check out some of those links with it? It's possible that none of them really work, or that they redirect to somewhere else.

Share this post


Link to post
Share on other sites
I haven't used the Sam Spade "safe web browser" tool (linked to from the SpamCop FAQ - does anyone know for sure if he could safely check out some of those links with it?

31600[/snapback]

Not right now. It appears to be consistently producing the following, no matter what good URL it is fed:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<HTML><HEAD>

<TITLE>400 Bad Request</TITLE>

</HEAD><BODY>

<H1>Bad Request</H1>

Your browser sent a request that this server could not understand.<P>

</BODY></HTML>

The above is rendered at Example Error from SamSpade.org's safe web browser. Edited by Jeff G.

Share this post


Link to post
Share on other sites

I'm also getting these. They are all from cn and are sent to my secondary MX. They adretise a site in the form:

http://uk.geocities.com/Gonzalo_Freehling/?AHNH4G=AS3nQ1W2

The parser ignores the address in the e-mail (it lists it but gives no reporting address) but if I enter it on its own, it gives me the normal yahoo reporting address.

I've had a look at the UK TORs for Geocities and it looks to me that the use of the geocities is against their policy. There is a form for reporting this, but it is far too small.

The question I have is why the parser is not reporting the gocities site.

Rob

Share this post


Link to post
Share on other sites
The question I have is why the parser is not reporting the gocities site.

31660[/snapback]

Tracking URL of a sample ????

Share this post


Link to post
Share on other sites
Tracking URL of a sample ????

31661[/snapback]

I' getting a deluge from what I believe to be same spammer using UK Yahoo/geocities web sites that link to other pornsites to my hotmail account (20 a day) also

If you are a paying Spamcop Email user you can see some them of them here

Geocities spam samples

You will see they are not fast in taking these sites down either? 3 days to be removed. It also suggests to me they Geocities UK may have a security problem

Looks like this Geocities spammer is now RIP :P (so reports do work)

Every so often spamcop does not report the URL so I add it manually. Also this spammer incudes a base 64 spam which sometimes SpamCop does not get(again I add that and the site it links to to my spamcop report (so if you have the time you can do this yourself)

If the site is unreachable SpamCop will not report it either (often site has been canceled)

Share this post


Link to post
Share on other sites
Try these:

31676[/snapback]

OK. Thank you forthe Tracking URL. Now what exactly are you complaining about re: these parses?

If it is the fact that you are receiving these, so are many other people (myself included). Unless your filters can be tweaked to intercept them, there is little you can do. I don't see any headers indicating any type of spam blocking being used (however, not all systems add headers).

If it is the fact that no reporting addressess are shown for the geocities sites? If so, that is a recent common problem with the parser that has not been fixed yet. If you enter the web site alone into the parser, I see:

Reporting addresses:

mail-abuse<at>yahoo-inc.com

postmaster<at>yahoo.com

Please manually report these to there or the other reporting addresses shown earlier.

Share this post


Link to post
Share on other sites
If it is the fact that no reporting addressess are shown for the geocities sites?  If so, that is a recent common problem with the parser that has not been fixed yet.

31678[/snapback]

It is surprising that such a problem (apparently only with uk.geocities.com) would just pop up like that. The URLs are not too obfuscated and Yahoo! does not play weird DNS games. So why doesn't it parse properly? And do you have an idea when it will be fixed?

Share this post


Link to post
Share on other sites
It is surprising that such a problem (apparently only with uk.geocities.com) would just pop up like that. The URLs are not too obfuscated and Yahoo! does not play weird DNS games. So why doesn't it parse properly? And do you have an idea when it will be fixed?

31681[/snapback]

It is NOT only with GeoCitites sites, but many sites. I have no control over the code or what gets worked on first, so no, I have no idea if they have even determined the cause completely yet.

The only info on our side is that the parser finds a link then does nothing with it. Sometimes, refreshing the parse will yield a result, other times not.

Share this post


Link to post
Share on other sites
It is surprising that such a problem (apparently only with uk.geocities.com) would just pop up like that. The URLs are not too obfuscated and Yahoo! does not play weird DNS games. So why doesn't it parse properly? And do you have an idea when it will be fixed?

31681[/snapback]

While searching for some newsgroup postings to insert here, Steven already answered in the same vein ... For a bit of specific background, take a look at the FAQ entry titled SpamCop reporting of spamvertized sites - some philosophy

Share this post


Link to post
Share on other sites
It is NOT only with GeoCitites sites, but many sites.  I have no control over the code or what gets worked on first, so no, I have no idea if they have even determined the cause completely yet. 

The only info on our side is that the parser finds a link then does nothing with it.  Sometimes, refreshing the parse will yield a result, other times not.

31682[/snapback]

Found a simple Geocities form to report these sites

http://uk.geocities.yahoo.com/v/alert.html

I thugh I may of killed the spammer but although down to 3 from twenty the spammer is very much still not got the message

Share this post


Link to post
Share on other sites
It is surprising that such a problem (apparently only with uk.geocities.com) would just pop up like that. The URLs are not too obfuscated and Yahoo! does not play weird DNS games. So why doesn't it parse properly? And do you have an idea when it will be fixed?

31681[/snapback]

That was my question. I had noticed that uk.geocities link was not being reported - It is the only one I had seen.

I have manuly reported this to Yahoo.

Thanks

Share this post


Link to post
Share on other sites
OK.  Thank you forthe Tracking URL.  Now what exactly are you complaining about re: these parses?

If it is the fact that you are receiving these, so are many other people (myself included).  Unless your filters can be tweaked to intercept them, there is little you can do.  I don't see any headers indicating any type of spam blocking being used (however, not all systems add headers).

If it is the fact that no reporting addressess are shown for the geocities sites?  If so, that is a recent common problem with the parser that has not been fixed yet.  If you enter the web site alone into the parser, I see:

Reporting addresses:

mail-abuse<at>yahoo-inc.com

postmaster<at>yahoo.com

Please manually report these to there or the other reporting addresses shown earlier.

31678[/snapback]

Thanks Steve,

The problem I have is that whilst I have block lists etc on my mail server, the spam are being sent to my secondary mx which I have no control over. I can block the mail on receipt but as in effect I have already recived it I cannot reject it.

Rob

Share this post


Link to post
Share on other sites

I asked geo-abuse[at]yahoo-inc.com to comment on this Topic back on the 11th, and Yahoo! GeoCities <geo-abuse[at]yahoo-inc.com> finally got back to me this evening as follows:

Hello,

Thank you for contacting Yahoo! Customer Care.

Thank you for informing us of this incident.

Please write back with a more detailed description of the issue in

question and include as much of the following information as you can:

1. The exact location of the Yahoo! GeoCities home page and any specific

file names or HTML pages. (ex: http://geocities.yahoo.com/name_of_site)

2. A detailed description of the complaint or issue.

3. Any other information that may help us investigate and take the

appropriate action.

Additionally, you may want to review the Yahoo! GeoCities Terms of

Service at:

http://docs.yahoo.com/info/terms/geoterms.html

Thank you again for contacting Yahoo! Customer Care.

Regards,

Yahoo! Customer Care

http://www.yahoo.com/

Share this post


Link to post
Share on other sites

Spammer is still going, moved over to IT from the UK:

http://www.spamcop.net/sc?id=z82045948...681a9b18bdfc61z

We get at least one a day, and the parser is still having trouble with these URL's. Sometimes it takes 20 refreshes before the URL will parse. :blink:

Edit: 2005/10/27 21:50 Jeff G. made the URL more usable, especially for SpamCop Email System Customers.

Edited by Jeff G.

Share this post


Link to post
Share on other sites
Spammer is still going, moved over to IT from the UK:

http://www.spamcop.net/sc?id=z82045948...681a9b18bdfc61z

We get at least one a day, and the parser is still having trouble with these URL's.  Sometimes it takes 20 refreshes before the URL will parse.  :blink:

Edit: 2005/10/27 21:50 Jeff G. made the URL more usable, especially for SpamCop Email System Customers.

35002[/snapback]

I get about half a dozen of these minimum a day from AR,AU,DE,ES,IN,IT,MX,SG,UK domains to date. I find the Spamcop parser more often than not doesn't pick up the URL so I tend to manually report them all and to be fair to the various Geocities abuse depts I invariably get an 'action taken' notice back in 24-48 hours or so and the site is no longer valid. I just don't think they can cope with the flood of scammers and spammers using them.

It may have been mentioned before, but it's worth repeating that the reporting addresses for these all have the same format, i.e. just take the uk, it, mx, or whatever suffix as indicated in the spam URL and append it to the front of the basic address, e.g:

uk-geo-abuse[at]yahoo-inc.com

or

mx-geo-abuse[at]yahoo-inc-com

The way I do it is just to have all the addresses in my address book (OE6) and the pro-forma report form is just saved as a signature, i.e:

Hello,

Attached below is the full, unedited source code, (full headers and body), for a commercial spam received by me today from a Geocities spammer promoting the following commercial site by his spamming activities against both the Geocities guidelines and the Yahoo Terms of Service:

(Attention Yahoo/Geocities abuse team)

Would the abuse team(s) please take the appropriate action.

Source network abuse reported via Spamcop.

Thank you for your help,

Kind Regards,

Bob ...........

Source code follows:

____________________________________________________________

so it is relatively quick & easy to drop off an abuse report.

[edit] I usually insert the URL I'm reporting before the (Attention Yahoo/Geocities abuse team) bit.........

Edited by bobbear

Share this post


Link to post
Share on other sites
<snip>

I never get any e-mails back about resolution on any spam I report.

<snip>

35075[/snapback]

...Very rare that I do and from what I've seen from other posts in these fora it's pretty rare for almost all of us.

... There's a "Preferences" Report Handling option that allows you to specify that you would like to receive replies from "robots" which (I believe) is set off by default. Also, from what I understand, if you manually report you have a better chance of receiving a direct reply (but perhaps run the risk of confirming that your e-mail address is valid and read by a real person, something spammers like to know and which the abuse address might pass on to the spammer).

Share this post


Link to post
Share on other sites
...Very rare that I do and from what I've seen from other posts in these fora it's pretty rare for almost all of us.

... There's a "Preferences" Report Handling option that allows you to specify that you would like to receive replies from "robots" which (I believe) is set off by default.

35085[/snapback]

I have that option enabled (so I receive all reports) and there are only a handfull of different ISP's I ever get a response from. Yahoo was just added to that short list today, in fact.

Share this post


Link to post
Share on other sites

When I turned on "Forward replies from people and robots", I started getting automatic replies from robots at the following ISP domains:

Earthlink.net

Home.nl

cablecom.ch

gaoland.net

cantv.net

hanaro.com

InfoAve.Net

pwebtech.com

t-ipnet.de

Verio.net

comcast.net

jerseytelecom.com

gblx.net

dtag.de

club-internet.fr

MCI.com

NOOS.fr

globix.com

OCN.ad.jp

mchsi.com

Embratel.net.br

sjrb.ca

hinet.net

StarHub.com

netvisao.pt

titan-networks.net

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×