Jump to content

tricking with google


karlisma
 Share

Recommended Posts

http://www.spamcop.net/sc?id=z844222972zf8...b3fde37907b133z

..or is it just an error?

38200[/snapback]

Hi karlisma!

I'm not sure what error you think may have arisen.... The report parses correctly and reports would go as follows:

Re: 87.2.236.237 (Administrator of network where email originates)

To: postmaster[at]telecomitalia.it (Notes)

To: abuse[at]interbusiness.it (Notes)

To: abuse[at]telecomitalia.it (Notes)

It's your report so I didn't click through and submit it. I noticed the bunch of URLs inside the spam that were obfuscated. That's often the case these days but since the primary purpose of SpamCop is to identify the sending IP I'm not sure that there is an error with this report.

Presumably it is the obfuscated URL you're talking about?

Andrew

Edited by agsteele
Link to comment
Share on other sites

isn't it like obvious? see topic: tricking with google, hiding spamvertised site

38203[/snapback]

Hi, karlisma,

...Not all of us are up to the task of seeing the obvious -- please don't think too harshly of us! :) <g>

...Taking the risk that I understand what you mean (that the "real" spamvertized web site is "hidden" by using the www.google.com address), perhaps the following thread would be of interest (replacing "TinyURL" with "Google"): Follow TinyURL Redirection.

Link to comment
Share on other sites

http://www.spamcop.net/sc?id=z844497966z7f28a5c551095ce141348818358ea36az

Did not know google had a redirect service like "tinyUrl"?

WARNING Pill pushing spammer uses this to redirect

http://www.google.com/url?sa=D&q=http%3a//www.google.com/url%3fsa=D%26q=http%3a//deducy.experreat%252ecom

I did report to abuse desk of Chinese site it redirects to (seems they have a history of ignoring in any case)

I also sent a personal report to abuse [at] Google forwarding spam as attachment and received a auto acknowledgement. Not sure how long they react to this

Moderator edit: merged into an existing Topic on the same subject.

Edited by Wazoo
Link to comment
Share on other sites

My guess is you're referring to this:

&lt;http://www.google.com/url?sa=3DD&amp;q=3Dhttp%3a//www.google.com/url%3fsa=3D=
D%26q
=3Dhttp%3a//flavoui.ommofesi%252ecom&gt;=20

I got this in my inbox as well and just manually reported: http://flavoui.ommofesi.com

and got:

Parsing input: http://flavoui.ommofesi.com

Host flavoui.ommofesi.com (checking ip) IP not found ; flavoui.ommofesi.com discarded as fake.

No recent reports, no history available

Routing details for 221.7.209.69

[refresh/show] Cached whois for 221.7.209.69 : glxk[at]gxcc.com.cn

Using last resort contacts glxk[at]gxcc.com.cn

Statistics:

221.7.209.69 not listed in bl.spamcop.net

More Information..

221.7.209.69 not listed in dnsbl.njabl.org

221.7.209.69 not listed in dnsbl.njabl.org

221.7.209.69 not listed in cbl.abuseat.org

221.7.209.69 listed in dnsbl.sorbs.net ( 127.0.0.10 )

221.7.209.69 not listed in relays.ordb.org.

Reporting addresses:

glxk[at]gxcc.com.cn

Put the reporting address in "User Notification" and you're good to go. It's a crafty way to trick the parsers, but that's why you have to do some manual work to beat the spammer.

Link to comment
Share on other sites

glxk[at]gxcc.com.cn

no, i would not even try to report to them. Useless.

from spam i receive, 85% of spamwertised homepages are at gxcc. ;)

and Yes:

...Taking the risk that I understand what you mean (that the "real" spamvertized web site is "hidden" by using the www.google.com address), perhaps the following thread would be of interest (replacing "TinyURL" with "Google"): Follow TinyURL Redirection.

You are right - hiding site using google.

Link to comment
Share on other sites

<snip>

and Yes:

...Taking the risk that I understand what you mean (that the "real" spamvertized web site is "hidden" by using the www.google.com address), perhaps the following thread would be of interest (replacing "TinyURL" with "Google"): Follow TinyURL Redirection.

38209[/snapback]

You are right - hiding site using google.

38274[/snapback]

...Thanks! Did you look at the "Follow TinyURL Redirection" article? I think it deals with the issue you raise.
Link to comment
Share on other sites

glxk[at]gxcc.com.cn

no, i would not even try to report to them. Useless.

from spam i receive, 85% of spamwertised homepages are at gxcc.  ;)

I wouldn't be so quick to stop reporting, just because you have an over-abundance of spamvertized site being hosted by one company. There was a time when Hinet was hosting 80%+, but they very quickly shut sites down.

Reporting Russian ISPs & Hosts.. now THAT'S useless.

Link to comment
Share on other sites

tiny.url seem very quick in knocking out spamvertised redirections

the google link and google company are proving to be worse than china as to removing this link?

Time to sell out of Google showing signs of complacency I think

Link to comment
Share on other sites

http://www.spamcop.net/sc?id=z846071669za2...f2a2eac026a899z

Another using google groups?

Philippine Spammers site

http://pagead2.googlesyndication.com/pagea...130988147855234

Have report site and re-directions to abuse[at]google and

Doubt if Google will act

Time to dump Google looks like they are going down the failures path of [at]home and others have gone down leading to almost bankruptcy. Seems to be a know nothing management at Google have at present taken the wheel

Link to comment
Share on other sites

  • 5 weeks later...

ok, coming in late to the conversation here, but I think maybe I'm missing something. There seems to be two very different things happening when you compare using a TinyURL obfuscation to using a google redirect link.

With TinyURL, the actual address is hidden. This removes SpamCop's ability to see the actual destination, and forces SC to send reports to TinyURL, hoping they will shut down the link (and they seem responsive in that manner.)

With Google, just like yahoo, and everyone else who has redirect scripts in place, the destination URL is in plain sight in a standard format link, AND Google takes absolutely no active role in the linking process. I.e., I can currently make the following SpamCop redirect:

SPAMCOP VIA GOOGLE REDIRECT

Google has no role in that process other than having their server used as a bounce. Now, I see little reason for these bouncers to exist, but that's beside the point, as they do.

It would seem to me to be a relatively simple matter for the parser to identify such links for what they are, and to parse the second portion of the link, ignoring the google portion. I thought spamcop already did this for Yahoo redirects, but I'm too lazy to look it up right now. Google currently ignores the reports, as they should, because the only thing they could do about it is turn off the entire redirect scri_pt, which (if they actively use it on their own stuff) they'd probably be hesitant to do.

Link to comment
Share on other sites

  • 1 month later...
  • 3 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...