Jump to content

got sigalarm, taking too long to process, aborted.


a.guess

Recommended Posts

Hi !

it seems that the "got sigalarm, taking too long to process" problem occasionaly appeared in the past and the only way to solve this is to contact deputies... I encountered this problem many times lately and I always had to resign.

here's an example of a report that, for me, is impossible to submit:

http://www.spamcop.net/sc?id=z713659260z2d...573a5a87e8014fz

any help will be appreciated ! thanks for your attention :)

bye.

ale

Link to comment
Share on other sites

This specific spam construct was apparently crafted to cause some problems at the SpamCop parsing stage. On the other hand;

whois -h whois.directnic.com car-goodies.com ...

Registration and WHOIS Service Provided By: directNIC.com

Registrant:

Masterly Intl S.A.

Sabana sur

25mts al sur del

Supermercado AM PM

San Jose, CR --

CR

+011.5068246415

Fax:+011.5062722279

Domain Name: CAR-GOODIES.COM

Administrative Contact:

Admin, Domain newblake[at]hush.ai

Sabana sur

25mts al sur del

Supermercado AM PM

San Jose, CR --

CR

+011.5068246415

Fax:+011.5062722279

Domain servers in listed order:

NS0.PREOWNED-DOMAINS.COM 207.126.109.90

NS1.PREOWNED-DOMAINS.COM 207.126.109.91

Trace car-goodies.com (207.126.109.48) ...

64.125.30.146 RTT: 28ms TTL:208 (so-1-0-0.cr1.ord2.us.above.net ok)

64.125.30.209 RTT: 95ms TTL:208 (so-3-1-0.mpr3.sjc2.us.above.net fraudulent rDNS)

64.125.30.90 RTT: 114ms TTL:208 (so-2-0-0.er10a.sjc2.us.above.net bogus rDNS: host not found [authoritative])

207.126.109.48 RTT: 84ms TTL: 52 (car-goodies.com ok)

01/17/05 12:32:00 Browsing http://car-goodies.com/

Fetching http://car-goodies.com/ ...

GET / HTTP/1.1

Host: car-goodies.com

Connection: close

Socket Error

01/17/05 12:32:58 Browsing http://car-goodies.com/hi/pP7dIzuTtG/No_More_Emails.html

Fetching http://car-goodies.com/hi/pP7dIzuTtG/No_More_Emails.html ...

GET /hi/pP7dIzuTtG/No_More_Emails.html HTTP/1.1

Host: car-goodies.com

Connection: close

HTTP/1.1 500 Internal Server Error

Date: Mon, 17 Jan 2005 19:53:46 GMT

Server: Apache/2.0.40 (Red Hat Linux)

Last-Modified: Tue, 09 Nov 2004 19:16:32 GMT

<html>

<head>

<title>Showcase-Error 404</title>

<h2>You have been confirmed as a new member, why not

checkout some special software below!</h2></td>

-=-=-=-=-=-=-=-

So sonething is "technically" there at the sub-levels, though no idea whether it's that the spammer has been whacked or just never took the time to finish setting anything up.

With this late rash of 'gateway timeouts' and now your sig-alarms, I'm guessing that there's a spammer that's been reading the SpamCOp Forum and newsgroup support data and applying the knowledge gained there to craft the spew. Unfortunately, you've provided the only spam sample thus far ... the flip side is that complaints about this haven't shown up in the newsgroups yet, so the spew level isn't tha great yet or just hasn't hit the right folks??? But this lack of data makes it a bit hard right now to come up with a good way to kick this upstream right now ...

Link to comment
Share on other sites

With this late rash of 'gateway timeouts' and now your sig-alarms, I'm guessing that there's a spammer that's been reading the SpamCOp Forum and newsgroup support data and applying the knowledge gained there to craft the spew. 

The idea of spammers using antispam resources to escape from being blocked sounds interesting. Today for example I also received a long sequence of false negatives. I was thinking: he may have used the blocklists to send messages only via unblocked ips; can it be ?

bye,

Ale.

Link to comment
Share on other sites

This goes back to the "evidence" pages for example. There used to be copies of the spam that was last seen for the listing .. but it was seen that that spammers were looking at those pages themselves. tracking the reporting efforts and levels and then applying those results to their spew ... changin gto a different IP for instance to stay below the threshold ... thus the lack of details these days ... as said elsewhere, there's Julian working his magic in Wahsington State, and there are spammers all aorund the world trying to undo that magic ... definitely not a fair fight <g>

Link to comment
Share on other sites

as said elsewhere, there's Julian working his magic in Wahsington State, and there are spammers all aorund the world trying to undo that magic ... definitely not a fair fight <g>

23208[/snapback]

By the way, after some hours I was able to submit my spam so it seems that everything is working fine now... another magic from Julian ? ;-)

Link to comment
Share on other sites

By the way, after some hours I was able to submit my spam so it seems that everything is working fine now... another magic from Julian ? ;-)

I looked at also, see that it flies right through .. checked a few things, didn't see any critical data changes, so sure, I'd be willing to say Julian may have touched something .. but, the usual practice is that a problem shows up, notifiaction is made, and the next thing you hear about is that no one is complaining about that issue anymore <g>

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...