dra007 Posted August 7, 2013 Share Posted August 7, 2013 Am I the only one seeing an overnight increase in spam? This is not your typical run of the mill spam but very aggressive illegal carding ..drugs coming at an alarming rate of a few per second like a machinegun. As mentioned in an earlier post the pill spams are almost zero replaced by illegal stock trade which I stopped getting for a long time and now I get in droves, what's up with that?: -------------------------------------------------------------------------------- Submitted: Wednesday, August 07, 2013 11:00:23 PM +0200: Private Hacking and Carding Forum / New Domain No reports filed -------------------------------------------------------------------------------- Submitted: Wednesday, August 07, 2013 11:00:22 PM +0200: Trojan Fake Police No reports filed -------------------------------------------------------------------------------- Submitted: Wednesday, August 07, 2013 11:00:22 PM +0200: International carding board on new domain No reports filed -------------------------------------------------------------------------------- Submitted: Wednesday, August 07, 2013 11:00:21 PM +0200: For Investor No reports filed -------------------------------------------------------------------------------- Submitted: Wednesday, August 07, 2013 11:00:21 PM +0200: carding forum - new domain No reports filed -------------------------------------------------------------------------------- Submitted: Wednesday, August 07, 2013 11:00:21 PM +0200: Virus Gendarmerie No reports filed -------------------------------------------------------------------------------- Submitted: Wednesday, August 07, 2013 11:00:20 PM +0200: For Trader No reports filed -------------------------------------------------------------------------------- Submitted: Wednesday, August 07, 2013 11:00:20 PM +0200: International carding board on new domain No reports filed -------------------------------------------------------------------------------- Submitted: Wednesday, August 07, 2013 11:00:19 PM +0200: Virus Gendarmerie No reports filed And why are no reports filled yet? Is spamcop still down? Link to comment Share on other sites More sharing options...
Farelf Posted August 7, 2013 Share Posted August 7, 2013 Probably just paranoia on my part, but see the conjecture towards the end of http://forum.spamcop.net/forums/index.php?...ost&p=85358. SC should be up - can you ask Don about any reporting backlog (PM or e-mail)? He may not see a topic in the Lounge. Link to comment Share on other sites More sharing options...
petzl Posted August 8, 2013 Share Posted August 8, 2013 Am I the only one seeing an overnight increase in spam? This is not your typical run of the mill spam but very aggressive illegal carding ..drugs coming at an alarming rate of a few per second like a machinegun. As mentioned in an earlier post the pill spams are almost zero replaced by illegal stock trade which I stopped getting for a long time and now I get in droves, what's up with that?: The "Greylist" is not challenging this spam either? http://webmail.spamcop.net/horde/imp/spamc...ist_pending.php Tried just the Block Russian: http://webmail.spamcop.net/horde/imp/spamcop/blacklists.php with all blacklists off and it catches them on it's own (so it seems to be Russian operated Botnet malware) It must have Cyrillic characters on server side? Don't see them in headers All gets held but must be over 1000 a day same headers you described Harder to delete them in my trash folder than it is to report them. I suspect a lot of SC email users are getting them. The server can be set to no even accept Russian Cyrillic email this needs to be considered Link to comment Share on other sites More sharing options...
dra007 Posted August 8, 2013 Author Share Posted August 8, 2013 I have Russia on my grey list, this is stuff that gets through (about 40 %) but trapped in my Postini spam folder, not all of it is coming with Cyrilic characters, less than 5%. The point is that these are very large and continuous spam runs. -------------------------------------------------------------------------------- Submitted: Thursday, August 08, 2013 8:30:10 AM +0200: Carding News / New Domain No reports filed -------------------------------------------------------------------------------- Submitted: Thursday, August 08, 2013 8:30:10 AM +0200: Private Hacking and Carding Forum / New Domain No reports filed -------------------------------------------------------------------------------- Submitted: Thursday, August 08, 2013 8:30:10 AM +0200: For Investor No reports filed -------------------------------------------------------------------------------- Submitted: Thursday, August 08, 2013 8:30:09 AM +0200: For Trader No reports filed -------------------------------------------------------------------------------- Submitted: Thursday, August 08, 2013 8:30:09 AM +0200: =?UNKNOWN?B?68HLINXC0sHU2CDWydfP1CDJIMLPy8E=?= No reports filed -------------------------------------------------------------------------------- Submitted: Thursday, August 08, 2013 8:30:09 AM +0200: Trojan Ransomware No reports filed -------------------------------------------------------------------------------- Submitted: Thursday, August 08, 2013 8:30:08 AM +0200: Virus Gendarmerie No reports filed -------------------------------------------------------------------------------- Submitted: Thursday, August 08, 2013 8:30:08 AM +0200: =?UNKNOWN?B?9O/wIDEwINPBzdnIINzGxsXL1MnXztnIIMTJxdQ=?= No reports filed -------------------------------------------------------------------------------- Submitted: Thursday, August 08, 2013 8:30:08 AM +0200: carding forum - new domain No reports filed -------------------------------------------------------------------------------- Submitted: Thursday, August 08, 2013 8:30:07 AM +0200: Entheogens forum No reports filed Link to comment Share on other sites More sharing options...
petzl Posted August 8, 2013 Share Posted August 8, 2013 I have Russia on my grey list, this is stuff that gets through (about 40 %) but trapped in my Postini spam folder, not all of it is coming with Cyrilic characters, less than 5%. The point is that these are very large and continuous spam runs. I don't see Cyrillic in the headers however the server side must pick it up as it is stamped "X-SpamCop-Disposition: Blacklist" Which means its Cryllic (Russian language) and block JT once said he could rig his server to reject Crillic email (sounds good to me) http://www.spamcop.net/sc?id=z5543875529z0...f3ad52ca9aa12bz Look at the headers you will see yourself SpamCop SMTP (email client, not Webmail) is still spewing spam Link to comment Share on other sites More sharing options...
Farelf Posted August 8, 2013 Share Posted August 8, 2013 Make sure Don is aware of the "No reports filed" guys (per my previous), if you would. This Lounge area is not one of his priorities in terms of reviewing new posts, he once wrote. Link to comment Share on other sites More sharing options...
petzl Posted August 8, 2013 Share Posted August 8, 2013 Make sure Don is aware of the "No reports filed" guys (per my previous), if you would. This Lounge area is not one of his priorities in terms of reviewing new posts, he once wrote. SpamCop is a bit slow but for me files the "Quick report" in 30 minutes? Make sure your mailhosts are in order or SpamCop won't "Quick Report" Link to comment Share on other sites More sharing options...
dra007 Posted August 8, 2013 Author Share Posted August 8, 2013 I thought Spamcop gave you a warning if mailhosts not configured correctly. Link to comment Share on other sites More sharing options...
dra007 Posted August 8, 2013 Author Share Posted August 8, 2013 Had to go back to find some that were submitted, apparently it does take some time, looks like Vietnam is back on the radar, it was quiet for a while, Belarus is now the greatest spammer of all but also Kazakhstan and Ukraine, these are the main culprits or compromised servers.. Submitted: Thursday, August 08, 2013 11:53:02 AM +0200: Smoke Blends forum • 5987359688 ( 37.215.63.207 ) To: postmaster[at]belpak.by • 5987359687 ( 37.215.63.207 ) To: abuse[at]belpak.by • 5987359686 ( 37.215.63.207 ) To: abuse[at]belpak.minsk.by -------------------------------------------------------------------------------- Submitted: Thursday, August 08, 2013 11:53:02 AM +0200: rre: Mortgagge Rate Ddrop • 5987359699 ( 199.180.255.144 ) To: abuse#ramhost.us[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Thursday, August 08, 2013 11:53:01 AM +0200: =?UNKNOWN?B?5MnF1Nkg2tfF2sQ=?= • 5987359711 ( 92.47.102.67 ) To: noc[at]online.kz • 5987359710 ( 92.47.102.67 ) To: abuse[at]telecom.kz • 5987359709 ( 92.47.102.67 ) To: abuse.spam[at]telecom.kz -------------------------------------------------------------------------------- Submitted: Thursday, August 08, 2013 11:53:01 AM +0200: Trojan Fake Police • 5987359731 ( 113.181.106.168 ) To: postmaster[at]vnn.vn • 5987359730 ( 113.181.106.168 ) To: abuse[at]vnn.vn -------------------------------------------------------------------------------- Submitted: Thursday, August 08, 2013 11:53:01 AM +0200: Virus Gendarmerie • 5987359738 ( 5.32.131.19 ) To: nomaster[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Thursday, August 08, 2013 11:53:00 AM +0200: Powders, pills, smoking blends • 5987359769 ( 37.215.63.207 ) To: postmaster[at]belpak.by • 5987359768 ( 37.215.63.207 ) To: abuse[at]belpak.by • 5987359767 ( 37.215.63.207 ) To: abuse[at]belpak.minsk.by -------------------------------------------------------------------------------- Submitted: Thursday, August 08, 2013 9:14:58 AM +0200: Contact me, I'm so lonely • 5987287091 ( 37.45.7.71 ) To: abuse[at]belpak.by -------------------------------------------------------------------------------- Submitted: Thursday, August 08, 2013 9:14:57 AM +0200: Money Clip • 5987287106 ( 119.201.237.13 ) To: abuse[at]kornet.net -------------------------------------------------------------------------------- Submitted: Thursday, August 08, 2013 9:14:57 AM +0200: International carding board on new domain • 5987287118 ( 67.236.197.183 ) To: abuse[at]centurytel.net • 5987287117 ( 67.236.197.183 ) To: abuse[at]centurylinkservices.net • 5987287116 ( 67.236.197.183 ) To: abuse[at]embarqservices.net • 5987287115 ( 67.236.197.183 ) To: postmaster[at]centurylinkservices.net -------------------------------------------------------------------------------- Submitted: Thursday, August 08, 2013 9:14:56 AM +0200: International carding board on new domain • 5987287137 ( 42.114.83.77 ) To: admin[at]fpt.vn • 5987287136 ( 42.114.83.77 ) To: abuse#fpt.vn[at]devnull.spamcop.net • 5987287135 ( 42.114.83.77 ) To: abuse[at]fptonline.net • 5987287134 ( 42.114.83.77 ) To: report[at]vncert.vn • 5987287133 ( 42.114.83.77 ) To: postmaster[at]fpt.vn Link to comment Share on other sites More sharing options...
petzl Posted August 8, 2013 Share Posted August 8, 2013 Had to go back to find some that were submitted, apparently it does take some time, looks like Vietnam is back on the radar, it was quiet The f for a while, Belarus is now the greatest spammer of all but also Kazakhstan and Ukraine, these are the main culprits or compromised servers.. • 5987287133 ( 42.114.83.77 ) To: postmaster[at]fpt.vn Yes and if you use a SpamCop or Cesmail as a direct email address as I do it can mark Cryllic spam as "Black" list The "fault" is these Russian operated Botnets are not being held/challenged by Greylisting. AFAIK this is done by forging TLS certificates Even if this Botnet comes from VN/USA/CA/RU/ETC, it still signs on to a mail host with cyrillic text but need to see server Log to confirm Link to comment Share on other sites More sharing options...
dra007 Posted August 8, 2013 Author Share Posted August 8, 2013 I just don't know what these idiots want, they don't seem to be selling anything yet they send hundreds of useless e-mails a day. Just when my spam was reduced to nearly a trickle.. Link to comment Share on other sites More sharing options...
petzl Posted August 9, 2013 Share Posted August 9, 2013 I just don't know what these idiots want, they don't seem to be selling anything yet they send hundreds of useless e-mails a day. Just when my spam was reduced to nearly a trickle.. "They" are a Russian Crime Gang that try to blackmail sites for ransom by DDoS attacks. The sites mentioned in spam seem to be Russian sites. Not sure of the spam attacks purpose they just get reported? Although all Cyrillic/Russian sites have a notoriety of ignoring abuse reports many do not even have a contact address, This Russian is mistakenly blaming SpamCop for the DDoS attack on his website he claims to have a demand for money to stop the attack. http://forum.spamcop.net/forums/index.php?...ost&p=85045 His site is into hacking websites, writing Malware for gathering credit card numbers (Carding Forum). So it maybe that he is just checking on if SC reporting poses a threat to him (be careful about believing his claimed purpose, his claim need to be taken with a pinch of salt) Link to comment Share on other sites More sharing options...
Lking Posted August 9, 2013 Share Posted August 9, 2013 Am I the only one seeing an overnight increase in spam? Sorry for the delay, but me to. Been getting the same type of spam, but was occupied with the flood of misdirected bounces. The bounces have been coming in to bogus mailboxes, but the spam similar to those in the OP have been coming to an active mailbox. Both types of spam seem to have tapered off today. I was a bit paranoid about the carding spam at first. I have just added a PayPal/card payment button to a website and during the process posted questions on their "support" page and forum. (putting support in "" overstates the usefulness.) As I posted before, the Rx spam has been 0 of late. Am getting several "legal party" drug spam currently. Link to comment Share on other sites More sharing options...
dra007 Posted August 9, 2013 Author Share Posted August 9, 2013 getting the party powder spam as well, wondering if they target spamcop users on purpose, I also saw an increase in fake FaceBook phishers the last couple of days. Bottom line is that the spam has increased from a few daily to hundreds, so many my mailbox is full just as I finish reporting ...this is more than spam it is flooding with junk...haven't seen this type of aggressive behavior in years! When this started I was getting one or two carding spam a day even less, I thought they were odd wondering how those criminals got hold of my adress, then it blew out of proportion in the last few weeks... Submitted: Friday, August 09, 2013 8:43:19 AM +0200: Start Trading Now • 5987784122 ( 195.138.82.98 ) To: abuse[at]te.net.ua -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:19 AM +0200: Carding News / New Domain • 5987784140 ( 83.149.8.10 ) To: msk-ip-support[at]megafon.ru -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:18 AM +0200: Carding News / New Domain • 5987784177 ( 178.126.80.172 ) To: max[at]mgts.by -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:18 AM +0200: For Investor • 5987784183 ( 37.17.114.249 ) To: postmaster[at]velcom.by • 5987784182 ( 37.17.114.249 ) To: abuse[at]velcom.by -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:17 AM +0200: Virus Gendarmerie • 5987784211 ( 69.180.215.98 ) To: abuse[at]comcast.net -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:17 AM +0200: Trojan Fake Police • 5987784276 ( 83.15.205.65 ) To: abuse[at]tpnet.pl -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:17 AM +0200: International carding board on new domain • 5987784311 ( 46.160.17.238 ) To: alopatkin[at]dsn.ru Submitted: Friday, August 09, 2013 8:43:16 AM +0200: Virus Gendarmerie • 5987784365 ( 1.165.174.213 ) To: postmaster[at]hinet.net • 5987784364 ( 1.165.174.213 ) To: spam[at]ms1.hinet.net • 5987784363 ( 1.165.174.213 ) To: abuse#hinet.net[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:16 AM +0200: Carding News / New Domain • 5987784385 ( 98.151.212.206 ) To: abuse[at]rr.com -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:16 AM +0200: For Trader • 5987784390 ( 188.18.98.148 ) To: radiusmaster[at]permonline.ru • 5987784389 ( 188.18.98.148 ) To: adm[at]permonline.ru -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:15 AM +0200: For Trader • 5987784406 ( 178.126.96.210 ) To: max[at]mgts.by -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:15 AM +0200: Trojan Ransomware • 5987784407 ( 121.254.116.50 ) To: frank[at]emax.net.tw -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:14 AM +0200: Virus Gendarmerie • 5987784416 ( 219.85.102.72 ) To: ernest.lin[at]sonet-tw.net.tw • 5987784415 ( 219.85.102.72 ) To: bobby.chen[at]sonet-tw.net.tw -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:14 AM +0200: carding forum - new domain • 5987784464 ( 183.80.52.205 ) To: admin[at]fpt.vn • 5987784463 ( 183.80.52.205 ) To: abuse#fpt.vn[at]devnull.spamcop.net • 5987784462 ( 183.80.52.205 ) To: abuse[at]fptonline.net • 5987784461 ( 183.80.52.205 ) To: report[at]vncert.vn • 5987784459 ( 183.80.52.205 ) To: postmaster[at]fpt.vn -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:14 AM +0200: For Investor • 5987784567 ( 212.22.197.11 ) To: nomaster[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:13 AM +0200: International carding board on new domain • 5987784584 ( 188.51.14.73 ) To: registry[at]saudi.net.sa • 5987784583 ( 188.51.14.73 ) To: postmaster[at]saudi.net.sa • 5987784582 ( 188.51.14.73 ) To: abuse[at]saudi.net.sa -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:13 AM +0200: JWH, Naphyrone, 5-IAI and more • 5987784597 ( 94.253.59.88 ) To: alex[at]flex.ru Submitted: Friday, August 09, 2013 8:43:13 AM +0200: For Investor • 5987784612 ( 176.52.42.172 ) To: noc[at]tbt.ru • 5987784611 ( 176.52.42.172 ) To: abuse[at]hitv.ru • 5987784610 ( 176.52.42.172 ) To: postmaster#hitv.ru[at]devnull.spamcop.net • 5987784609 ( 176.52.42.172 ) To: matveeva[at]tbt.ru • 5987784608 ( 176.52.42.172 ) To: question[at]tbt.ru • 5987784607 ( 176.52.42.172 ) To: helpdesk[at]transtk.ru • 5987784606 ( 176.52.42.172 ) To: abuse[at]transtk.ru • 5987784605 ( 176.52.42.172 ) To: abuse[at]tbt.ru • 5987784604 ( 176.52.42.172 ) To: postmaster[at]tbt.ru -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:12 AM +0200: Virus Gendarmerie Nationale • 5987784631 ( 42.113.170.35 ) To: admin[at]fpt.vn • 5987784630 ( 42.113.170.35 ) To: abuse#fpt.vn[at]devnull.spamcop.net • 5987784629 ( 42.113.170.35 ) To: abuse[at]fptonline.net • 5987784628 ( 42.113.170.35 ) To: report[at]vncert.vn • 5987784627 ( 42.113.170.35 ) To: postmaster[at]fpt.vn -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:12 AM +0200: For Trader • 5987784636 ( 117.3.68.218 ) To: abuse[at]viettel.com.vn • 5987784635 ( 117.3.68.218 ) To: postmaster[at]viettel.com.vn • 5987784634 ( 117.3.68.218 ) To: report[at]vncert.vn • 5987784633 ( 117.3.68.218 ) To: spam[at]viettel.com.vn -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:12 AM +0200: For Investor • 5987784639 ( 111.246.94.54 ) To: postmaster[at]hinet.net • 5987784638 ( 111.246.94.54 ) To: spam[at]ms1.hinet.net • 5987784637 ( 111.246.94.54 ) To: abuse#hinet.net[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:11 AM +0200: Start Trading Now • 5987784665 ( 193.85.165.167 ) To: abuse[at]gts.cz -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:11 AM +0200: Smoking blends • 5987784741 ( 111.252.31.44 ) To: postmaster[at]hinet.net • 5987784740 ( 111.252.31.44 ) To: spam[at]ms1.hinet.net • 5987784738 ( 111.252.31.44 ) To: abuse#hinet.net[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:11 AM +0200: Trojan Fake Police • 5987784800 ( 95.58.75.121 ) To: noc[at]online.kz • 5987784799 ( 95.58.75.121 ) To: abuse[at]telecom.kz • 5987784798 ( 95.58.75.121 ) To: abuse.spam[at]telecom.kz -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:10 AM +0200: Trojan Fake Police • 5987784810 ( 95.87.246.154 ) To: liubenov[at]net1.bg • 5987784809 ( 95.87.246.154 ) To: office[at]net1.bg -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:10 AM +0200: Virus Gendarmerie • 5987784830 ( 83.149.48.100 ) To: abuse-mailbox[at]megafon.ru • 5987784829 ( 83.149.48.100 ) To: abuse[at]megafonmoscow.ru • 5987784828 ( 83.149.48.100 ) To: abuse[at]megafon.ru • 5987784827 ( 83.149.48.100 ) To: noc[at]sonicduo.com • 5987784824 ( 83.149.48.100 ) To: sib-abuse[at]megafon.ru • 5987784823 ( 83.149.48.100 ) To: abuse[at]sonicduo.com • 5987784822 ( 83.149.48.100 ) To: top-ip-support[at]megafonmoscow.ru -------------------------------------------------------------------------------- Submitted: Friday, August 09, 2013 8:43:09 AM +0200: Virus Gendarmerie Nationale • 5987784833 ( 184.74.201.210 ) To: abuse[at]rr.com The odd thing is the illegal trading has come back at the same time as all the illegal Russian flood also from the same source... The trend I see doesn't seem to be reflected in the general SC statistics so it cannot be so widespread for the time being! Link to comment Share on other sites More sharing options...
petzl Posted August 9, 2013 Share Posted August 9, 2013 getting the party powder spam as well, wondering if they target spamcop users on purpose, I also saw an increase in fake FaceBook phishers the last couple of days. Bottom line is that the spam has increased from a few daily to hundreds, so many my mailbox is full just as I finish reporting ...this is more than spam it is flooding with junk...haven't seen this type of aggressive behavior in years! When this started I was getting one or two carding spam a day even less, I thought they were odd wondering how those criminals got hold of my adress, then it blew out of proportion in the last few weeks... [snip] The odd thing is the illegal trading has come back at the same time as all the illegal Russian flood also from the same source... All marked as Cyrillic but not stopped by Greylist? Something is allowing Greylisting to be bypassed by this malware It's "normal" for spam botnets to increase flood as the Malware spreads People logging int spam websites installs this Russian Malware Meanwhile SC email spews spam https://www.senderscore.org/lookup.php?look...p;ipLookup.y=10 SC should of stopped email clients (not webmail) using IP 216.154.195.49 ages ago? Make people like me logon change password after a Malware scan before I can send email again (one can easily temporarily change to eg Gmail to send email) Again Greylisting needs to start working and the flood will decrease Link to comment Share on other sites More sharing options...
Lking Posted August 9, 2013 Share Posted August 9, 2013 SC should of stopped email clients (not webmail) using IP 216.154.195.49 ages ago? Make people like me logon change password after a Malware scan before I can send email again (one can easily temporarily change to eg Gmail to send email) Again Greylisting needs to start working and the flood will decrease the spam being received by sc email accounts is only part is the flood. I'm getting the same spam with only a reporting account. Link to comment Share on other sites More sharing options...
petzl Posted August 9, 2013 Share Posted August 9, 2013 the spam being received by sc email accounts is only part is the flood. I'm getting the same spam with only a reporting account. Having had a SpamCop Email account since well before this millennium (even before Cesmail took it over) I/those that signed up for it always expected and have had various spammer attacks. I/we take it as a compliment (thanks spammers everywhere). No problem to shut down my ability to send email (just put it on the SC email webpage when "they" do) it won't be a first. Attacking back is fun love pulling the wings off a spammer then applying a flame to make them come ALIVE Link to comment Share on other sites More sharing options...
dra007 Posted August 11, 2013 Author Share Posted August 11, 2013 I would like to pull the heads off these guys not just the wings...I have no idea if reporting them is doing any good if they use compromised servers... Link to comment Share on other sites More sharing options...
turetzsr Posted August 27, 2013 Share Posted August 27, 2013 All marked as Cyrillic but not stopped by Greylist? Something is allowing Greylisting to be bypassed by this malware It's "normal" for spam botnets to increase flood as the Malware spreads People logging int spam websites installs this Russian Malware Meanwhile SC email spews spam https://www.senderscore.org/lookup.php?look...p;ipLookup.y=10 SC should of stopped email clients (not webmail) using IP 216.154.195.49 ages ago? Make people like me logon change password after a Malware scan before I can send email again (one can easily temporarily change to eg Gmail to send email) Again Greylisting needs to start working and the flood will decrease ...Please see SpamCop Forum article "greylisting." Link to comment Share on other sites More sharing options...
dra007 Posted August 28, 2013 Author Share Posted August 28, 2013 Happy to report these guys and their overwhelming spam-run (longest in my memory of over 8 years since I started reporting) have stopped as abruptly as they started. Hope someone succeeded in putting them down for good. Interestingly pill and watches spam have started to trickle in again. by the way I had done nothing to my greylisting to make them stop Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.