Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Indian handjob form spammers

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spam
View previous topic :: View next topic  
Author Message
olliver
Expert Developer


Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes

PostPosted: Wed Jul 28, 2010 12:39 pm    Post subject: Indian handjob form spammers Reply with quote

If there is one thing annoying me to the extreme, then it is the recent surge of Indian handjob form spammers. Perhaps there are some not familiar with this terminology:

Handjob means, a spammer does not use automation, but instead manually submits its blasts to each and every form it comes across. This way, it can solve all the riddles and captchas and happily bypass any css and javascript tricks involving hidden fields or actual form locations that would cause problems to spambots.

A recent example from my netlabel site:

Quote:
122.177.86.201 - - [xx/Jul/2010:xx:06:37 +0200] www.cordpet.com "GET / HTTP/1.1" 301 231 "-" "-"
122.177.86.201 - - [xx/Jul/2010:xx:06:37 +0200] www.petcord.com "GET / HTTP/1.1" 200 3996 "-" "-"
122.177.86.201 - - [xx/Jul/2010:xx:06:38 +0200] www.cordpet.com "GET /contact/ HTTP/1.1" 301 239 "-" "-"
122.177.86.201 - - [xx/Jul/2010:xx:06:38 +0200] www.petcord.com "GET /contact/ HTTP/1.1" 200 4267 "-" "-"


This is the bot. Note how it aims at names typical of contact pages. after the date follows the host name the browser was requesting. In this case it was the domain I use for the mail server, and as it does not serve any content, it redirects to the netlabel site (the 301 status code). Of course, no human visitor would go through pages within a second and without requesting css and image files.

A couple of minutes later comes the actual message blast, executed by the spammer:

Quote:
122.177.86.201 - - [xx/Jul/2010:xx:17:49 +0200] www.cordpet.com "GET /contact/ HTTP/1.1" 301 239 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 GTB7.1"
122.177.86.201 - - [xx/Jul/2010:xx:17:53 +0200] www.petcord.com "GET /contact/ HTTP/1.1" 200 4267 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 GTB7.1"
122.177.86.201 - - [xx/Jul/2010:xx:18:16 +0200] www.petcord.com "GET /petcord.css HTTP/1.1" 200 3272 "http://www.petcord.com/contact/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 GTB7.1"
122.177.86.201 - - [xx/Jul/2010:xx:18:16 +0200] www.petcord.com "GET /js/ HTTP/1.1" 200 2521 "http://www.petcord.com/contact/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 GTB7.1"
122.177.86.201 - - [xx/Jul/2010:xx:18:17 +0200] www.petcord.com "GET /images/bg.gif HTTP/1.1" 200 5284 "http://www.petcord.com/petcord.css" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 GTB7.1"
122.177.86.201 - - [xx/Jul/2010:xx:18:17 +0200] www.petcord.com "GET /images/logo.gif HTTP/1.1" 200 584 "http://www.petcord.com/contact/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 GTB7.1"
122.177.86.201 - - [xx/Jul/2010:xx:18:17 +0200] www.petcord.com "GET /images/para06.jpg HTTP/1.1" 200 1523 "http://www.petcord.com/contact/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 GTB7.1"
122.177.86.201 - - [xx/Jul/2010:xx:18:19 +0200] www.petcord.com "GET /favicon.ico HTTP/1.1" 200 448 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 GTB7.1"
122.177.86.201 - - [xx/Jul/2010:xx:30:41 +0200] www.petcord.com "POST /contact/ HTTP/1.1" 200 4267 "http://www.petcord.com/contact/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 GTB7.1"
122.177.86.201 - - [xx/Jul/2010:xx:30:43 +0200] www.petcord.com "GET /petcord.css HTTP/1.1" 200 3272 "http://www.petcord.com/contact/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 GTB7.1"
122.177.86.201 - - [xx/Jul/2010:xx:30:43 +0200] www.petcord.com "GET /js/ HTTP/1.1" 200 2521 "http://www.petcord.com/contact/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 GTB7.1"
122.177.86.201 - - [xx/Jul/2010:xx:30:47 +0200] www.petcord.com "GET /favicon.ico HTTP/1.1" 200 448 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 GTB7.1"


The bold line marks the actual spam submission by this Indian spammer. I've been collecting those for a while in order to get a comprehensive list of ip-addresses in use. In the meantime, I started blocking large chunks of address ranges from this Indian ISP for the netlabel site until I have a better solution. Perhaps I should cease redirecting the mail domain to the netlabel site, as this seems the only way this spammer got to the page at all.

Routing info:

Quote:
route: 122.177.0.0/16
origin: AS24560
descr: AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services
lastupd-frst: 2010-06-29 11:00Z 200.160.0.137@rrc15
lastupd-last: 2010-07-28 15:24Z 0.0.0.0@rrc01
seen-at: rrc00,rrc01,rrc03,rrc04,rrc05,rrc06,rrc07,rrc10,rrc11,rrc12,rrc13,rrc14,rrc15,rrc16
num-rispeers: 92
source: RISWHOIS


O.
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe.
Back to top
View user's profile Send private message
olliver
Expert Developer


Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes

PostPosted: Fri Aug 06, 2010 5:23 am    Post subject: More idiocy from India Reply with quote

Yet again, another spamblast from the Indian contact form spammers:

Quote:
Date: Fri, 6 Aug 2010 15:08:49 +0200
Message-Id: <[snip]@another.example.com>
To: <snip>
Subject: Message for marketing department
From: Randall Tuttle <rachelle2315@gmail.com>
X-Mailer: PHP/5.2.6-1+lenny8
X-Originating-Ip: 122.162.235.86 (ABTS-North-Dynamic-086.235.162.122.airtelbroadband.in)
X-User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 GTB7.1 ( .NET CLR 3.5.30729)
X-Originating-Server: www.example.com (x.x.x.x)
X-Originating-Script: /[omitted]
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8

Search Engine Marketing will increase your company’s online presence
through comprehensive online marketing campaigns, targeted search engine optimization, and highly managed internet marketing promotions. A search engine marketing campaign will encompass several procedures and factors to make it successful. Please reply to this email so we can send you more details.


Pretty much looks like I have to scan for particular keywords in order to get rid of those hand job spammers.

O.
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe.
Back to top
View user's profile Send private message
olliver
Expert Developer


Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes

PostPosted: Fri Aug 06, 2010 5:39 am    Post subject: Reply with quote

My collection of the past weeks, note the ip address and the iterations of throw away gmail accounts.

Quote:
Date: Fri, 18 Jun 2010 15:53:33 +0200
Message-Id: <snip@another.example.com>
To: <snip>
Subject: Message for marketing department
From: Randall Tuttle <rachelle2311@gmail.com>
Reply-To: rachelle2311@gmail.com
X-Mailer: PHP/5.2.6-1+lenny8
X-Originating-Ip: 122.163.85.162 (ABTS-North-Dynamic-162.85.163.122.airtelbroadband.in)
X-User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 GTB7.0 (.NET CLR 3.5.30729)
X-Originating-Server: www.example.com (x.x.x.x)
X-Originating-Script: /<omitted>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8

Search Engine Marketing will increase your company’s online presence through comprehensive online marketing campaigns, targeted search engine optimization, and highly managed internet marketing promotions. A search engine marketing campaign will encompass several procedures and factors to make it successful. Please reply to this email so we can send you more details.


Quote:
Date: Wed, 30 Jun 2010 12:59:14 +0200
Message-Id: <[snip]@another.example.com>
To: <snip>
Subject: SEO Consultants
From: Keith Madison <kentcornwall2222@gmail.com>
X-Mailer: PHP/5.2.6-1+lenny8
X-Originating-Ip: 122.162.28.112 (ABTS-North-Dynamic-112.28.162.122.airtelbroadband.in)
X-User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 GTB7.1
X-Originating-Server: www.example.com (x.x.x.x)
X-Originating-Script: /[snip]
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8

As a leading provider of internet search solutions including: Link Building, SEO and Internet Marketing. We offer a high quality service and best value for money, with proven results. Please contact us if you are interested.


O.
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe.
Back to top
View user's profile Send private message
olliver
Expert Developer


Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes

PostPosted: Fri Aug 06, 2010 5:44 am    Post subject: Reply with quote

The story continues right here:

Quote:
Date: Sat, 24 Jul 2010 07:11:37 +0200
Message-Id: <[snip]@another.example.com>
To: <snip>
Subject: Marketing suggestion for your website
From: Priscilla Valdez <paul3205@gmail.com>
Reply-To: paul3205@gmail.com
X-Mailer: PHP/5.2.6-1+lenny8
X-Originating-Ip: 122.162.235.134 (ABTS-North-Dynamic-134.235.162.122.airtelbroadband.in)
X-User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.7) Gecko/20100713 Firefox/3.6.7 GTB7.1 ( .NET CLR 3.5.30729)
X-Originating-Server: www.example.com (89.238.72.203)
X-Originating-Script: /[snip]
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8

We will optimize your site to increase its rankings with major search engines. This will drive targeted online users to your site, as well as
attract new users through the use of relevant keywords and phrases. Not only will we help you gain those higher rankings, but maintain your status through continual management and support. Please reply to this email so we can send you more details


Quote:
Date: Wed, 28 Jul 2010 15:30:42 +0200
Message-Id: <[snip]@another.example.com>
To: <snip>
Subject: Marketing suggestion for your website
From: Carrie Cain <ceceliamaloney02@gmail.com>
Reply-To: ceceliamaloney02@gmail.com
X-Mailer: PHP/5.2.6-1+lenny8
X-Originating-Ip: 122.177.86.201 (ABTS-North-Dynamic-201.86.177.122.airtelbroadband.in)
X-User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 GTB7.1
X-Originating-Server: www.example.com (x.x.x.x)
X-Originating-Script: /[snip]
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8

Want more clients and customers? We will help them find you by putting you on the 1st page of Google. Email us back to get a full proposal


O.
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe.
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 21 Nov 2014
Posts: 10335
Location: at the beach

PostPosted: Fri Aug 06, 2010 8:17 am    Post subject: Reply with quote

The SEO spammers are the worst. They also manage to infiltrate forums and some of them are really bad but others are clever enought to fool a lot of people into thinking they are legitimate users. SEO by spam seems to be a growing career of choice in India, Pakistan, China of course, and a few other countries.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
olliver
Expert Developer


Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes

PostPosted: Fri Aug 06, 2010 10:01 am    Post subject: Reply with quote

suzi wrote:
The SEO spammers are the worst. They also manage to infiltrate forums and some of them are really bad but others are clever enought to fool a lot of people into thinking they are legitimate users.


The problem is that unlike their Ruskrainian counterparts, they're actual humans which defeats some mechanisms designed for locking out bots. At a certain point, a barrier needs to be taken for casual visitors or else any sort of interaction will be gone either.

Quote:
SEO by spam seems to be a growing career of choice in India, Pakistan, China of course, and a few other countries.


Yeah, but it's rather idiotic in that particular industry: If a site or business means something to its owner, he/she hardly will hand it over to some outfit who promote their service via spam. Why on earth would someone write to some anonymous gmail account, without knowing who the advertised company are and what references they have (or what former customers of theirs had to say about them). After all, it's spam that would get the owner banned in search engines and without visibility in search engines the site is toast.

But then again, they're not paid for thinking...

O.
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe.
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 21 Nov 2014
Posts: 10335
Location: at the beach

PostPosted: Fri Aug 06, 2010 9:16 pm    Post subject: Reply with quote

olliver wrote:


Yeah, but it's rather idiotic in that particular industry: If a site or business means something to its owner, he/she hardly will hand it over to some outfit who promote their service via spam. Why on earth would someone write to some anonymous gmail account, without knowing who the advertised company are and what references they have (or what former customers of theirs had to say about them). After all, it's spam that would get the owner banned in search engines and without visibility in search engines the site is toast.

But then again, they're not paid for thinking...

O.


So true! Thinking is rare now just like common sense.

I've seen some cases where the spamvertised company didn't relalize they were hiring spammers for their SEO. A non-web savvy business manager sees an ad for some inexpensive SEO company and thinks it sounds good. So they go for it. I've seen some attorneys, dentists, chiropractors along with regular mom and pop type business being promoted by SEO spammers. I've emailed a few of them and ones that replied said they had no idea they were being promoted by spam.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
olliver
Expert Developer


Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes

PostPosted: Sat Aug 07, 2010 3:05 am    Post subject: Reply with quote

suzi wrote:
I've seen some cases where the spamvertised company didn't relalize they were hiring spammers for their SEO. A non-web savvy business manager sees an ad for some inexpensive SEO company and thinks it sounds good.


I can't speak for the average business manager, but if I had to make a decision in a field I have no expertise in, I'd certainly consult some people who have and base my decision on their recommendation. It is dangerous to be overwhelmed by the sensation of power and believe that because you know how to run a business it would automagically make you an authority in every other field there is. It is always useful to know one's limitations and remain honest to oneself, because otherwise you'll fall prey to manipulation attempts and wind up asking for trouble.

Quote:
I've seen some attorneys, dentists, chiropractors along with regular mom and pop type business being promoted by SEO spammers. I've emailed a few of them and ones that replied said they had no idea they were being promoted by spam.


Google has some good advice on SEO:

Quote:
Some useful questions to ask an SEO include:

Can you show me examples of your previous work and share some success stories?
Do you follow the Google Webmaster Guidelines?
Do you offer any online marketing services or advice to complement your organic search business?
What kind of results do you expect to see, and in what timeframe? How do you measure your success?
What's your experience in my industry?
What's your experience in my country/city?
What's your experience developing international sites?
What are your most important SEO techniques?
How long have you been in business?
How can I expect to communicate with you? Will you share with me all the changes you make to my site, and provide detailed information about your recommendations and the reasoning behind them?

http://www.google.com/support/webmasters/bin/answer.py?answer=35291

On another note: Meanwhile I firewalled those offending address ranges and this morning, I was spared another important message for the marketing department Wink (iptables log below)

Quote:
Aug 7 07:35:40 torii kernel: [3362986.373806] Endusers: IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=122.163.119.225 DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=56840 DF PROTO=TCP SPT=15602 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Aug 7 07:35:43 torii kernel: [3362989.464922] Endusers: IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=122.163.119.225 DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=56951 DF PROTO=TCP SPT=15602 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Aug 7 07:35:49 torii kernel: [3362995.613876] Endusers: IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=122.163.119.225 DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=57324 DF PROTO=TCP SPT=15602 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0


122.163.119.225 resolves to ABTS-North-Dynamic-225.119.163.122.airtelbroadband.in which somehow sounds familiar Wink

O.
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe.
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 21 Nov 2014
Posts: 10335
Location: at the beach

PostPosted: Sat Aug 07, 2010 7:18 pm    Post subject: Reply with quote

That's nice info for the SEO advice. Thanks - next time I email one of these spamvertized sites, I will include that link.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
olliver
Expert Developer


Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes

PostPosted: Fri Aug 13, 2010 5:40 am    Post subject: Oops, they did it again... Reply with quote

Today's lucky number is 122.163.175.10 which resolves to ABTS-North-Dynamic-010.175.163.122.airtelbroadband.in

Quote:
Aug 13 05:30:27 torii kernel: [3874928.312978] Endusers: IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=122.163.175.10 DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=4732 DF PROTO=TCP SPT=4088 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Aug 13 05:30:30 torii kernel: [3874931.174981] Endusers: IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=122.163.175.10 DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=4859 DF PROTO=TCP SPT=4088 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Aug 13 05:30:36 torii kernel: [3874937.273440] Endusers: IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=122.163.175.10 DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=5086 DF PROTO=TCP SPT=4088 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0


O.
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe.
Back to top
View user's profile Send private message
olliver
Expert Developer


Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes

PostPosted: Tue Aug 17, 2010 10:10 am    Post subject: Another SEO Spam attempt Reply with quote

They returned to see whether their ranges are still blocked by iptables... Wink The spammer was assigned the ip-address 122.177.122.182 which resolves to ABTS-North-Dynamic-182.122.177.122.airtelbroadband.in

Quote:
Aug 16 11:56:18 torii kernel: [4158006.203038] Endusers: IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=122.177.122.182 DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=404 DF PROTO=TCP SPT=2597 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Aug 16 11:56:21 torii kernel: [4158009.045281] Endusers: IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=122.177.122.182 DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=502 DF PROTO=TCP SPT=2597 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Aug 16 11:56:27 torii kernel: [4158015.458426] Endusers: IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=122.177.122.182 DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=662 DF PROTO=TCP SPT=2597 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0


O.
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe.
Back to top
View user's profile Send private message
olliver
Expert Developer


Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes

PostPosted: Sat Aug 21, 2010 1:23 pm    Post subject: Reply with quote

Quote:
Aug 21 12:53:20 torii kernel: [117981.181916] Endusers: IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=122.177.44.140 DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=44648 DF PROTO=TCP SPT=1525 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Aug 21 12:53:23 torii kernel: [117984.276522] Endusers: IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=122.177.44.140 DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=44718 DF PROTO=TCP SPT=1525 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
Aug 21 12:53:29 torii kernel: [117991.105649] Endusers: IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=122.177.44.140 DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=44939 DF PROTO=TCP SPT=1525 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0


Still spamming from airtel:
122.177.44.140 => ABTS-North-Dynamic-140.44.177.122.airtelbroadband.in

What's the point of still trying to reach my sites? Being the spammers they are, they should know the tell tale signs of hitting the wrong end of a package filter by now.

Others have been wondering about these clowns, too:
http://www.cybercrimeops.com/forums/showthread.php?t=19432

O.
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spam All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group