Jump to content

spam-Bot


couttsj
 Share

Recommended Posts

I do not know if this is of any interest to anyone, but this morning I recovered the following information from a spam-Bot.

The following MAIL FROM:s were used:

MAIL FROM: <admin[at]quickbooks.com> x 8

MAIL FROM: <antifraud[at]quickbooks.com> x 13

MAIL FROM: <security[at]quickbooks.com> x 11

MAIL FROM: <software[at]quickbooks.com> x 7

MAIL FROM: <tools[at]quickbooks.com> x 6

MAIL FROM: <update[at]quickbooks.com> x 9

MAIL FROM: <updates[at]quickbooks.com> x 8

with the following IPs:

109.154.63.231 x 2

109.97.6.224 x 2

159.205.219.95

178.128.70.147

188.220.119.204

46.148.0.142

62.194.50.27

77.98.17.91

78.232.57.126 x 4

79.189.244.14

80.30.20.98

80.5.174.208

81.193.134.101

81.60.38.4

81.9.184.204

82.176.16.53

83.128.58.174 x 2

83.161.193.244

83.57.198.198 x 3

84.124.190.183 x 3

84.125.33.188 x 3

85.152.18.193

85.49.240.245 x 2

85.49.240.245

86.10.70.108 x 20

86.43.101.5

87.206.61.134 x 2

94.170.206.76

94.171.159.156

This was over less than 3 hours and the run is still ongoing. Unfortunately, I cannot report this to SpamCop through normal channels because I don't actually receive the attempted emails.

J.A. Coutts

Link to comment
Share on other sites

You have the emails, you have the IP's.... dump them into StopForumSpam - they'll be added to blacklists from there ;)

Cheers!

That's the problem, I don't have the emails because there are no valid email addresses for this particular domain. But that does not stop the spammers from trying. I simply record the connecting IP, the HELO/EHLO, and the MAIL FROM:. Then I issue a 553 error and wait for the spammer to disconnect. So in my humble opinion, all of the 500 to 900 attempted connections per day are spammers. There is the odd attempt to bounce mail after receiving it, but as far as I am concerned, that's spam too. The list submitted above I have identified as a single bot network because of the similarities in connection data. Most spam these days originates in Asia, Eastern Europe, or South America. This one is different in that all of the originating IPs are from Europe.

I looked at StopForumSpam, but as far as I can tell you have to input them one at a time, and that is too laborious. If you know of a better way to submit multiple entries, please let me know.

J.A. Coutts

Link to comment
Share on other sites

<snip>

as far as I can tell you have to input them one at a time, and that is too laborious.

...Just submit the ones you have the time and inclination to submit. You could also send evidence to the abuse addresses of the IP addresses that are sending the spam; perhaps you can automate the process of sending such complaints if you can find a way of retrieving the abuse address from Abuse.net or IP Regional Internet Registry (RIPE, etc).
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...