rconner Posted April 19, 2007 Share Posted April 19, 2007 My daily spam load has more than tripled over the past week, and the rate is accelerating. Nearly all of the increase seems to be due to the Yambo crew with messages like this one (tracking link). They're using a lot of bare .hk domains hosted mainly at something called "cvtelcorp.com", with a contact by the risible name of Andrew Poon. The addresses rotate elsewhere every day or so, however. Right now, I've gone back to quick-reporting most of these, lest I spend my entire day tracking down these goofy websites. By the way, one interesting characteristic that I've observed of the Yambo website kit (MyCanadianPharmacy, International Legal Rx, et. many al.) is that it keeps a sharp eye on who's visiting and for what purposes: I generally use a Perl LWP scri_pt that I wrote that actually fetches the website URL to look for redirects (it also does DNS and IP-whois info to give me reporting contacts). I find that when I refetch the same website for a subsequent spam (which may be going by another domain name) that the web server will refuse service, often by simply failing to answer my query at all (causing an LWP timeout and a 500 HTTP code). This can go on for an hour or more until I am again served. It isn't that the site goes offline -- when I try it from another IP, I can see that it is still working. I also have no trouble getting DNS or Whois data for these sites even when they go silent on me. I am mildly deceptive in that I have told LWP to use a standard HTTP user-agent string (for Apple Safari) in its query, rather than the default LWP string (which would be a dead giveaway of snooping), so I'm reasonably sure that I look like a normal web browser. I do not query for any of the images or other linked files. The latter item seems to be the key. The only thing I can figure is that the web server keeps track of who's downloaded the main URL without getting any of the associated linked files, and then puts these IPs in a "penalty box." Anyone else noticed this behavior? I hear tell that these sites can lock you out if you are abusive (i.e., flooding with queries), but my queries are usually at least a minute apart. -- rick Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.