Unclenick Posted September 2, 2007 Share Posted September 2, 2007 Today I ran a URL for an unresolved spamvertized site through DNSstuff.com to figure out who to copy a report to? When I did, I got back no less than 15 IP addresses all claiming to belong to this same URL. 4 name servers were referenced. Anyone else see this multiple entry accomplished before? I didn't keep the original e-mail, but I believe it was one of the Canadian Pharmacy spamvertized sites, even though the URL was a .cn. The other oddball I ran into the other day was a trace that DNSstuff couldn't handle, probably owing to being blocked from a Russian server. I put it in at DNStools.com instead, and got back an IP addy that was formatted like this: 123.45.67.89.somename.net. Anyone else run into this before? I've noticed that very often DNStools will return the name of a URL as its resolution. So it, says, "somename.com resolves to somename.com", rather than the expected "somename.com resolves to 123.45.67.89". If someone more familiar with the workings of these things could shed some light, it will be appreciated. Nick Link to comment Share on other sites More sharing options...
Wazoo Posted September 2, 2007 Share Posted September 2, 2007 Everything you've mentioned has been used over the past few years by many spammers, hucksters, etc. It's basically playing games with DNS .... these days using compromised/hijacked computers to do everything from sending spam to hosting the spamvertised web-site ... that some of these computers are also used to act as DNS servers with garbage data is basically old news .... There are plenty of examples offered up in various other spam analysis documentation within these forums. Link to comment Share on other sites More sharing options...
Unclenick Posted September 3, 2007 Author Share Posted September 3, 2007 Thanks. They are just new to me. I managed a good run of almost four years after changing ISP's in which I received very little spam. In the last six months, however, the flood gates re-opened, probably because someone with my address had their computer compromised, so I am seeing a lot of these tactics for the first time. Interestingly enough, my Spamcop e-mail address, which went largely un-spammed for an even longer number of years, is now the principle recipient of this "advertising" largess. I suppose it is proof that these guys have set themselves up in a successfully immune fashion and are either indifferent to being reported or are wanting to be reported to learn how effective their obfuscation is? Link to comment Share on other sites More sharing options...
michaelanglo Posted September 4, 2007 Share Posted September 4, 2007 Interestingly enough, my Spamcop e-mail address, which went largely un-spammed for an even longer number of years, is now the principle recipient of this "advertising" largess. [...] That suggests you should try the new SpamCop mail greylisting feature, which should be most effective for this case. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.