After banning *.cn sites, it’s high time for the russians to go as well. I am truly sorry innocent russian people who want to email me their website: I no longer accept such emails. Notice that I am taling about websites contained in the email, not email addresses or other stuff 
Posts Tagged ‘fighting spam’
*.ru sites are now banned from my emails
Thursday, February 4th, 2010
Where is the spam comming from?
Monday, November 16th, 2009For a good few weeks or even 2 months now I am getting a lot of “canadian” spam. mainly pills and shit. I was wondering wtf happened when it suddenly hit me. I had a canadian client in the medical area which basically ditched me for whatever reasons, totally unprofessional. Now that I think about it, he might have something to do with this.
And if he does and he has indeed something to do with this, I have only one question: Are you fucking out of your mind?!
I have an idea of a pretty good anti-spam filter for these emails (they all share some stuff but it’s not easy to get it strait out). So in the following 1 or 2 weeks I’ll write it and then, up yours.
I’ll probably make a dnsbl so that others can use it too.
Related posts
Possible DOS attack caught on time
Thursday, October 22nd, 2009My server suddenly went under a very heavy load, similar with a DOS (Denial Of Service) attack. Luckily I was 1 foot away form it and heard the hard-drive working like crazy so I ssh-ed in the server, checked the running processes, noticed it was a high load on mysql (only possible via web), did a netstat, found the offending IP and temporarely -j DROP-ped it out with iptables. the load stopped suddenly so my finding was right.
this is the offending ip: 85.92.222.254
anyone know the guy behind it, hit him hard in the head.
will see if he returns and if he does, the -j DROP will become permanent.
Just for the record I currently have 7 IPs with permanent -j DROP . I should probably remove them since they are pretty old and with the use of DHCP the IPs probably belong to a ton of other people now.
Related posts
My anti-bounce filter got its first false-positives
Saturday, July 25th, 2009I just noticed today that my anti-boucne filter is having a bit of a trouble with some false-positive. The trigger was that I received a paypal policy update email for one of my paypal accoutns (with an email hosted somewhere else) and the other one didn’t get it (email hosted on my server). So I got around digging and found that I missed about 6 valid emails and well over 30 spam messages (which would have been taken out by the anti-spam filters anyway)
Related posts
Stupid spam-fighters [rant]
Thursday, July 16th, 2009I registered a little while ago on linuxforums.org to post my routing problem.
Imagine what, until I have 15 posts I cannot post any link. Not a problem, but guess what, even a simple thing like “dig domain A” which I need it in my explanation cannot be included because hell, it’s a link.
You stupid idiots, ever heard of false-positives? You’ve got a bunch of them.
Related posts
One way spammers send “legitimate” spam
Wednesday, July 15th, 2009I wrote a full-blown smtp server for one of my clients, with some anti-spam and anti-abuse systems and I was contacted today by him because for some reason the server is sending a lot of spam out.
After some investigation we learned that:
- the spammers are using stolen credit cards to sign up to the paid server and get a user/pass used to authenticat
- since we deemed all paid customers as “good”, spam was getting out
- they quicly learned about the anti-abuse and stopped abusing the system in the obvious way, but still sending spam at the peak level so that the sytem would not pick up the abuse.
Basically, they stop wasting time to buy a domain and hosting and set it up for emailing, they buy directly a nice email account they can use. Cheaper, no time wasted to set it up and easy to ditch.
So, it seems we will be applying spam filters to all messages.
Related posts
I am being attacked with email spam
Saturday, July 11th, 2009As I wrote the other day, some idiots figured they would attack my server by using bounces from otehr flawed email servers which have incompetent sysadmins.
I have a bunch of scripts fighting spam at various levels. The script I wrote the day before yesterday is targeting exactly these bounces that are not picked up by the spam filter.
Since I wrote the script, it has rejected almost 150 bounces that passed the spam filter and less than 20 have made it through in my inbox (and obviously I have tweaked the script into dropping most of those too).
But this is nothing. About 2 days ago when this attack has begun I added some rules in my spam filter and since then my spam filter has blocked 6015 spam messages out of which most are from this attack. 6000.
The next step will probably be to block the originating servers. With iptables. But first I have to make sure I’m not bloking 1000 email servers but only a a very few, like 3-5.
Sayonara idiots.
Related posts
Anti Spam-Bounce
Friday, July 10th, 2009I have written a small script as an XMail filter that rejects bounces I get due to spam, rejecting them with a descriptive message basically telling those sysadmins to setup their email servers properly.
In the past 12 hours my server has successfully rejected 57 such bounces.
And this is only the beginning. This filter I wrote basically makes sure, where possible (!!!), that the bounce is actually in a reply to an email sent by my server. Most bounces contain the headers of the original email and spammers forge a lot of data there but some of them just cannot be forged. Like for example wher ethe email is actually comming from.
So, any email bounce that contains those headers are being validated as being generated by an email from my server.
The second step will be to reject ALL bounces that do not contain these headers. If those sysadmins are so idiot to bounce everything, they could at least send us the headers as well. A bounce without headers is of no use to a sysadmin. Sure, it helps a user in case of a valid bounce but that’s about it. I need the headers, otherwise I don’t need your bounce.
Related posts
Live.com/Hotmail bouncing spam
Thursday, July 9th, 2009How idiot of an admin can you be to not be able to configure your freaking email server NOT to bounce spam? Seriously now, WHY_TF do you bounce spam back at me if I didn’t send it?
If you idiot ever read this page, take a look here: http://www.dontbouncespam.org
and then go shoot yourself. I’ve got like over 50 spam messages bounced to me the other night and those were the ones I didn’t manage to filter out. Because I was like on the clock with these fucking spammers writing email filters rules to block the stupid spam.
And since I know how a legitimate bounce message looks like, I will spend some time to write a new filter that will reject with some not so nice words these spam bounces.
God damn motherfucking spammers. I would love to skin them alive, one by one and the put salt all over their skinless bodies, eventual puring acid on them as well. You hear me? Rott in hell!
Microsoft baouncing spam
Related posts
Automatically banning email addresses
Sunday, June 21st, 2009Starting with today, a filter is running on my mail server which will automatically ban every bouncing email address.
The ban only has effect on the webdirectory for now, like the filter will automatically delete all submissions associated with the banned email address.
Soon, I will write another script to be run automatically on a cron job that will ping all the email addresses currently in the web directory to validate all the addresses. I will also add a validation to the submission form so that banned emails will no longer be able to submit.
Considering the amount of bouncing emails I used to receive daily, this should reduce the amount of most-probably-invalid submissions in the web directory.