Jump to content

spammer faking live links


ewv

Recommended Posts

Spammer is using quasi invisible links to falsify innocent domains.

<a href=http://hormones.net>`</a><p><a href=http://activism.com>^</a></p><a href=http://materially.org>*</a>

(This may have been in another post but I don't remember where or what the context was.) This displays as the three separate characters ' ^ and * as live links on only single characters on separate lines, in this case buried at the bottom of the page away from the spammer's link.

From activism.com:

Thank you for your report, however, this spam, has nothing to do with us. 

The spammers seem to throw other domains into the html code to throw off

the reporting services (like Spamcop) that have nothing to do with the

spam itself.  This has been a tactic used lately and there is nothing we

can do about it.

Another unsurprising example of the characteristic spammer dishonesty deliberately intended to disrupt innocent people (as well as "competitors" of their own kind) in complaints against the spammer's own harassment. These creatures are pure malignance who if not stopped will sooner or later begin to be mysteriously found face down in a swamp somewhere when people refuse to put up with it anymore and someone is pushed over the edge.

Link to comment
Share on other sites

Thanks for the heads up ewv. Another variation to look forward to - but this one has the potential to turn mole reports into a bit of a nuisance, hasn't it? As I understand it mole reporters haven't the facility to discriminate in what reports to send, it's all or none for a particular spam so far as I can see.

Anyway, let's not let them get us down, however tempting it might be to daydream about Lord Kitchener's "rule .303"* (was there ever a US equivalent - "rule .30 '06", perhaps?), most of them probably *want* to be hated.

*Okay, I notice Google has lots of matches off the topic for "rule .303", so this is added:

"Rule .303" was allegedly an unwritten order issed by Lord Kitchener in the prosecution of the Boer War which required the field execution of captured Boer militia who were deemed guilty of certain acts of deception and/or "savage" behaviour (.303 was the British military calibre at the time, used in such executions). Kitchener denied the existence of such an order when the conduct of the war came under unsympathetic scrutiny. He supposedly admitted to it later.

Link to comment
Share on other sites

has the potential to turn mole reports into a bit of a nuisance
not sure I understand the context ... mole reporting sends no actual reports, and even with feeding the database, this is only for the IPAddress of the incoming spam ... don't see where these web-sites get involved (in a mole report).

This has been a tactic used lately and there is nothing we can do about it.

Based on the response to the alleged SpamCop report, they should have had the option to follow up on the complaint and get themselves marked as an Innocent Bystander, which would stop future reports.

Link to comment
Share on other sites

This has been a tactic used lately and there is nothing we can do about it.

Based on the response to the alleged SpamCop report, they should have had the option to follow up on the complaint and get themselves marked as an Innocent Bystander, which would stop future reports.

...Not only that, but IMHO they should care enough about the spammers doing this to them that they should pursue the spammers, as other ISPs and e-mail providers do.

Link to comment
Share on other sites

... mole reporting sends no actual reports, and even with feeding the database, this is only for the IPAddress of the incoming spam ... don't see where these web-sites get involved (in a mole report).

I don't know - SpamCop certainly resolves the links and appears to prepare reports (to itself, affecting statistics?) - ref:

Example - (recently submitted & "silent" reports sent)

Am I misinterpreting something here?

Link to comment
Share on other sites

OK, just my guess ... the normal parsing tool is used to handle the analysis of the spam, but the reports are flagged to not go out. Unless there are yet more undocumented changes going on, SpamCop was not in the business of logging URLs for any type of logging or blocking action, so the only one that counted anywhere was the e-mail source IP addresss for the DNSbl .... So I'd suggest that the report comments in your example are just fall-out from using the parsing code already in place, but with the identified reports just being /dev/nulled ... but most definitely, they are not being sent to the ISP in question ...

Link to comment
Share on other sites

OK, just my guess ... the normal parsing tool is used to handle the analysis of the spam, but the reports are flagged to not go out.  Unless there are yet more undocumented changes going on, SpamCop was not in the business of logging URLs for any type of logging or blocking action, so the only one that counted anywhere was the e-mail source IP addresss for the DNSbl ....  So I'd suggest that the report comments in your example are just fall-out from using the parsing code already in place, but with the identified reports just being /dev/nulled ...  but most definitely, they are not being sent to the ISP in question ...

You are correct the regular parse logic is used but for moles no reports are sent -- and no we are not using urls to add to the blocklist -- um well what you said is correct

Link to comment
Share on other sites

You are correct the regular parse logic is used but for moles no reports are sent -- and no we are not using urls to add to the blocklist

Hence the confirmation - /dev/null'ing report for mole[at]devnull.spamcop.net. Thanks for your great patience, people (not to mention your stamina), I understand at last, also noting the thread on question - does it work?

Moles have access to the links described by ewv, they have access to the address of the hosting network administrators affected and they have detail of the spam origin. Those who have a mind to can, themselves, contact the URL owners to encourage them to take action. I figure it would be way too paranoid to be worrying about "anti-spam traps" in the context of these minimized links. As pointed out above, the URLs response

This has been a tactic used lately and there is nothing we can do about it.
is hardly adequate if they are self-hosting but in other cases they may have been out of the loop. With a little information those just might be prepared to "do something about it". We can use all the allies we can get, yes?

Which is all rather moot, I await my first exemplar, "every fibre of me aquiver in ... anticipation."

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...