Jump to content


  • Posts

  • Joined

  • Last visited

Contact Methods

  • Website URL

ohmniscient's Achievements


Newbie (1/6)



  1. Great explanation. Nothing to add to it. This is exactly how the thing works.
  2. Well... I tested the compainterator, but It seems a little primitive, a few problems happened (like it couldn't find the whois of one of the websites and I had to check by myself at robotex or some crazy stuff with the tabs of my firefox that made me write the body text manually!). I should say that I felt a little stupid asking a registrar to take down a domain bought by someone just because I got 1 spam. This is why the best thing would be: 1. At every URL resolving, spamcop should copy the link in a list 2. From the list, it should get the http reader response and track the redirection: example: http://bedebtfreeblog.com/clod26.html http://www.dentalalcudia.es/outrun27.html for the 3 links, the header response is quite ridiculous: <html><head><scri_pt>location = 'http://drugstore-menu.com:8080/';</scri_pt></head></html> 3. Then, it should list the URLs in the header responses (limit of 5). 4. Calculates how many spams redirects to the same domain in the last 24h and send a complete report to the registrar for those domains with higher number of spams. It would be more effective in inhibiting spam and less overloading than sending single reports to the registrars of the botnets which mask the real spamvertised domains. Actually, it wouldn't take too much lines of scri_pt from what the system already does. The thing is, and it is hard to say, maybe they don't really want to stop spam as AV companies don't want to stop malware developing... It is business and it requires not solving the problem, as we are not going to find a cure for HIV and not going to change our energy source (that kills the earth) because it would break down someone else business.
  3. I know, I read the FAQ. However, the system already provide this function so why not improve it? It resolves 5 URLs, why not limit to 5 from the whole bunch of URLs? It's better than nothing in my opinion. No problem. I can tell which URL is the target. Spamcop is always asking me who to report. An this example is an exception rather than a rule. I know, but I am thinking in a system for non-expert internet users, people that don't have too much time in front of the computer. When you increase the number of tools, softwares, links, the thing doesn't get feasible for us, unfortunately. To track down spammers websites has been quite easy for me... I have got them by using: http://web-sniffer.net I checked my security where you suggested. I'm safe, fortunately. =) The last check did not complete because I'm not IE user. thanks
  4. Hi Spamcop providers, I have seen that several spams have many URLs, but when the number of URL is high, the URL resolving module states: "too many links" and ignore all URLs. It does not happen when you have, for example, 5 URLs. Why does it have to be everything or nothing? In many cases, the several URLs in the spam point to the same IP, therefore, a few URL resolving would be enough for reporting. It would be great if the system allowed unlimited URL resolving or at least a limited number of URLs to resolve independently of the numbers of URLs within the spam. thanks in advance
  5. Wow... You're probably in a bad day. I've never seen such attack for a such a veteran in forums. Violating the ethics completely, exposing for everybody what is definitely not related to the post. If you didn't like my signature, you could remove it and call me in a private message. Why not to be polite? 1. My questions were very meaningful, this is why it has nothing to do with "sneaking". 2. I'm a med-student, internet is a hobby, I'm not going to have a hard time with forums, never. What I do is to help people. I don't intend to be one of you, neither to have a spamcop system or something like that... Anyway, see my contribution in the anti-malwarebytes forum: http://forums.malwarebytes.org/index.php?showforum=51 or in the malwaredomainlist forum: http://www.malwaredomainlist.com/forums/index.php?board=16.0 This tells a little bit about my experience regarding politeness in forums 3. I'm very happy that I got very good responses from the other guys. I'm gonna follow your instructions! thank you!
  6. Hi fellows, Your system is really great! However, I've been testing it for about a month and I got the following bugs that may be useful to correct. 1. Sometimes, spamcop analysis tells that the spammer IP is a forgery, and determines the real spammer IP as the ip of my e-mail server (a relay), because my job e-mail redirects to my personal e-mail. Therefore, I need to edit the headers to have the job done. Why doesn't the system ask us if the IP is from an e-mail redirector or which is the real ip? I also would like to have an option to save the ip from my e-mail server redirector to avoid have it being considered the spammer IP. I know that I don't need to report my e-mail server, but I lose the opportunity to report the original spammer IP. 2. Many spams show several URLs redirections, example: #http://fa21.derryclinic.ru/?yzyyli=295869680b36b32]http://fa21.derryclinic.ru/?yzyyli=295869680b36b32 #http://503f.derryclinic.ru/?ufojyo=c20290d790d6d]http://503f.derryclinic.ru/?ufojyo=c20290d790d6d #http://9902.derryclinic.ru/?tonyataaw=f173c2602fdc]http://9902.derryclinic.ru/?tonyataaw=f173c2602fdc #http://756e.derryclinic.ru/?euuxebare=b71b993ba2faae7]http://756e.derryclinic.ru/?euuxebare=b71b993ba2faae7 #http://319.derryclinic.ru/?nyeqaaha=e5ccb9b79ae2aa]http://319.derryclinic.ru/?nyeqaaha=e5ccb9b79ae2aa #http://82.derryclinic.ru/?rimodyy=543a8d568e91992]http://82.derryclinic.ru/?rimodyy=543a8d568e91992 #http://06.derryclinic.ru/?afyug=0ef43e9749169]http://06.derryclinic.ru/?afyug=0ef43e974916 #http://96f7.derryclinic.ru/?azuhocos=20ffe4cea4180]http://96f7.derryclinic.ru/?azuhocos=20ffe4cea4180 The problem is: spamcop cannot analyze either one, because it tells: "too many links!". This doesn't make sense, because if I leave only 5 URLs, the system analyze them and report them. So why, don't you analyze the first five (or more) URLs? In this example, as in many other cases, the URLs have the same IP! So, 1 URL being analyzed would be better than nothing. Thanks in advance, Ohm
  • Create New...