a.guess Posted January 17, 2005 Share Posted January 17, 2005 Hi ! it seems that the "got sigalarm, taking too long to process" problem occasionaly appeared in the past and the only way to solve this is to contact deputies... I encountered this problem many times lately and I always had to resign. here's an example of a report that, for me, is impossible to submit: http://www.spamcop.net/sc?id=z713659260z2d...573a5a87e8014fz any help will be appreciated ! thanks for your attention bye. ale Link to comment Share on other sites More sharing options...
Wazoo Posted January 17, 2005 Share Posted January 17, 2005 This specific spam construct was apparently crafted to cause some problems at the SpamCop parsing stage. On the other hand; whois -h whois.directnic.com car-goodies.com ... Registration and WHOIS Service Provided By: directNIC.com Registrant: Masterly Intl S.A. Sabana sur 25mts al sur del Supermercado AM PM San Jose, CR -- CR +011.5068246415 Fax:+011.5062722279 Domain Name: CAR-GOODIES.COM Administrative Contact: Admin, Domain newblake[at]hush.ai Sabana sur 25mts al sur del Supermercado AM PM San Jose, CR -- CR +011.5068246415 Fax:+011.5062722279 Domain servers in listed order: NS0.PREOWNED-DOMAINS.COM 207.126.109.90 NS1.PREOWNED-DOMAINS.COM 207.126.109.91 Trace car-goodies.com (207.126.109.48) ... 64.125.30.146 RTT: 28ms TTL:208 (so-1-0-0.cr1.ord2.us.above.net ok) 64.125.30.209 RTT: 95ms TTL:208 (so-3-1-0.mpr3.sjc2.us.above.net fraudulent rDNS) 64.125.30.90 RTT: 114ms TTL:208 (so-2-0-0.er10a.sjc2.us.above.net bogus rDNS: host not found [authoritative]) 207.126.109.48 RTT: 84ms TTL: 52 (car-goodies.com ok) 01/17/05 12:32:00 Browsing http://car-goodies.com/ Fetching http://car-goodies.com/ ... GET / HTTP/1.1 Host: car-goodies.com Connection: close Socket Error 01/17/05 12:32:58 Browsing http://car-goodies.com/hi/pP7dIzuTtG/No_More_Emails.html Fetching http://car-goodies.com/hi/pP7dIzuTtG/No_More_Emails.html ... GET /hi/pP7dIzuTtG/No_More_Emails.html HTTP/1.1 Host: car-goodies.com Connection: close HTTP/1.1 500 Internal Server Error Date: Mon, 17 Jan 2005 19:53:46 GMT Server: Apache/2.0.40 (Red Hat Linux) Last-Modified: Tue, 09 Nov 2004 19:16:32 GMT <html> <head> <title>Showcase-Error 404</title> <h2>You have been confirmed as a new member, why not checkout some special software below!</h2></td> -=-=-=-=-=-=-=- So sonething is "technically" there at the sub-levels, though no idea whether it's that the spammer has been whacked or just never took the time to finish setting anything up. With this late rash of 'gateway timeouts' and now your sig-alarms, I'm guessing that there's a spammer that's been reading the SpamCOp Forum and newsgroup support data and applying the knowledge gained there to craft the spew. Unfortunately, you've provided the only spam sample thus far ... the flip side is that complaints about this haven't shown up in the newsgroups yet, so the spew level isn't tha great yet or just hasn't hit the right folks??? But this lack of data makes it a bit hard right now to come up with a good way to kick this upstream right now ... Link to comment Share on other sites More sharing options...
a.guess Posted January 17, 2005 Author Share Posted January 17, 2005 With this late rash of 'gateway timeouts' and now your sig-alarms, I'm guessing that there's a spammer that's been reading the SpamCOp Forum and newsgroup support data and applying the knowledge gained there to craft the spew. The idea of spammers using antispam resources to escape from being blocked sounds interesting. Today for example I also received a long sequence of false negatives. I was thinking: he may have used the blocklists to send messages only via unblocked ips; can it be ? bye, Ale. Link to comment Share on other sites More sharing options...
Wazoo Posted January 17, 2005 Share Posted January 17, 2005 This goes back to the "evidence" pages for example. There used to be copies of the spam that was last seen for the listing .. but it was seen that that spammers were looking at those pages themselves. tracking the reporting efforts and levels and then applying those results to their spew ... changin gto a different IP for instance to stay below the threshold ... thus the lack of details these days ... as said elsewhere, there's Julian working his magic in Wahsington State, and there are spammers all aorund the world trying to undo that magic ... definitely not a fair fight <g> Link to comment Share on other sites More sharing options...
a.guess Posted January 17, 2005 Author Share Posted January 17, 2005 as said elsewhere, there's Julian working his magic in Wahsington State, and there are spammers all aorund the world trying to undo that magic ... definitely not a fair fight <g> 23208[/snapback] By the way, after some hours I was able to submit my spam so it seems that everything is working fine now... another magic from Julian ? ;-) Link to comment Share on other sites More sharing options...
Wazoo Posted January 17, 2005 Share Posted January 17, 2005 By the way, after some hours I was able to submit my spam so it seems that everything is working fine now... another magic from Julian ? ;-) I looked at also, see that it flies right through .. checked a few things, didn't see any critical data changes, so sure, I'd be willing to say Julian may have touched something .. but, the usual practice is that a problem shows up, notifiaction is made, and the next thing you hear about is that no one is complaining about that issue anymore <g> Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.