karlisma Posted December 20, 2005 Share Posted December 20, 2005 http://www.spamcop.net/sc?id=z844222972zf8...b3fde37907b133z ..or is it just an error? Link to comment Share on other sites More sharing options...
agsteele Posted December 20, 2005 Share Posted December 20, 2005 http://www.spamcop.net/sc?id=z844222972zf8...b3fde37907b133z ..or is it just an error? 38200[/snapback] Hi karlisma! I'm not sure what error you think may have arisen.... The report parses correctly and reports would go as follows: Re: 87.2.236.237 (Administrator of network where email originates) To: postmaster[at]telecomitalia.it (Notes) To: abuse[at]interbusiness.it (Notes) To: abuse[at]telecomitalia.it (Notes) It's your report so I didn't click through and submit it. I noticed the bunch of URLs inside the spam that were obfuscated. That's often the case these days but since the primary purpose of SpamCop is to identify the sending IP I'm not sure that there is an error with this report. Presumably it is the obfuscated URL you're talking about? Andrew Link to comment Share on other sites More sharing options...
karlisma Posted December 20, 2005 Author Share Posted December 20, 2005 I'm not sure what error you think may have arisen.... The report parses correctly and reports would go as follows: Presumably it is the obfuscated URL you're talking about? 38201[/snapback] isn't it like obvious? see topic: tricking with google, hiding spamvertised site Link to comment Share on other sites More sharing options...
turetzsr Posted December 20, 2005 Share Posted December 20, 2005 isn't it like obvious? see topic: tricking with google, hiding spamvertised site38203[/snapback] Hi, karlisma, ...Not all of us are up to the task of seeing the obvious -- please don't think too harshly of us! <g> ...Taking the risk that I understand what you mean (that the "real" spamvertized web site is "hidden" by using the www.google.com address), perhaps the following thread would be of interest (replacing "TinyURL" with "Google"): Follow TinyURL Redirection. Link to comment Share on other sites More sharing options...
petzl Posted December 20, 2005 Share Posted December 20, 2005 http://www.spamcop.net/sc?id=z844497966z7f28a5c551095ce141348818358ea36az Did not know google had a redirect service like "tinyUrl"? WARNING Pill pushing spammer uses this to redirect http://www.google.com/url?sa=D&q=http%3a//www.google.com/url%3fsa=D%26q=http%3a//deducy.experreat%252ecom I did report to abuse desk of Chinese site it redirects to (seems they have a history of ignoring in any case) I also sent a personal report to abuse [at] Google forwarding spam as attachment and received a auto acknowledgement. Not sure how long they react to this Moderator edit: merged into an existing Topic on the same subject. Link to comment Share on other sites More sharing options...
btech Posted December 21, 2005 Share Posted December 21, 2005 My guess is you're referring to this: <http://www.google.com/url?sa=3DD&q=3Dhttp%3a//www.google.com/url%3fsa=3D= D%26q =3Dhttp%3a//flavoui.ommofesi%252ecom>=20 I got this in my inbox as well and just manually reported: http://flavoui.ommofesi.com and got: Parsing input: http://flavoui.ommofesi.com Host flavoui.ommofesi.com (checking ip) IP not found ; flavoui.ommofesi.com discarded as fake. No recent reports, no history available Routing details for 221.7.209.69 [refresh/show] Cached whois for 221.7.209.69 : glxk[at]gxcc.com.cn Using last resort contacts glxk[at]gxcc.com.cn Statistics: 221.7.209.69 not listed in bl.spamcop.net More Information.. 221.7.209.69 not listed in dnsbl.njabl.org 221.7.209.69 not listed in dnsbl.njabl.org 221.7.209.69 not listed in cbl.abuseat.org 221.7.209.69 listed in dnsbl.sorbs.net ( 127.0.0.10 ) 221.7.209.69 not listed in relays.ordb.org. Reporting addresses: glxk[at]gxcc.com.cn Put the reporting address in "User Notification" and you're good to go. It's a crafty way to trick the parsers, but that's why you have to do some manual work to beat the spammer. Link to comment Share on other sites More sharing options...
karlisma Posted December 21, 2005 Author Share Posted December 21, 2005 glxk[at]gxcc.com.cn no, i would not even try to report to them. Useless. from spam i receive, 85% of spamwertised homepages are at gxcc. and Yes: ...Taking the risk that I understand what you mean (that the "real" spamvertized web site is "hidden" by using the www.google.com address), perhaps the following thread would be of interest (replacing "TinyURL" with "Google"): Follow TinyURL Redirection. You are right - hiding site using google. Link to comment Share on other sites More sharing options...
turetzsr Posted December 21, 2005 Share Posted December 21, 2005 <snip> and Yes: ...Taking the risk that I understand what you mean (that the "real" spamvertized web site is "hidden" by using the www.google.com address), perhaps the following thread would be of interest (replacing "TinyURL" with "Google"): Follow TinyURL Redirection.38209[/snapback] You are right - hiding site using google.38274[/snapback] ...Thanks! Did you look at the "Follow TinyURL Redirection" article? I think it deals with the issue you raise. Link to comment Share on other sites More sharing options...
btech Posted December 21, 2005 Share Posted December 21, 2005 glxk[at]gxcc.com.cn no, i would not even try to report to them. Useless. from spam i receive, 85% of spamwertised homepages are at gxcc.Ā I wouldn't be so quick to stop reporting, just because you have an over-abundance of spamvertized site being hosted by one company. There was a time when Hinet was hosting 80%+, but they very quickly shut sites down. Reporting Russian ISPs & Hosts.. now THAT'S useless. Link to comment Share on other sites More sharing options...
petzl Posted December 23, 2005 Share Posted December 23, 2005 tiny.url seem very quick in knocking out spamvertised redirections the google link and google company are proving to be worse than china as to removing this link? Time to sell out of Google showing signs of complacency I think Link to comment Share on other sites More sharing options...
petzl Posted December 24, 2005 Share Posted December 24, 2005 http://www.spamcop.net/sc?id=z846071669za2...f2a2eac026a899z Another using google groups? Philippine Spammers site http://pagead2.googlesyndication.com/pagea...130988147855234 Have report site and re-directions to abuse[at]google and Doubt if Google will act Time to dump Google looks like they are going down the failures path of [at]home and others have gone down leading to almost bankruptcy. Seems to be a know nothing management at Google have at present taken the wheel Link to comment Share on other sites More sharing options...
Jank1887 Posted January 23, 2006 Share Posted January 23, 2006 ok, coming in late to the conversation here, but I think maybe I'm missing something. There seems to be two very different things happening when you compare using a TinyURL obfuscation to using a google redirect link. With TinyURL, the actual address is hidden. This removes SpamCop's ability to see the actual destination, and forces SC to send reports to TinyURL, hoping they will shut down the link (and they seem responsive in that manner.) With Google, just like yahoo, and everyone else who has redirect scripts in place, the destination URL is in plain sight in a standard format link, AND Google takes absolutely no active role in the linking process. I.e., I can currently make the following SpamCop redirect: SPAMCOP VIA GOOGLE REDIRECT Google has no role in that process other than having their server used as a bounce. Now, I see little reason for these bouncers to exist, but that's beside the point, as they do. It would seem to me to be a relatively simple matter for the parser to identify such links for what they are, and to parse the second portion of the link, ignoring the google portion. I thought spamcop already did this for Yahoo redirects, but I'm too lazy to look it up right now. Google currently ignores the reports, as they should, because the only thing they could do about it is turn off the entire redirect scri_pt, which (if they actively use it on their own stuff) they'd probably be hesitant to do. Link to comment Share on other sites More sharing options...
Jeff G. Posted January 28, 2006 Share Posted January 28, 2006 My reply at http://forum.spamcop.net/forums/index.php?...indpost&p=29891 to Incomplete Report? applies as equally to Google and other transparent redirection providers as it does to Yahoo!. Link to comment Share on other sites More sharing options...
lcusdtech Posted March 20, 2006 Share Posted March 20, 2006 edit: I think this is another example of the parser missing the url google is redirecting even though it is in plain sight. Tracking url Moderator edit: Merged this new post into an existing Topic/Discussion. PM sent. Link to comment Share on other sites More sharing options...
Jank1887 Posted June 20, 2006 Share Posted June 20, 2006 It would seem to me to be a relatively simple matter for the parser to identify such links for what they are, and to parse the second portion of the link, ignoring the google portion... Which it now seems to do, as I described in this post: Google redirect parsing not sure if it works for anything other than google, though. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.