Jump to content
Sign in to follow this  
msealey

SpamBomb - anyone recognise these strings

Recommended Posts

Anyone know the source of literally tens of thousands of emails in the past couple of weeks which I'm managing to block in ProcMail with the (apologies in advance) following recipes. At first they were all coming from forged qwest.net - but in reality (then and now) from servers everywhere.

It's proving hard to keep up with blocking them this way since they're now changing the string every few hours. Anyone recognise them and have a more permanent solution, please?

Help!

:0HB

* excluusive and shocked aduult vldeo

/dev/null

:0HB

* new and very y0+ung glRLs

/dev/null

:0HB

* fIashing panttIes

/dev/null

:0HB

* suKlng and fUklng video on our site

/dev/null

:0HB

* fukcing and sukcing

/dev/null

:0HB

* very little girls in bathroom

/dev/null

:0HB

* snowman still fukc snowgirl

/dev/null

I am filtering on my client - but it's trying my patience. YIA!

Share this post


Link to post
Share on other sites

I'm not sure I can equate this query asking about filtering via ProcMail recipies to an issue with a SpamCop.net e-mail account .. so moving to the Geek/Tech Things > Software Issues Forum section ....

Share this post


Link to post
Share on other sites

Since this sort of spam always involves a website, filtering by URL may be more effective. If the URLs contain affiliate links (suggesting spam by a third party), then providing details to the website concerned may get that affiliate suspended. If not, complain to the hosting ISP (getting a SpamCop account and using it will automate this process). These methods involve more work, but unlike filtering, do impose a cost on the spammer and those that do business with them.

If all the above fail, then consider using a tool like SpamVampire to leech the site's bandwidth, increasing its hosting costs. Enough people doing this will make any site unprofitable which is when spam will stop for good.

Share this post


Link to post
Share on other sites

Paranoid2000,

Thanks for that - the really annoying thing about this particular attack is that every spamvertised URL is different!

They may be coming essentially from the same ultimate source. They must be. The format, the 'rem0ve' instructions, the type of header, the style of the subject - and invariably the text in each one - are the same.

But the sites they're 'marketing' are all different.

The IP blocks too seem to have nothing in common.

My reporting tool's RIR lookups show a huge variety of different real sources. By the hundred.

Damn them!

Share this post


Link to post
Share on other sites
My reporting tool's RIR lookups show a huge variety of different real sources. By the hundred.
In that case, employing blocklists like the SpamHaus SBL, SPEWS or SpamCops' own SCBL should be worth considering, if you haven't already done so. Adding country-based blocklists (do you ever receive legitimate email from China or Korea?) may help also. Bayesian filtering is also reported to give excellent results once trained.

Unfortunately, filtering alone does nothing to deter spammers so without more active steps (as noted above) you will likely just receive more spam until your bandwidth is saturated.

Share this post


Link to post
Share on other sites

Thanks again; shall try those of your suggestions which aren't already in place. Your help much appreciated. Good luck!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×