Jump to content


  • Posts

  • Joined

  • Last visited

HillsCap's Achievements


Member (2/6)



  1. I think you might be able to get a DynDNS account to set up JackPot, if you're on a dynamic IP address, but I'm not sure. You'd have to just give it a try and see if it works. As for whether your IP address will get added to the open proxy / open relay lists... that's the idea. That's the fastest way to attract the spammers. Since most people don't (aren't allowed to) do direct-to-MX mailing from their own computer, it won't matter if your IP address is on those lists, since the mail server of your ISP should still be clean, allowing you to send mail without problems. That's how I attracted the spammers to my JackPot... it sat idle for quite a while, so I submitted it to the open relay testing websites to get it listed. After that, the spammers showed up in droves. I've had them try to relay as many as 1,100,000 spams in a day.
  2. Hi, all. If you're looking for a good way to take a hunk out of a spammer's hide, you can easily do so by running up their web hosting costs. I've used FriedSpam.net in the past (you've probably all read my posts on using anonymous proxies to hammer spamvertised websites), but I've got an even better, faster way of hitting them. Some of you may have heard of the Lad Vampire, used to hit 419 sites and run up their hosting costs until they're taken offline. I ran it for a while to be sure it was effective. During that time, I downloaded about 100 GB of data, and helped to take down twelve 419 sites. Since the Lad Vampire source code was contributed anonymously, I figured that Mr. Anonymous probably wouldn't mind if I reworked the code to suit my own purposes. So, that's what I did. You can get a look at it here: http://www.hillscapital.com/antispam/index.htm Feel free to grab the source code and set up a spam Vampire to use against your own spammers. If everyone did this, spamming would be so expensive that the spammers wouldn't be able to spam anymore. You don't need a website to run the spam Vampire, it'll run just as well as a local file on your computer. If you want to help out, I'm currently hammering a couple of HKNet.com hosted websites that HKNet.com said they'd take down, but didn't, and a couple of USA Lenders Network websites.
  3. If they do start up again, I've found that having a FriedSpam.net party with 10 of your friends for a couple weeks usually knocks a clue into the spammer's thick skull. Hitting their website about 100,000 times a day per FriedSpam participant tends to do that. What I've found to be extremely effective is to contact the spammers and TELL them that you'll be hitting their sites, and tell them to never send spam to your domain again. I've only gotten 3 spams so far this week. Of those three, one was from a newbie spammer, and two were from USA Lenders Network (ironically, they give their address as being in Canada), whose sites I've been working on / mauling for a while now.
  4. It looks as though Yahoo! has changed their tune a bit... every spam I submitted to them in the past, even if it contained a Yahoo! email address, came back with their boilerplate "The spam in question does not appear to have originated from or traveled through the Yahoo! mail system." message. Of course, we're using SBC/Yahoo! as our ISP, so ALL the messages to us travel through the Yahoo! mail system, but apparently they weren't smart enough to figure that out. At least now, they're shutting off email addresses that are advertised in spam. It's about time.
  5. I've got some VBA code that might work with older versions of Outlook. I'm running Outlook 2000, that's what it was designed for. It'll work with Outlook 2003, if you change the code workaround that forces Outlook 2000 to immediately send the spam reports, rather than waiting for the next scheduled Send/Receive. Outlook 2000 has a bug in it that requires the code workaround, Outlook 2003 doesn't have that bug. You might also have to change the code that looks at the folders and finds which one you're using for spam. http://www.hillscapital.com/spammerslammer.zip It's got full installation instructions in the source code, including how to create your own security certificate and sign the VBA code with it, so you can keep Macro Security at High, and the VBA code will still run, while blocking unsigned scripts from running. Just open the .bas file in NotePad, and print it out. The instructions are pretty comprehensive (read: long), but it's everything you need to get the code running. The code's got error checking (so you can't accidentally report SpamCop autoresponder emails as spam, so you can't accidentally report non-mail items as spam, etc.), and a whitelist that checks the email's sending address against those in your Contacts folder, so if a friend's email accidentally ends up in your spam folder, and you accidentally try to report it, you've got a chance to cancel the report. You can report multiple spams at once by selecting all of them, then clicking the 'Report As spam' button. And, the code's been tweaked to get around some of the issues that SpamCop experiences (the Would Send error, the Dumb Bot issue, non-printing characters, etc.) It helps if you know a bit of VBA coding, so you can tweak the code to suit you, if you want. I've got my copy set up to report to SpamCop, the FTC, and several Block Lists. You can add in any reporting addresses you want, in either the To:, CC: or BCC: fields. The code's open source with attribution, so feel free to tweak it, distribute it, create a self-installing plug-in with it, etc. If you update it, let me know, so I can get a look at the updated code and learn a bit.
  6. It worked. I went to the SpamCop web submission page, entered the headers and body, and removed all references to multipart boundaries from both. Upon submitting, it found the link and submitted to the right place. Now, I just have to figure out how to do that in my VBA code.
  7. No, it's not the application that's the problem... grabbing the spam right off the server via web interface also shows that what I submitted is exactly how the spam was formatted by the spammer, (except for the last 2 lines added by my VBA code). I did quite a bit of work on the VBA code to ensure that it reconstructed the emails the way they were originally. I suppose I could set up the VBA code do a search through the spam source code, strip out any multipart boundaries, then insert my own, to be sure that it's constructed properly, but that'd be materially changing the source code of the spam, something I think SpamCop frowns upon. Plus, as you said, since spammers don't seem to mind garbling their source code in the interest of filter sidestepping and reporting subversion, if the source code wasn't properly done to begin with, it'd be hard to determine just where to place the new multipart boundaries. I wonder what would happen if I just stripped out all multipart boundaries, didn't enter any new ones of my own, and submitted to SpamCop that way? Would that affect SpamCop's parsing?
  8. Actually, I HAVE experienced this before... when I was working up the VBA code for Outlook. My VBA code creates a new mail message, strips out the headers and body of the spam, concatenates them into one (since you can't get the headers and body all at once in Outlook), puts that into a .tmp file, and attaches that .tmp file to the new mail message. In the body of the new mail message is some information to make the reports compatible with other spam-reporting entities (size of spam, state of residence of spam submitter, date and time received, etc.). I'd set the code so that when it was putting the date and time received, it entered it as: Received: (date and time) SpamCop glitched on this, thinking that it was a header. In that instance, it thought I was reporting two spams... the spam in the attachment, and the new mail message itself. I dubbed it the 'Dumb Bot' error. It was easily fixed in that instance by setting the code to put the date and time received as: Received - (date and time) So, how do I code around this for future spams, since the spammers have obviously found a way to game SpamCop with this?
  9. Aaahhh, I just noticed that, too. That's odd... I got referred to a webpage that says the error was because I'd somehow changed the text of the spam and it wasn't anything the spammer was doing. But, I didn't change anything in the actual spam source code... looking at the source of the actual spam, it's identical to what is in the spam report, except for the addition of the last 2 lines (added by my VBA code). If SpamCop finds headers outside the multipart boundary, shouldn't it just ignore them?
  10. Ooookkkayyyy. When I clicked the button to submit that, I got the following: Reports have already been sent. No userid found Your authorization code is invalid. Please obtain a new authorization code. I'm a free SpamCop user, I don't think I ever had an authorization code, whatever that is. Is SpamCop glitching right now, or is it on my end?
  11. Hi, all. Got the following error on a spam I received last night: Finding links in message body error: couldn't parse head Message body parser requires full, accurate copy of message More information on this error.. no links found The specific spam report is located at: http://www.spamcop.net/sc?id=z512974943z97...0368fc6fbf3336z The spam itself looks like this: http://www.spamcop.net/sc?id=z512974943z97...&action=display Notice that the only thing added by my VBA code for Outlook (http://www.hillscapital.com/spammerslammer.zip) is the very last two lines... it does this to get around any occurences of the 'Would Send' error for emails that have no body. This has always worked just fine in the past... but I haven't reported any spam in a while (haven't gotten any in a while), so I'm wondering if some requirement has changed, and if so, how do I change the VBA code referenced above to come into compliance with those changes' requirements? If no requirements have changed, can anyone tell me what's going on with this one? Specifically the 'couldn't parse head, message body parser requires full accurate copy of message' part of it?
  12. In my first post of this thread, I stated that I chain IE through WebWasher, then through MultiProxy, then through FriedSpam.net, to 'data drain' spamvertised websites. I've learned that if you are simultaneously running the JackPot fake SMTP server / teergrube / honeypot and WebWasher, you'll see memory leaks in WebWasher and memory handle leaks in JackPot. WebWasher and JackPot don't play well together, so my advice is to stop using WebWasher, and chain IE directly to MultiProxy. Doing this allows JackPot to run without experiencing memory handle leaks, and speeds up your internet connection so you can fry spamvertised websites faster via FriedSpam.net. Also, if you're running ZoneAlarm, DO NOT update to the latest version, and DO NOT install the latest update if you're already running the latest version. It's causing major problems (computer hangs and not even Task Manager responds, major memory leaks, etc.). I recommend the Sygate firewall, instead.
  13. I figured out where the memory handle leak in my copy of Jackpot was coming from... I actually had three resource leak problems... 1) ZoneAlarm: ZoneAlarm has had a memory leak for quite some time now. The latest update causes users computer to hang for long periods of time, and the memory leak is worse than ever. I dumped ZoneAlarm, and installed Sygate's firewall. It is awesome... much better than ZoneAlarm. 2) WebWasher kept grabbing memory and not releasing it. It got to the point where I had to shut down WebWasher every few hours. 3) JackPot kept grabbing memory handles and not releasing them, building up to the point where it was sometimes taking over 600,000 memory handles. The WebWasher and JackPot resource leaks were related... for some reason, every time JackPot grabbed a memory handle, WebWasher would take more memory, and every time WebWasher grabbed more memory, it caused JackPot to grab more memory handles. It was a vicious cycle. Shutting down JackPot would make WebWasher stop taking more memory, and shutting down WebWasher would make JackPot stop taking more memory handles. So, I dumped WebWasher. Now, JackPot is running stably, even with 250 simultaneous incoming Port TCP 25 SMTP connections. A side benefit of all this is that my internet connection is much faster now (partly due to dumping ZoneAlarm, partly due to dumping WebWasher). Hence, when using FriedSpam.net through anonymous proxies, I'm hitting spamvertised websites much harder now. Another side benefit (now that I don't have any resource leaks) is that I can LART spammers 24/7 without having to reboot for weeks or months at a time. Look out spammers, here I come...
  14. Yeah, except I get the same exact replies from the Taiwan ISPs when I submit my JackPot fake SMTP / teergrube / honeypot URL for the logs to them, and I keep getting spam from the same IP addresses they say they've shut down. They SHOULD take my LARTs seriously, considering that I'm giving them the IP addresses of the spammers themselves, and not some email headers that might or might not be forged, and due to the fact that I'm reporting hundreds of thousands of spam attempts, not just one spam, but it doesn't seem to matter. I'm now dumping on the order of 600,000 spams per day coming from mainland China, Taiwan, and Hong Kong. I think all of the Taiwan IP addresses should be blocked for a time, that'd make the ISPs there wake up and get a clue.
  15. It's hard for me to gauge the amount of spam that others see, as I haven't gotten any in the last 9 days and counting. All I have to go on is the statistics that spamcop shows me. It looks like it's quite a bit lower, and it's been that way for a while now. If it is because of the SpamCop servers being slow, they've been slow for a few days now... I wonder if they're having problems?
  • Create New...