Autarchy of the Private Cave

Tiny bits of bioinformatics, [web-]programming etc

    The list of spammers emails

    13th November 2013

    All sane people agree that spam is a blight of the internet, be it email spam or comments spam or forum spam or any other form of unsolicited, blatant, shameless, out-of-context advertising. Multiple spam-fighting and spam-stopping systems are being developed.

    With automated spam, automated spam-fighting systems might be the only choice. Sending rightfully angry emails to ISPs to notify about their customers violating service agreements is probably a waste of effort (something tells me most of these complaints end up in the trash folder, or even in the… spam folder). However, I get a feeling that some spam is not automated – it appears to have been actually prepared and sent by a human. (Alternatively, spammers behind those spams simply have better software.) Anyway, some spams seem to contain valid contact data of the advertized entity – like an email.

    The resulting idea is very simple and was probably already implemented somewhere by someone: simply publish online contact emails of the entities which, apparently, had chosen spam as the primary means of advertising. These emails will be sooner or later harvested by spammers, added to spam databases, and will start getting progressively more spam.

    There are a few drawbacks to this approach:

    • knowing spam-collection points enables “black PR”-like mass-mailings in the name of one’s competitor, double-hurting the innocents; I do not see a clear method of preventing this, other than by concealing spam collection methods;
    • human intelligence is required to identify if the contained email truly belongs to the advertised entity; this is fairly time-consuming, especially when scaled up; a possible solution (with its own problems) would be to build an online gateway for submitting curated spam samples, thus distributing the workload to all the participating volunteers;
    • the next logical step is actually harvesting and then publishing all the emails from the advertised website;
    • the biggest drawback, however, is low efficiency of this approach; increasing spam percentage will only be a mild nuisance, which isn’t likely to propagate high enough to affect spam-deciders; also, indirectly spamming someone’s mailbox will result in the loss of time, which could have been otherwise used for facebook and other important activities :)

    What do you think? Should such a method be used?

    Below I provide a few sample records from real spam comments, which had true-looking emails. I’m including some extra meta-data. Ideally, this should be stored in some kind of a database.

    Submitted on 2013/11/13 at 15:23 GMT
    Author : Виктор (IP: 95.134.110.37 , 37-110-134-95.pool.ukrtel.net)
    E-mail : aionind@yandex.ru
    E-mail : sale@aion-industry.ru
    E-mail : info@aion-industry.ru
    Submitted on 2013/11/26 at 8:53 GMT
    Author : Виктор (IP: 95.134.146.235 , 235-146-134-95.pool.ukrtel.net)
    E-mail : kvazargr@yandex.ru
    E-mail : info@kvazar-gr.ru
    Submitted on 2013/11/28 at 7:24 GMT
    Author : Виктор (IP: 95.134.117.155 , 155-117-134-95.pool.ukrtel.net)
    E-mail : relevater@yandex.ru
    E-mail : info@relevate.ru
    E-mail : support@relevate.ru
    E-mail : billing@relevate.ru

    There’s definitely a need for a public database, API keys, and quorum algorithms…

    Author : casinoworka (IP: 91.207.4.201 , 201.4.207.91.unknown.SteepHost.Net)
    E-mail : pharmacywork7777777@gmail.com
    E-mail : info@prowessmedical.com

    Share

    Posted in Misc, Web | No Comments »

    Debian: how to whitelist IP addresses in tumgrey-SPF

    7th August 2013

    SPF is nice for protecting your mail server from spam, but sometimes there is a need to bypass SPF checking. For example, if you rely on 3rd party servers to do spam protection for you :)

    Current setup:

    • MX records point to the spam protection mail servers, which then
    • connect to my server and deliver (hopefully spam-free) mail.

    Problem: some senders (like last.fm) do have proper, strict SPF records. Tumgreyspf on my server then rejects emails relayed through the spam-protection service.

    If these spam protection relay servers are the only which send mail to your server, then it makes sense to fully disable/uninstall tumgreyspf. Putting tumgreyspf into the permanent “learning mode” (set defaultSeedOnly = 1 in /etc/tumgreyspf/tumgreyspf.conf) may not fix the SPF problem described above, as SeedOnly seems to only affect greylisting, and not rejecting unauthorized senders.

    Solution: whitelist relay server IPs.
    Read the rest of this entry »

    Share

    Posted in *nix, how-to, Software | No Comments »

    ExpressionEngine contact form (email module) spam vulnerability

    26th January 2009

    Yesterday I had a look at mod.email.php – the Email module of ExpressionEngine CMS.

    It appears that it is very easy to use ExpressionEngine’s contact form (which uses Email module) to send emails to arbitrary addresses – simply put, send spam using someone’s EE.

    And here’s why:

    • recipients hidden field is passed to the client; it is encrypted, but with access to the mod.email.php code, it is a matter of several minutes to write your own email-encoding function which will produce a completely valid recipients field
    • there’s also XID field, which seems to be unique for each page load

    Spamming algorithm is clear, so I won’t elaborate. (I could have missed some session variables, though – didn’t check them.)

    This information is valid as of ExpressionEngine 1.6.6, but nothing in the change-logs indicates that this mechanism was modified in the newer versions of EE.

    Update: I’ve tested, and this vulnerability does exist. The simplest prevention measure is to enable Captcha for Contact Form.

    I’ve notified the developers.

    Share

    Posted in CMS, PHP, Programming, Software, Web | 1 Comment »

    Spam Karma 2 (SK2) is a life saver plugin

    9th April 2008

    As an update to WordPress anti-spam plugins, I highly recommend Spam Karma 2. For a time, it seems to be the ultimate protection. I turned off all the other anti-spam plugins (including Aksimet), and everything’s just perfect! SK2 gathers up to a thousand spam comments/trackbacks during a single week on this blog, and I never had a complaint from blog visitors on their inability to add a comment (though some did have to fill in captcha to post a comment with links).

    And SK2 still works under WP 2.5! (SK 2.3 was released to support WP 2.1)

    Kudos to Dave!

    It would be a pity if this excellent plugin is abandoned and stops functioning in one of the upcoming WP releases.

    Update: SpamKarma is now GPL (at google code).

    Share

    Posted in CMS, Software, Web, WP PlugIns | No Comments »

    WordPress [Anti-]Spam plugins

    22nd January 2007

    You may discover, that as your blog gets more visitors and pageviews, your are getting more spam in comments to your posts. They originate as actually comments, pings, and trackbacks.
    Read the rest of this entry »

    Share

    Posted in Web, WP PlugIns | 1 Comment »