moulty Posted February 7, 2010 Posted February 7, 2010 A majority of spam seen at two of my reporting addresses is of the Glavmed / "Canadian Pharmacy" variety (counterfeit/placebo/toxic medications and magical sexual-size-and-performance enhancers). Spamvertised domains are typically pointing by DDNS proxy to targets at 58.218.177.253, 61.235.117.75 and 124.248.32.48. Nearly all in the last week have pointed to the 61.235.117.75. None of these however are newly compromised addresses. Spamcop directs reports for hosting to spam[at]ccert.edu.cn, abuse[at]anti-spam.cn, and abuse[at]chinatietong.com. These are nonresponsive. APNIC's WHOIS record for the net which contains 61.235.117.75 includes some better information. route: 61.232.0.0/14 descr: PACNET (proxy-registered route object) origin: AS9394 remarks: This route object is for a PACNET customer route which is being exported under this origin AS. This route object was created because no existing route object with the same origin was found, and since some PACNET peers filter based on these objects this route may be rejected if this object is not created. Please contact abuse[at]pacnet.net if you have any Concerns regarding spam/Abuses related to this object. Very actively spammed at present are sites the domains of which are "self-routed" via remote dynamics by "organcamp.ru" -- here's a useful listing from URIBL: http://rss.uribl.com/ns/organcamp_ru.html ALL point to 61.235.117.75. A wholesale nip-in-bud by removal of the onerous route-object would be a wonderful thing. So I am wondering if my peers could include this information and reporting-address in their reports for this spammer - and what if anything I may be able to suggest in order for SC to automate it.
Farelf Posted February 8, 2010 Posted February 8, 2010 ... and what if anything I may be able to suggest in order for SC to automate it.With any luck SpamCop Admin might have already seen this and is even now pondering your suggestion - for which, thanks. If there's no further comment forthcoming I suggest you check with him in a few days time - that's Don D'Minion - service[at]admin.spamcop.net
Recommended Posts
Archived
This topic is now archived and is closed to further replies.