Jump to content

Reporting problems today?


mrmaxx
 Share

Recommended Posts

  • Replies 712
  • Created
  • Last Reply

Top Posters In This Topic

On some web form spam submissions, it's still taking a loooong time to parse and then timing out necessitating revisiting the SpamCop page, at which point I'm seeing the Report Now option ... which AGAIN takes forever once clicked. *Sometimes* it goes through after clicking that, *sometimes* it take a loooong time again & times out again, & sometimes it reports the spam is too old ... on a spam I just received THAT day.

SpamCop is still broken, apparently.

Link to comment
Share on other sites

I sent to early this morning and they went through fine.

An hour later, time out time out time out.

Oh well. Will try tonight.

Link to comment
Share on other sites

I have to say I haven't bothered with trying to parse emails while this has been going on. I have simply used the VER interface of the email system to quick-report or just using the "report as spam" button in the webmail interface. THAT seems to be working nearly flawlessly, or maybe it's just submitting it to a quick-report queue. In any case, quick-reporting seems to be working (mostly -- occasionally I'll see a 10-15 second "hiccup" before a spam goes away.)

Link to comment
Share on other sites

Yes, SpamCop performance is still erratic sometimes. I'm seeing the same things you are.

On the bright side, things are running really well much of the time.

Other notes...

Old spam is old news. Please just delete anything over 24 hours old.

The suspended users have all been reinstated.

I can't take credit for that. Even when I was still having trouble getting into my admin tools, our lead engineer was able to dig directly into the database and reinstate the suspended users. He gave me a list of the email address so that I could notify them.

Gotta like that! He really came through for us!

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

.

Link to comment
Share on other sites

I am not going to do any detective work..but just say that this is really the most persistent spammer and throughout this incident the spam from them has gone up greatly, maybe someone else can find out who they are:

http:// onrpnhfozy.medicpostb. ru/ (Administrator of network hosting website referenced in spam)

To: heibaizhuli[at]yahoo. com. cn (Notes)

Link to comment
Share on other sites

  • medicpostb.ru registrant - protected behind http://www.reg.ru/whois/admin_contact
  • Hosting 116.255.233.200 - ZhengZhou GIANT Computer Network Technology Co., Ltd no abuse.net record
  • Landing page terse ("Server: Apache")
  • Landing page does not suffer extended analysis (connection times out in process)
  • Endless list of "alphabet soup" super-domains.

Ownership? Anyone's guess at this stage. Russian Federation, India, China, North America?

WOT Trustworthiness, vendor reliability, privacy and child safety of this site (medicpostb.ru) is very poor.

medicpostb.ru Listed on URIBL black

medicpostb.ru is on SURBL lists: JP WS

Link to comment
Share on other sites

It is important to say, that was not a DOS attack, but a load attack. From the information we have, the spammer used the same protocol and same mimic of normal users, so was not a DOS, and this complicate to the engineers distinguish good traffic from bad one.

Engineers shoud discover from where came the bad traffic attack, hope more news on this regards.

Edited by efa
Link to comment
Share on other sites

I managed to report 32 spams through the web parser about an hour ago this morning.

The process went quite quickly until the last four or five, when it slowed down appreciably. :(

Those last few were quite slow, but there were no timeouts, and all my spam is cleared.

Overall the process took about half an hour, reporting each spam manually, which is about right

in my experience.

Also, last night, I was finally able to access my mailhosts page, and re-enable quick reporting.

Overall, I'm quite happy with the performance at the moment. :)

BTW, I have one quick question. I'm sure someone will know the answer to this:

Our individual reporting address are in this format:

submit.XXXXXXXXXXXXXXXX[at]spam.spamcop.net

IIRC, our quick reporting addresses are in the same format, except that they start with

"quick" instead of "submit", which gives this format:

quick.XXXXXXXXXXXXXXXX[at]spam.spamcop.net

Am I correct? (I haven't used quick reporting for a few years, and I've forgotten how

to set it up, or to find out what my quick reporting address is).

Thanks in advance for any help or advice! :D

[EDIT]:

I just found the answer in the SpamCop FAQ, so just ignore my question.

Sorry for any inconvenience! :blush:

Edited by csouter
Link to comment
Share on other sites

Yes. The "quick" address is the same as the "submit" address, except one starts with "quick" and the other starts with "submit."

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

.

Thanks, Don! :D

Link to comment
Share on other sites

Please explain. I don't know what you mean by "same protocol."

I understood that the spammer sent spam mails like normal users, but they send a lot. In this sense is the same protocol and mimic of normal SC server load.

Normally a DOS is different, the attacker "connect" the server so it has to open a socket for him (allocate memory, resources, and so on), then open another one, another one, and so on ... sometimes they send ping with garbage, but never close any socket, so is the server that has to timeout or dead, see:

$ man 2 connect

Edited by efa
Link to comment
Share on other sites

I'm trying to send the 2 day backlog of spams, I can send all with intermittent behavior. Some went through fastly, most take a long time (more than the promised 6 sec nag screen and the browser reload do not change the situation), few time end in gateway timeout where a reload finally sent. The "Send spam Report Now" button always sent in normal time, is the parsing phase that took lot of time, hope this help diagnosing.

Note: As all the spams in these down days are about the same, with only 3 .ru and .ua spamvertized domains, I have the doubt that are innocent domains.

Edited by efa
Link to comment
Share on other sites

I'm trying to send the 2 day backlog of spams, I can send all with intermittent behavior. Some went through fastly, most take a long time (more than the promised 6 sec nag screen and the browser reload do not change the situation), few time end in gateway timeout where a reload finally sent.

Note: As all the spams in these down days are about the same, with only 3 .ru and .ua spamvertized domains, I have the doubt that are innocent domains.

Could it be divided out that your slow ones were in the RIPE area?

Link to comment
Share on other sites

RIPE area for the mail source IP or for the host of the spamvertized links?

either/or. I do not have enough spam to tell for sure, but I think my slow ones might be having whois issues with RIPE. This will include both the mail source IP and the link host as the whois portion of the parser works the same on both.

Link to comment
Share on other sites

might be having whois issues with RIPE. This will include both the mail source IP and the link host as the whois portion of the parser works the same on both.

mail source was: airtel.in, sanchernet.in, bol.net.in, saudi.net.sa, ttnet.net.tr and sjrb.ca

so not all by RIPE.

Update: for the last ones, all went through very fast

Link to comment
Share on other sites

>- I understood that the spammer sent spam mails like normal users, but they send a lot.

OK. I see what you mean.

That hasn't happened for years. We still defend against it, but spammers haven't tried that trick for a long time.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

.

Link to comment
Share on other sites

Our individual reporting address are in this format:

submit.XXXXXXXXXXXXXXXX[at]spam.spamcop.net

IIRC, our quick reporting addresses are in the same format, except that they start with

"quick" instead of "submit", which gives this format:

quick.XXXXXXXXXXXXXXXX[at]spam.spamcop.net

Am I correct? (I haven't used quick reporting for a few years, and I've forgotten how

to set it up, or to find out what my quick reporting address is).

Thanks in advance for any help or advice! :D

[EDIT]:

I just found the answer in the SpamCop FAQ, so just ignore my question.

Sorry for any inconvenience! :blush:

May I have the direct URL to quick reporting in SpamCop FAQ?
Link to comment
Share on other sites

That hasn't happened for years. We still defend against it, but spammers haven't tried that trick for a long time.

I hope net engineer identified the account responsible of flooding, and maybe the source of the attack

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share


×
×
  • Create New...