DeadSpam Posted January 29, 2007 Posted January 29, 2007 Has anyone noticed that the abuse reporting addresses of some of the spam websites change every few seconds? Consider for example http://www.todrx.com for which the reporting address changes from abuse[at]keyweb.de to abuse[at]infobox.ru to abuse[at]leaseweb.com to mostow[at]sl.ru, alexdu[at]sl.ru, etc. So are the abuse reporting addresses bogus? Are they alternating because the spammer is maintaining several mirrors and updating the DNS info constantly? What gives????
Miss Betsy Posted January 29, 2007 Posted January 29, 2007 I am not quite sure about the mechanics of how the spammers do it, but yes, the spammers are constantly changing the location of the website. I don't know how to find it either, but this subject has been discussed in several topics, I believe. Miss Betsy
rconner Posted January 30, 2007 Posted January 30, 2007 Has anyone noticed that the abuse reporting addresses of some of the spam websites change every few seconds? Consider for example http://www.todrx.com for which the reporting address changes from abuse[at]keyweb.de to abuse[at]infobox.ru to abuse[at]leaseweb.com to mostow[at]sl.ru, alexdu[at]sl.ru, etc. So are the abuse reporting addresses bogus? Are they alternating because the spammer is maintaining several mirrors and updating the DNS info constantly? What gives???? If you control your own name servers, then you can change the address of your website as often as you like. Such as every two minutes, say. Then, you make sure to use a very small TTL value on the lookups, so that visitors' local name servers will almost never use cached addresses. So, if one were to look up such a site multiple times, one might well find it to have migrated to several IPs with a different abuse contact for each. -- rick
DeadSpam Posted January 30, 2007 Author Posted January 30, 2007 Many thanks for the responses from rconner and Miss Betsy
petzl Posted January 30, 2007 Posted January 30, 2007 Many thanks for the responses from rconner and Miss Betsy Please keep reporting this website is run by ROSKO which are professional spam gang Aside from alerting the ISP you are also helping to alert crime authorities. Just taking out one spammer stops billions of spams being sent I know SpamCop parsing often rejects URL because they are slow to connect to, but if you have the time use http://samspade.org/ Include IP with URL in SpamCops "notes" box to send to reporting address As always go over my signature to check one's own computers security
bobbear Posted January 31, 2007 Posted January 31, 2007 As always go over my signature to check one's own computers security Please excuse the slight OT diversion, but as you mention security, have you seen this new kid on on block of free software? - prevx The reviews and blogs [google prevx] look very interesting indeed. Usual no business interest disclaimer....
jongrose Posted January 31, 2007 Posted January 31, 2007 Please keep reporting this website is run by ROSKO which are professional spam gang Just to clarify, ROSKO isn't actually the name of an online spam sending gang. It's a database put together by SpamHaus of the most prolific spammers, which is an acronym for "Registry of Known spam Operations" ROSKO FAQ ROSKO Top 10 (Note: I had to use an archived version of SpamHaus's website from April 2006 because theirs was currently offline at the time I attempted to check it. They are frequently targets of DoS attacks.) The other information petzl posted is correct though, SpamHaus does pass on all information from the ROSKO list to law enforcement.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.