Sign in to follow this  
Followers 0
Cemptiom

spam emails

10 posts in this topic

What happened to the cool black theme? I can't find a setting for it anywhere!

Anyway I'm getting a bunch of spam from some illegitimate botnet or apache server because the domains are always super random and 'unsubscribing' seems to do absolutely nothing. I've started forwarding the emails to the FBI's spam detective services(I'm sure they'll get right on it). Anyway it seems that multiple people in the office are suffering from these pesky random 'enlarge your whatever' emails.

So the email domain is always a random collection of letters such as unre.eu, unma.eu, aird.eu, galg.eu, etc

An nslookup of these domains shows that many of them are in the same subnet, all residing in 191.101.45.x, another one is 181.214.55.x

At any rate when I visit any of these IPs they lead to a CentOS Apache server test page.

A tracert shows me that these domains are hosted by hostsailor.com, but where can I go from here?

 

It'd be nice to gain root access to the apache server and see exactly how legit this all is(doesn't seem like it is at all).

So correct me if I'm wrong but seems as though someone setup an apache server under a host that allows multiple IPs. Then this server is spamming the crap out of people. Blocking the sender in outlook does nothing since the server will generate a new source domain and use a new IP, and already has your email.

So since the host is legitimate can I just bring this to their attention? Or is this completely allowed according to them? Is there anything I can do to mitigate the barrage of emails?

0

Share this post


Link to post
Share on other sites

What happened to the cool black theme? I can't find a setting for it anywhere!

 

It broke with the newer verion of IP.Board. We looked at fixing it or making a custom theme, but IP.Board doesn't make that easy for you!

 

I'd contact the server admin and see if you get a response. It may be a compromised box. If not, is it possible to blacklist the IP block you've identified on your mail server?

0

Share this post


Link to post
Share on other sites

 

What happened to the cool black theme? I can't find a setting for it anywhere!

 

It broke with the newer verion of IP.Board. We looked at fixing it or making a custom theme, but IP.Board doesn't make that easy for you!

 

I'd contact the server admin and see if you get a response. It may be a compromised box. If not, is it possible to blacklist the IP block you've identified on your mail server?

 

 

aw bummer that theme was cool.

 

Yeah I was thinking about the blacklisting option, just wanted to see if there was something else I can do before having to do that.

 

By server admin you mean whoever comes up on a whois search? I don't see a contact on the apache test pages.

0

Share this post


Link to post
Share on other sites

 

By server admin you mean whoever comes up on a whois search? I don't see a contact on the apache test pages.

 

 

Yeah, whatever you can find. If you can determine the hosting provider, file an abuse complaint with them.

0

Share this post


Link to post
Share on other sites

That's a good idea will do. If only we had a helpful apache engineer on these forums lol.

 

This place seems kind of dead btw compared to a few years ago, what happened?

Edited by Cemptiom
0

Share this post


Link to post
Share on other sites

Yes. When you email the provider be sure to include headers of the email. Any admin will want that. Usually, (in a nice way) tell the admin if this doesn't stop, you'll not only block traffic from all their ip spaces, but submit each ip address (along with proof of spam) to every known blacklist. If that doesn't work, keep escalating up the ladder each tier. You'll usually get some compliance before hitting a backbone provider (ELI, Sprint, AT&T, etc....) Just be sure to include some legitimate proof with your complaints. Eventually you'll get some who cares about their IP ranges being put on Spam black lists.

 

As far as dodging spam, gmail's spam filters are the best. I worked in a small business, and just had everyone forward their mail to gmail and use that. Problem solved. If it's a medium sized business, look into gmail cloud services. For a large business look at some profession spam filter appliances or services for your mail server. Most of the best use gmail spam filters, they use all the open source spam blacklists and user submitted spam to filter for strings likely to be spam.

Never submit your email addresses to "take off their list". Those email addresses are gonna go on several lists and be sold and resold. That just confirms they've got a good email address, most of the time.

0

Share this post


Link to post
Share on other sites

 

Yes. When you email the provider be sure to include headers of the email. Any admin will want that. Usually, (in a nice way) tell the admin if this doesn't stop, you'll not only block traffic from all their ip spaces, but submit each ip address (along with proof of spam) to every known blacklist. If that doesn't work, keep escalating up the ladder each tier. You'll usually get some compliance before hitting a backbone provider (ELI, Sprint, AT&T, etc....) Just be sure to include some legitimate proof with your complaints. Eventually you'll get some who cares about their IP ranges being put on Spam black lists.

 

As far as dodging spam, gmail's spam filters are the best. I worked in a small business, and just had everyone forward their mail to gmail and use that. Problem solved. If it's a medium sized business, look into gmail cloud services. For a large business look at some profession spam filter appliances or services for your mail server. Most of the best use gmail spam filters, they use all the open source spam blacklists and user submitted spam to filter for strings likely to be spam.

Never submit your email addresses to "take off their list". Those email addresses are gonna go on several lists and be sold and resold. That just confirms they've got a good email address, most of the time.

 

Now THAT is a good plan, thanks a bunch! Great ideas! We've only got about 20 people in our company so I'll suggest forwarding emails to gmail accounts. If management doesn't care to do so maybe I can at least forward my own emails. Going up by tier with a threat of blacklisting is genius though!

*borat voice* Very nice high five!

0

Share this post


Link to post
Share on other sites

 

Yes. When you email the provider be sure to include headers of the email. Any admin will want that. Usually, (in a nice way) tell the admin if this doesn't stop, you'll not only block traffic from all their ip spaces, but submit each ip address (along with proof of spam) to every known blacklist. If that doesn't work, keep escalating up the ladder each tier. You'll usually get some compliance before hitting a backbone provider (ELI, Sprint, AT&T, etc....) Just be sure to include some legitimate proof with your complaints. Eventually you'll get some who cares about their IP ranges being put on Spam black lists.

 

As far as dodging spam, gmail's spam filters are the best. I worked in a small business, and just had everyone forward their mail to gmail and use that. Problem solved. If it's a medium sized business, look into gmail cloud services. For a large business look at some profession spam filter appliances or services for your mail server. Most of the best use gmail spam filters, they use all the open source spam blacklists and user submitted spam to filter for strings likely to be spam.

Never submit your email addresses to "take off their list". Those email addresses are gonna go on several lists and be sold and resold. That just confirms they've got a good email address, most of the time.

 

Now THAT is a good plan, thanks a bunch! Great ideas! We've only got about 20 people in our company so I'll suggest forwarding emails to gmail accounts. If management doesn't care to do so maybe I can at least forward my own emails. Going up by tier with a threat of blacklisting is genius though!

*borat voice* Very nice high five!

 

When you do, look up the owners of the I.P. ranges from Arin (www.arin.net). Then notify the abuse or technical contact.

This is probably one of two things: 

1) Apache is set up insecurely and allows proxying emails (and other traffic)

2) A web-hosting reseller gone rogue and getting reseller accounts for nefarious proposes. 

In either case, the owner of the address ranges will be very concerned about their IP ranges being blacklisted. I've gotten IP addresses on blacklists from a service provider. Its not easy to get them off. Even after that, it takes some large ISP's a while to update their spam filters. It's really a nightmare for an administrator.

In the case of situation 2, emailing them directly could result in attacks on your company's network. The owner of the IP range should keep everything obscured as just a legitimate formal complaint.

0

Share this post


Link to post
Share on other sites

In either case, the owner of the address ranges will be very concerned about their IP ranges being blacklisted. I've gotten IP addresses on blacklists from a service provider. Its not easy to get them off. Even after that, it takes some large ISP's a while to update their spam filters. It's really a nightmare for an administrator.

 

Yeah, once they end up on a few of the major blacklists (Spamhaus, spamcop, et c.) they're pretty much done. We use hosted email providers for our in-house apps since it's so easy to have some idiot user accidentally flag your emails (e.g. account confirmations) as spam and get your server's IP blacklisted.

 

This place seems kind of dead btw compared to a few years ago, what happened?

 

Seems that the hacking community has changed a lot in the last few years. All of the "security researchers" want to post on their own blogs instead of having discussions on forums. I guess it's easier to always be right when it's only your ideas. Don't know where new people interested in hacking are going, though.

0

Share this post


Link to post
Share on other sites

 

This place seems kind of dead btw compared to a few years ago, what happened?

 

Seems that the hacking community has changed a lot in the last few years. All of the "security researchers" want to post on their own blogs instead of having discussions on forums. I guess it's easier to always be right when it's only your ideas. Don't know where new people interested in hacking are going, though.

 

I've notice a big change, a lot of hackers (by hackers, I mean people with an interest in technical security;  being white, gray, black hat "hackers") being from India, Pakistan, and other places in the Middle East. It seems there are a lot of new people wanting to learn from these countries, more so than from the USA now. A lot are on Facebook now, I've noticed. Guess it's easier to start a Facebook group than host a domain..  I just mention that because I created a bogus Facebook account to subscribe to Defcon and some other security related groups. Most are from people in the Middle East now.

I might also mention (not including Defcon and few other groups), I see a lot of newer people eager to learn and get into it. Makes me wonder if the USA will be able to compete in the future. Here, the media is nothing more than sheeple herders and portrays hacking as "bad, bad, bad, bad". In other countries, form what I've read, its a lot different. 

 

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0